How we collect, use, protect, and share your data, and your privacy rights.
Your health data is among the most sensitive information you can share. This Privacy Policy explains clearly what we collect, why we collect it, how it is protected, and what rights you have. Please read it in full.
Fitra360 ("we", "us", "our") is an AI-powered personalized wellness platform operated from the State of Florida, United States. We are the data controller for the personal information you provide through our mobile application and associated services (collectively, the "Platform").
Contact for all privacy matters: hello@fitra360.com. Use subject line "Privacy Request" for data requests, "GDPR Data Request" for GDPR requests, and "California Privacy Rights Request" for CCPA requests.
Because Fitra360 delivers genuinely personalized wellness insights, we collect a broader range of data than most wellness apps. Every category below is collected only to generate, improve, and deliver your personalized wellness plan. We do not collect data for advertising purposes.
The following categories are classified as sensitive personal data under GDPR, CCPA/CPRA, and other applicable laws. We collect them only with your explicit, informed consent.
In future releases, Fitra360 may integrate with wearable device platforms (such as Apple HealthKit, Google Fit, Fitbit, or Garmin) and nutrition tracking applications. When such integrations are activated by you, we may collect sleep data, heart rate and HRV, activity and caloric expenditure, and recovery scores. No third-party integrations are active in the current release. When they are introduced, you will be asked for explicit consent before any data is shared between platforms.
We do not use third-party analytics or crash-reporting SDKs.
As you use Fitra360, we generate additional data derived from your inputs, including wellness scores, AI-generated insights, recommendation histories, and trend analyses. This derived data is considered personal data where it can be linked to you and is treated with the same level of protection as your original inputs. You may request access to or deletion of your derived data in the same way as any other personal data we hold.
We use your data exclusively for the purposes below. We do not use your health or genetic data for advertising, profiling for commercial sale, or any purpose beyond what is listed here.
Fitra360 uses artificial intelligence to analyze your health data and generate personalized recommendations. To do this, we send your health information to a third-party AI service provider (see Section 7). We do not use your data to train AI models, and your health data is never used for advertising. As our platform evolves, we may change AI providers or build our own models. Any change that affects how your data is processed will be communicated to you in advance, and where required, we will ask for your consent again.
If you are in the EEA or the UK, we process your personal data on these legal bases:
For each sensitive data category, the legal basis is always explicit, granular consent. You may withdraw consent at any time through your account settings or by contacting hello@fitra360.com.
Fitra360 stores user data using cloud infrastructure operated by Supabase, which provides authentication and database services with row-level security so that only you can access your own records. We will update this section if our infrastructure providers change. We use TLS 1.2 or higher in transit, AES-256 or equivalent at rest, role-based access controls, and audit logging of access to sensitive health data.
We collect only the data necessary to deliver your plan. You are never required to provide genetic data or lab results; these are optional inputs that enhance the depth of your plan. The Platform will function with less data; it will simply be less personalized.
In the event of a data breach affecting your personal data, Fitra360 will notify affected users without unreasonable delay and in accordance with applicable law, with information about the incident, data affected, steps taken, and recommended actions.
Fitra360's personalized wellness insights are generated using artificial intelligence. We use a third-party AI service provider to process your health inputs, read the lab reports you upload, and generate your recommendations. This is a core part of how the app works. To create your plan, we send your health information to this provider, including profile details such as your name and date of birth, your analyzed DNA and blood work, your lifestyle inputs and self-reported signals, and the lab reports you choose to upload. The information is sent from our secure backend over an encrypted connection, not directly from your device.
The provider uses your information only to generate your recommendations. It does not use your data to train its models, and your data is never sold or used for advertising. We keep an up-to-date list of all service providers that process your data, including the current AI provider, at https://fitra360.com/subprocessors. If we change AI providers in a way that affects how your data is processed, we will update this policy and the subprocessors page, and where required by law, ask for your consent again.
Fitra360 does not currently integrate with any third-party health platforms, wearable devices, or nutrition applications. All data in the current release is entered directly by you.
Future releases may offer integrations with platforms such as Apple HealthKit, Google Fit, and wearable manufacturers. When available, you will be asked to grant explicit permission, informed of exactly what data will be accessed and why, and able to revoke permissions at any time. This policy will be updated to identify each integration.
We do not sell your personal data. We share it only with our AI service provider (Section 7), our cloud infrastructure provider (Section 6.1), where required by law, in the event of a business transfer (with advance notice and, where required, consent), or with your explicit consent. We do not use third-party analytics providers, and we do not share your data for advertising.
Practitioner and B2B functionality is planned for a future release and will be governed by a separate agreement. Contact hello@fitra360.com to be notified.
If and when Fitra360 integrates with Apple HealthKit or Google Fit, we will comply with the applicable developer guidelines, including that such data will not be used for advertising, sold to data brokers, or used for any purpose other than supporting your wellness within Fitra360. The data types collected by Fitra360 include Health & Fitness data, Identifiers, Usage Data, and Sensitive Information. Our app store listings are kept current with our data practices.
To protect your data, we may require identity verification before fulfilling a request, using the minimum information necessary. We may refuse or charge a reasonable fee for requests that are excessive, repetitive, or manifestly unfounded, where permitted.
To exercise any of these rights, contact hello@fitra360.com with the appropriate subject line. We respond within 30 days (GDPR) or 45 days (CCPA), with one possible extension where permitted.
Fitra360 is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will delete that information promptly. If you believe we may have collected data from someone under 18, please contact us at hello@fitra360.com.
Fitra360 is operated from the United States. If you access the Platform from outside the United States, your personal data will be transferred to and processed in the United States. For users in the EEA or UK, we rely on Standard Contractual Clauses and Data Processing Agreements with all third-party providers who receive your personal data. By using Fitra360, you acknowledge that your data may be processed in the United States and other countries where our service providers operate.
The Fitra360 mobile application does not use browser cookies, and we do not use third-party analytics or crash-reporting SDKs. Push notification services are used to deliver plan updates and reminders; you may opt out at any time from your device settings. If a web version of Fitra360 is released, a separate Cookie Policy will be published with a consent mechanism before any non-essential tracking is activated.
We may update this Privacy Policy as our Platform evolves or laws change. We will notify you via email and/or in-app notification at least 14 days before material changes take effect. For changes that materially affect how we process your sensitive health or genetic data, we will seek your active, affirmative consent rather than rely on continued use. The updated policy will always display its effective date, and previous versions will be archived and available upon request.
Fitra360
Email: hello@fitra360.com
Website: www.fitra360.com
For GDPR requests, CCPA requests, or genetic data deletion, email hello@fitra360.com with the appropriate subject line. We fulfill verified data requests within the legally required timeframes (30 days under GDPR, 45 days under CCPA).