Legal

Privacy Policy.

Effective Date: June 9, 2026 · Piper Enterprise LTD · contact@piper-enterprise.com

⚕️ Medical Disclaimer: Fit Co is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. Calorie estimates and nutritional information are for general informational purposes only. Always consult a qualified healthcare professional before making changes to your diet or exercise routine.

1. Information We Collect

Information You Provide

Account information (name, email), health data (date of birth, sex, height, weight, goal weight, activity level, calorie target), nutrition logs, activity logs, and weight entries.

Through App Features

Camera: Food photos sent to AI for analysis. Photos are not stored after analysis.
Microphone (Premium): Voice recordings processed to identify food. Audio not stored after logging.
Apple Health / Apple Watch: Steps, active calories, body weight — with your permission.
Google Health Connect: Steps, exercise sessions, calories, distance — with your permission.

Automatically Collected

Device info, usage data, anonymised analytics (Firebase), and crash reports.

Purchases & Fraud Prevention

When you buy a Token Pack or a subscription, we receive purchase-confirmation data (such as the product purchased, a transaction identifier, and purchase status) from the App Store and RevenueCat in order to credit your account — we never receive your payment card details. To help prevent advertising fraud, before showing a rewarded ad the app checks your device's network connection type (for example, whether a VPN is active). This check runs on your device; the result is used only to decide whether to offer the ad and is not stored or transmitted to us.

2. How We Use Your Information

Calculate your personalised daily calorie target and progress ring
Power AI features — photo and voice analysis via Google Gemini AI
Sync data from Apple Health, Apple Watch, and Google Health Connect
Track your fitness journey over time (Premium)
Send opted-in push notifications — never used for advertising
Improve app performance using anonymised analytics
Process your Premium subscription and Token Pack purchases via RevenueCat
Credit Tokens earned through optional rewarded advertisements
Detect and prevent fraudulent, invalid, or abusive activity

3. Advertising

Basic Plan users may choose to watch optional rewarded advertisements to earn Tokens, served through Google AdMob. Watching ads is entirely voluntary and is never required to use the app's core tracking features. These ads are not based on your health data, food logs, weight, or personal profile.

We do not sell your personal data to advertisers. We do not engage in behavioural tracking for advertising. Premium Plan users have a completely ad-free experience.

When you finish a rewarded ad, Google notifies our servers through a secure server-side verification callback that includes a pseudonymous account identifier (not your name or email) so we can credit the correct Tokens and prevent duplicate or fraudulent rewards.

Ads use your device's Advertising ID, collected by Google AdMob — we never store it ourselves, and it is held under Google's own retention policy. You can reset or delete your Advertising ID at any time in your device's privacy settings (Android: Settings → Privacy → Ads; iOS: Settings → Privacy & Security → Tracking).

4. Apple HealthKit & Health Connect — Special Rules

Data from Apple HealthKit and Google Health Connect is subject to strict rules without exception:

This data will never be used for advertising or marketing purposes
This data will never be shared with third parties for advertising
It is used solely to provide and improve your in-app experience
You can revoke access at any time via your device settings

5. Data Storage & Security

Your data is stored securely using industry-standard encryption in transit (TLS) and at rest via Supabase (EU/US regions). Health data is treated as sensitive personal information and is never sold to third parties under any circumstances.

6. Sharing Your Information

We do not sell your personal data. We may share information only with:

Service providers: Supabase (hosting), RevenueCat (subscriptions and Token Pack purchases), Google AdMob (rewarded ads for Basic users; receives a pseudonymous identifier to verify ad completion and prevent invalid traffic)
Google Gemini AI: Food photos and voice input for real-time processing only. We do not permit use of your data for model training.
Legal requirements: If required by law or court order

7. Your Rights

Access: Request a copy of your personal data
Deletion: Delete your account and all data, or specific data types
Portability: Export your data via Settings → Export My Data
Withdraw consent: Revoke camera, microphone, or third-party access via device settings
EEA/UK users: May lodge a complaint with your local data protection authority

Data Retention & Deletion

You can delete your account and all associated data at any time — from inside the app, or via our self-serve page at piper-enterprise.com/fitco/delete-account. When you do, we delete your personal and health data — including your Token balances and any Token Pack purchase records held in our database — from our systems and request our service providers to delete it as well. We retain only what is legally required — such as subscription and purchase billing records (for tax and accounting) — for the minimum necessary period, along with anonymised analytics that can no longer identify you. Identifiers used by advertising and crash-reporting providers — such as your Advertising ID (Google AdMob) and the device information attached to crash and diagnostic logs (Firebase Crashlytics) — are never stored in our own database or logs; they reside only in those providers' systems under their retention policies and expire automatically (Crashlytics deletes crash data after 90 days). You can reset or delete your Advertising ID at any time in your device settings.

To exercise your rights, contact us at contact@piper-enterprise.com. We respond within 30 days.

8. Children's Privacy

Fit Co is not intended for anyone under the age of 13 (or the minimum digital consent age in your country). We do not knowingly collect personal information from children. Contact contact@piper-enterprise.com if you believe your child has submitted personal information.

9. Contact Us

Email: contact@piper-enterprise.com

Company: Piper Enterprise LTD

For international data transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.