Privacy Policy

1. Introduction

Red Pulse Tek ("we," "us," or "our") operates FitRecomp ("the Service"), an AI-powered fitness platform. This Privacy Policy explains how we collect, use, store, and protect your personal information, including sensitive health and fitness data.

We take your privacy seriously. We do not sell your data. We do not use your health data for advertising. Your fitness data exists to serve you.

2. Information We Collect

2.1 Account Information

• Name, email address, and profile details provided during registration
• Authentication data managed by Clerk (our identity provider) or Google OAuth
• Subscription and billing information

2.2 Health and Fitness Data

With your explicit consent, we collect data from the following sources:

• Manual logs: Training sessions (exercises, sets, reps, weight), nutrition intake (calories, macros, meals), and health metrics (body weight, sleep, mood, energy) you enter directly
• Apple Health (HealthKit): Workout data, step counts, sleep analysis, heart rate, body measurements, and other metrics you authorize via the iOS app. We only access categories you explicitly grant permission for.
• Oura Ring: Sleep stages, readiness scores, activity data, heart rate variability (HRV), body temperature, and respiratory rate imported via the Oura API
• Strava: Workout activities, routes, duration, distance, heart rate, and performance metrics imported via the Strava API
• CSV uploads: Historical health, nutrition, or training data you upload in CSV format
• Email imports: Nutrition data extracted from connected email accounts (e.g., MyFitnessPal summaries) with your authorization

2.3 Usage Data

• Pages visited, features used, and interaction patterns
• Device type, browser, and operating system
• AI Coach conversation history
• Error logs and performance metrics (via Azure Application Insights)

3. How We Use Your Data

We use your data exclusively to provide and improve the Service:

• AI-powered analysis: Your health, nutrition, and training data is processed by our AI agents to generate personalized scores, insights, plans, and coaching responses
• Progress tracking: Computing daily scores, weekly trends, cycle management, and adherence metrics
• Plan generation: Creating personalized training, nutrition, and health plans based on your goals and logged data
• Service improvement: Identifying bugs, improving AI accuracy, and developing new features
• Communication: Sending service-related notifications, support responses, and (with consent) product updates

4. AI and LLM Processing

FitRecomp uses large language models (LLMs) to analyze your data and generate personalized content. Here is how this works:

• Your fitness data (logs, scores, goals) is sent as context to LLM providers to generate plans, summaries, and coaching responses
• We use third-party LLM providers (currently Deepseek and OpenAI) to process these requests. Data sent to LLM providers includes your fitness metrics but not your name, email, or account credentials—we use anonymized user identifiers
• We do not use your data to train or fine-tune LLM models. Our LLM providers' data processing terms prohibit using API inputs for model training
• AI-generated content (plans, summaries, scores) is stored in your account for your reference

5. Apple Health (HealthKit) Data

In compliance with Apple's HealthKit requirements:

• HealthKit data is never used for advertising, marketing, or sale to data brokers or third parties
• HealthKit data is never shared with third parties except as needed to provide the Service (e.g., anonymized context sent to LLM providers for plan generation)
• You control which HealthKit data categories the FitRecomp iOS app can access, and you can revoke access at any time via iOS Settings > Privacy & Security > Health
• HealthKit data is stored securely and treated with the same protections as all health data in the Service

6. Oura Ring Data

In compliance with Oura's API Agreement:

• Oura data is never sold, marketed, licensed, or disclosed to third parties, including advertisers or data brokers, even with user consent
• We only retain Oura data as long as necessary to provide the Service
• If you revoke Oura access, we will stop processing and can delete your stored Oura data upon request
• We respect all privacy settings configured in your Oura account

7. Strava Data

Strava data is imported via their API under the Strava API Agreement. We display Strava attribution as required and do not redistribute raw Strava data. You can disconnect Strava at any time.

8. Data Storage and Security

• Infrastructure: Your data is stored in Microsoft Azure Cosmos DB, hosted in Azure data centers with enterprise-grade physical and network security
• Encryption: Data is encrypted at rest (Azure-managed encryption) and in transit (TLS 1.2+)
• Access control: Secrets and credentials are stored in Azure Key Vault. Application access uses managed identities and role-based access control
• Authentication: User authentication is handled by Clerk with industry-standard OAuth 2.0/OpenID Connect protocols
• Data isolation: Each user's data is partitioned by their unique user identifier, ensuring logical separation

9. Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

• LLM providers: Anonymized fitness data context sent to Deepseek or OpenAI for AI-powered features (see Section 4)
• Infrastructure providers: Microsoft Azure hosts our databases and compute. Data processed under Microsoft's Data Protection Addendum
• Authentication: Clerk processes authentication data under their privacy terms
• Legal requirements: If required by law, court order, or to protect rights, safety, or property

10. Your Rights

Regardless of your location, we provide the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate data via your profile or by contacting us
• Deletion: Request deletion of your account and all associated data. Contact bekim@redpulsetek.com and we will process your request within 30 days
• Data portability: Request an export of your data in a machine-readable format
• Revoke consent: Disconnect third-party integrations (Strava, Oura, Apple Health) at any time. Revoke HealthKit access via iOS Settings
• Opt out: Unsubscribe from non-essential communications at any time

For California Residents (CCPA)

You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, contact bekim@redpulsetek.com.

For EU/EEA Residents (GDPR)

Our legal basis for processing your data is your explicit consent (for health data) and legitimate interest (for service operation). You have additional rights including the right to restrict processing, object to processing, and lodge a complaint with your local data protection authority.

11. Data Retention

• Account and fitness data is retained for as long as your account is active
• If you delete your account, we will delete your personal data within 30 days, except where retention is required by law
• Anonymized, aggregated data (e.g., platform usage statistics) may be retained indefinitely
• AI-generated content (plans, summaries) is deleted along with your account data

12. Cookies and Tracking

We use essential cookies for authentication and session management. We use Azure Application Insights for performance monitoring and error tracking. We do not use third-party advertising trackers or sell data to ad networks.

13. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us and we will promptly delete it.

14. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of discovery, in compliance with applicable regulations including GDPR and state breach notification laws.

15. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

16. Contact

For privacy-related questions, data requests, or concerns:

• Email: bekim@redpulsetek.com
• Subject line: "FitRecomp Privacy Request"