Privacy Policy

Last updated: April 23, 2026

This Privacy Policy explains how Fitty Up collects, uses, stores, and shares personal information when you use the Fitty Up mobile application and related support services. By using Fitty Up, you agree to the practices described in this policy.

1. Who We Are

Fitty Up is operated by Chattrawut Phoolakorn ("Fitty Up," "we," "our," or "us"), an individual developer based in Thailand. If you have questions about this policy or your personal data, contact us at support@fittyup.app.

2. Information We Collect

2.1 Account and profile information

  • Sign-in data: Your email address and basic profile details received from Apple Sign In, Google Sign In, or other authentication flows we support.
  • Profile data: Information you choose to provide, such as display name, avatar, banner image, age or date of birth, sex, height, weight, activity level, goals, and preferences.
  • Account settings: App language, notification preferences, theme settings, legal consent records, and similar configuration data.

2.2 Wellness, nutrition, and activity data

  • Nutrition data: Meals, calories, macronutrients, custom foods, saved foods, grocery items, meal combos, fasting windows, nutrition goals, and related notes.
  • Workout and body data: Workout logs, plans, exercises, sets, reps, route metrics, pace, steps, heart-rate-related workout metrics, personal records, body measurements, weight logs, and workout goals.
  • Additional wellness records: Water intake, medications and medication logs, course enrollments and course progress, check-in responses, and body progress review data if you use those features.

2.3 Media and files

  • Photos and images: Meal photos, barcode scans, AI chat attachments, avatar images, banner images, and body progress photos you upload or capture through the app.
  • Generated or processed media: AI review outputs, nutrition analysis generated from images, and file metadata such as image size or upload path.

2.4 AI interaction data

  • AI prompts and replies: Messages you send to Fitty Up's AI features, selected model or mode, attachments you include, and the responses returned to you.
  • AI usage data: Credit usage, model routing, safety filtering results, tool/action proposal metadata, and request metadata needed to operate, secure, and bill AI features.

2.5 Purchase, subscription, and support data

  • Billing and entitlement data: Subscription status, product identifiers, top-up purchases, transaction identifiers, entitlement state, and related records from Apple App Store, Google Play, and RevenueCat.
  • Support and feedback: Feedback tickets, subject lines, message content, reply preference, app version, device information, and admin support responses.
  • Promotions and rewards: Referral, bonus credit, promo-code, rewarded-ad, refund, webhook, and anti-replay verification records where applicable.

2.6 Device, diagnostics, and security data

  • Device and app data: Device brand, model, operating system, app version, locale, time zone, and general network state.
  • Diagnostics: Crash reports, error logs, performance diagnostics, and technical troubleshooting data.
  • Security and abuse-prevention data: Push token registration data, a device fingerprint derived from device characteristics, authentication events, admin/support access logs, role checks, abuse-prevention signals, and request identifiers used to reduce fraud, investigate incidents, or enforce limits.

2.7 Permission-based data

  • HealthKit on iOS: If you grant permission, Fitty Up may read health and fitness data such as workouts, routes, heart rate, sleep analysis, steps, distance, VO2 max, cadence, and similar metrics, and may write workouts or active energy back to HealthKit.
  • Location and motion: If you grant permission, Fitty Up may access in-use location and motion activity to map outdoor workouts, calculate pace, and track route-based exercise. We do not request background location in the current app configuration.
  • Camera and photo library: If you grant permission, Fitty Up may capture or import photos for food logging, barcode scanning, avatars, and progress tracking.
  • Notifications: If you opt in, Fitty Up may schedule local reminders on your device and store remote push-token data to send announcements or account-related notifications.

3. How We Use Your Information

We use your information to operate, improve, and secure Fitty Up, including to:

  • Create and maintain your account and synchronize your data across devices.
  • Provide nutrition tracking, workout logging, progress history, reminders, courses, and other product features.
  • Generate AI-powered analysis, coaching, summaries, and food-recognition results.
  • Process subscriptions, top-ups, promotional credits, and optional rewarded-ad credits.
  • Verify purchases, refunds, referrals, rewarded-ad callbacks, and credit grants, and prevent replay or abuse of those flows.
  • Personalize your targets, recommendations, dashboards, and in-app experience.
  • Send service messages, reminders, and support replies.
  • Detect abuse, prevent fraud, monitor security, and enforce our Terms of Service.
  • Debug crashes, investigate incidents, improve performance, and develop new features.
  • Comply with legal obligations and resolve disputes.

4. Legal Bases for Processing

Where applicable data-protection law requires a legal basis, we generally process personal data under one or more of these bases: performance of our contract with you, your consent, our legitimate interests in operating and securing Fitty Up, and compliance with legal obligations.

5. How We Share Information

We do not sell your personal information. We share information only as reasonably necessary to operate Fitty Up, including with the following categories of recipients:

  • Infrastructure and storage providers: Supabase for authentication, database, storage, and server-side functions.
  • AI processors: Anthropic and OpenRouter, including model providers routed through OpenRouter, to process the prompts, attachments, and context required to generate AI responses.
  • Payments and subscriptions: RevenueCat, Apple App Store, and Google Play to manage subscriptions, entitlements, one-time digital purchases, refunds, and related webhook verification.
  • Advertising partners: Google AdMob for free-tier banner, native, and rewarded ads, including rewarded-ad verification and nonce ownership checks.
  • Diagnostics and support tools: Sentry and similar technical tooling we use to monitor crashes, investigate bugs, and improve stability.
  • Notification delivery providers: Expo, Apple, and Google services to register and deliver push notifications.
  • Legal or transactional disclosures: Authorities, advisors, counterparties, or successors where disclosure is required by law, necessary to protect rights or safety, or related to a merger, transfer, or restructuring.

6. AI and Advertising Disclosures

6.1 AI features

AI features in Fitty Up require us to send relevant prompts, attachments, and selected model settings to third-party AI processors. Those providers may process data in other countries and may retain limited request logs or safety-monitoring data under their own policies. Fitty Up does not use AI output as a substitute for professional medical, nutritional, or fitness advice.

6.2 Ads for free-tier users

Free-tier users may see Google AdMob ads, including optional rewarded ads. Fitty Up currently requests non-personalized ads only in the app configuration. Rewarded ads may require server-side verification before bonus credits are added. Paid subscribers do not receive ads through the standard paid tier experience.

7. Data Storage and Security

We use reasonable technical and organizational safeguards designed to protect personal data, including encrypted transport, access controls, role-based administrative controls, secure authentication flows, and platform-specific secure or encrypted local storage for selected sensitive app data on supported devices. This may include authentication tokens, AI chat history, insight report history, signed media URL cache entries, push-token cache entries, and other sensitive local records.

No system is perfectly secure. You are responsible for keeping your device, email account, and third-party sign-in credentials secure.

7.1 Storage URL transparency

Some uploaded images are stored differently depending on the feature. Avatar images and body progress photos are generally served through signed or access-controlled URLs. Some signed or access-controlled URLs may be cached temporarily on your device to improve app performance. Some meal photos saved to your food library and some AI chat image attachments are stored using public or link-accessible storage URLs so the app can render them across devices. Anyone with the exact URL may be able to view those files, so do not upload highly sensitive documents or confidential images to those features.

8. Data Retention

  • We keep personal data for as long as needed to provide Fitty Up, maintain account history, operate subscriptions and credits, resolve disputes, and comply with legal obligations.
  • Some free-tier historical data is currently subject to automatic cleanup after approximately 90 days, while paid tiers may retain more history while the account remains active.
  • Some free-tier AI chat image attachments may be automatically deleted after approximately 14 days.
  • When you delete your account, we delete or de-link most account data and storage objects tied directly to your account, subject to technical limitations and legal requirements.
  • We may retain limited financial, referral, anti-fraud, tax, or audit records after account deletion where reasonably necessary or legally required, and those records may be minimized or de-identified.
  • We may retain limited webhook, rewarded-ad verification, security audit, and abuse-prevention records to prevent replay, fraud, or unauthorized access, even after related app content is deleted.
  • Data exported or cached on your own device remains under your control until you delete it.

9. Your Rights and Choices

  • Access and correction: You can review and update much of your profile and app data inside Fitty Up.
  • Delete account: You can request deletion through the in-app settings, subject to limited record retention described above.
  • Export: Fitty Up includes in-app export tools for certain categories of data, and you may contact us if you need additional help accessing your information.
  • Permissions: You can disable camera, photo, HealthKit, location, motion, and notification permissions through your device settings at any time.
  • Regional rights: Depending on where you live, you may have additional rights such as data portability, restriction, objection, or complaint rights under local law.

To exercise privacy rights that are not available directly in the app, email support@fittyup.app.

10. International Transfers

Fitty Up and its processors may handle data in countries outside your own. When required, we rely on contractual, technical, and organizational safeguards designed to protect transferred data.

11. Children's Privacy

Fitty Up is not intended for children under 13. Users between 13 and the age of legal majority in their jurisdiction should use Fitty Up only with parent or guardian permission. Some sensitive features, such as certain body-progress or image-based features, may be restricted for younger users. If you believe a child under 13 has provided us with personal data, contact us so we can investigate and delete the information where appropriate.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect product, legal, or operational changes. If changes are material, we may provide notice inside the app or require renewed acceptance. The updated version becomes effective when posted with a new "Last updated" date.

13. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data, contact:

Email: support@fittyup.app
Operator: Chattrawut Phoolakorn