Privacy Policy

Fitlume is a private AI fitness coach. We collect only what we need to coach you well: your profile (goal, level, preferences), your check-ins, your chats with the coach, and your voice when you choose to use voice mode. We do not sell your data, ever. You can clear your coach memory, delete every message you've sent, or delete your entire account at any time from Profile.

Fitlume is operated by Fitconnect Technologies LLC (“we”, “us”), a company registered at the Qatar Financial Centre (QFC), Doha, Qatar. We are the data controller for your personal information. Contact: privacy@fitlumeapp.com.

• Account: email, display name, auth provider (Google / Apple / Email OTP) and a generated user ID.
• Profile: goal, fitness level, training preferences, coach focus, weekly schedule, height/weight (optional), units, country, language, dietary preferences, allergies, injuries.
• Activity & health-adjacent data: workouts you complete, daily check-ins (mood, energy, sleep quality, sleep hours), hydration logs, streak data, metrics history. Under GDPR Article 9 and equivalent provisions, some of this is treated as special-category health-related data; we process it only with your explicit consent (granted when you complete onboarding).
• Coach interactions: the text/voice messages you send to the coach and the coach's replies.
• Voice audio: the audio of voice messages is sent to our AI transcription provider for processing and is NOT stored by Fitlume — only the transcribed text is retained alongside your other coach messages.
• Photos (Vision scan): when you scan food or a gym machine, the image is sent to our AI vision provider for analysis and is NOT stored by Fitlume — only the structured analysis result is kept.
• Diagnostics (optional): if enabled, crash reports and anonymous usage analytics are sent to our error-monitoring and analytics providers. No personally identifying information and no message content is sent to these tools.

• We do not collect your contact list.
• We do not collect your precise location.
• We do not track you across other apps or websites.
• We do not sell, rent, or trade your data — to anyone, ever.

• Personalise the AI coach's answers, plans, and meal suggestions.
• Build a rolling 30-day memory summary so the coach feels personal.
• Show you progress, streaks, and 7-day trend charts.
• Detect rare safety risks (self-harm signals) and respond with helplines.
• Keep the service secure, debug crashes, and improve reliability.

Where applicable law requires it, we rely on the following legal bases:

• Contract — to create your account, run the coach, and deliver the features you signed up for.
• Your explicit consent — for special-category health-related data (sleep, mood, energy, body metrics) and for optional diagnostics. You can withdraw consent at any time from Profile → Settings or by deleting your account.
• Legitimate interest — to keep the service secure, prevent abuse, and debug crashes. We balance this against your rights and use the minimum data needed.
• Legal obligation — to comply with court orders or applicable laws (rare).

We use trusted third-party providers to operate Fitlume. They process data on our behalf under contract and cannot use it for their own purposes:

• AI providers — generate coach replies, transcribe voice, and analyse vision scans.
• Cloud infrastructure providers — host the application servers and store your account, profile, and messages (encrypted at rest).
• Error-monitoring & analytics providers (optional, diagnostics only) — help us keep the app stable. No message content or personally identifying information is sent.

A current list of named sub-processors is available on request at privacy@fitlumeapp.com.

Fitlume is operated from the Qatar Financial Centre. Some of our sub-processors are based outside Qatar (including the United States and the European Union). When your data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, equivalent contractual safeguards required by other regulators, and provider-side encryption in transit and at rest.

Fitlume uses AI to personalise your plans, suggestions, and messages. This personalisation is based on the profile and check-ins you give us and the messages you send the coach. It does not produce legal or similarly significant effects about you, and a human (you) is always in the loop — you decide whether to follow any suggestion. You can opt out of personalisation by clearing your coach memory at any time from Profile → Coach memory.

If your message contains signals of self-harm, suicidal ideation, or medical emergency, the coach will return a country-specific helpline and stop the fitness conversation for that turn. We do not contact emergency services on your behalf — we provide the number so you can.

Depending on where you live, you have some or all of the following rights over your personal data. We honour all of these for every user regardless of jurisdiction, as a matter of policy:

• Access — get a copy of your data.
• Rectification — correct inaccurate data.
• Erasure — delete your account and all associated data from Profile → Delete account (one-tap, irreversible).
• Restriction & objection — limit or object to certain types of processing.
• Portability — receive your data in a structured, machine-readable format. Email privacy@fitlumeapp.com to request an export.
• Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal.
• Complain to a regulator — EU/EEA users may lodge a complaint with their local Data Protection Authority. UK users may contact the ICO. We'd appreciate the chance to address it directly first.

• Refresh memory — rebuild the rolling summary at any time.
• Clear long-term memory — the coach forgets your summary; recent in-session chat continues.
• Forget everything — wipes the summary AND deletes every message you've sent the coach. Cannot be undone.
• Delete account — permanently erases your account and every record associated with it, in-app from Profile → Delete account. Cannot be undone. If you cannot access the app, email privacy@fitlumeapp.com and we will erase all your data within 30 days.

We keep your data while your account is active. When you delete your account, your personal data is purged immediately from our active systems; encrypted backups roll off within 30 days. Anonymised aggregate statistics (e.g. “X% of users hit their hydration goal”) may be retained indefinitely.

We protect your data with industry-standard safeguards:

• TLS 1.2+ encryption for all data in transit.
• Encryption at rest on our database and storage layers.
• HTTP-only, secure session cookies — your auth token is never readable by JavaScript.
• Strict access controls — only authorised engineers can access production data.
• Regular dependency updates and automated vulnerability scanning.

No system is perfectly secure. If you believe your account has been compromised, email privacy@fitlumeapp.com.

Fitlume is not intended for users under 13 years of age (under 16 in the European Economic Area, in line with GDPR Article 8). We do not knowingly collect data from children under these ages. If you believe a child has provided data to Fitlume, email privacy@fitlumeapp.com and we will delete it.

India (DPDP Act 2023): If you are in India, the processing described above relies on your consent and on the performance of your contract with us. Your Grievance Officer is reachable at privacy@fitlumeapp.com, and we will respond to grievances within the statutory period. You have the right to nominate another individual to exercise your rights on your behalf in the event of death or incapacity — contact us to register a nomination.

California (CCPA / CPRA): California residents have the right to know what personal information we collect, to delete it, to correct it, to opt out of any “sale” or “sharing” (we do neither), and to not be discriminated against for exercising these rights. The categories we collect are described in §2. To exercise any right, use the in-app controls in §11 or email privacy@fitlumeapp.com.

EU / UK (GDPR / UK-GDPR): Your rights and the legal bases we rely on are described in §5 and §10. You may lodge a complaint with your local Data Protection Authority.

Fitlume is a fitness, nutrition, and wellness coach. It is NOT a medical device or a substitute for advice from a licensed healthcare provider. Always consult a doctor for medical concerns, injuries, or significant changes to your activity level or diet.

We will surface a notice in-app when we make material changes. The “Last updated” date at the top of this page reflects the most recent revision.