PRIVACY POLICY OF THE FITMATE APP
(EN version — 2025)

Last update: 2025

1. General information

1. This Privacy Policy describes how personal data is processed by the FitMate mobile application (the “App”).
2. The data controller is:
   CodeVee
   Tax ID (NIP): 588-237-50-92
   Address: Eugeniusza Węgrzyna 10/30, 80-175 Gdańsk, Poland
   contact e-mail: contact@fitmate.co
3. By using the App, the User accepts this Policy.

2. Scope of processed data

1. Data provided by the user
   During registration and use of the App, the following data may be collected:
   • e-mail address,
   • password (encrypted),
   • username,
   • selected avatar (m/f),
   • training data:
     • workouts performed, sets, reps, weights,
     • planned workouts and goals,
   • nutrition data:
     • meals, calories, macronutrients,
   • health data:
     • weight, body measurements, trends and statistics,
   • photos sent in chat with a trainer,
   • food photos (calorie analysis).
   These include special categories of personal data (health data).
2. Data collected automatically
   During the operation of the App, the following may be collected:
   • anonymous User identifiers,
   • data on use of App features,
   • device data (model, operating system),
   • technical error data (crash reports).
3. Data generated by the trainer
   A trainer working with the User may:
   • log the User’s workouts and meals,
   • set goals and workout plans,
   • send content in chat.
   These data are processed within the User–Trainer relationship.

3. Purposes of data processing

1. Creating and managing the User’s account – Art. 6(1)(b) GDPR.
2. Using App features (workouts, statistics, history, meal logging).
3. Cooperation with a trainer – sharing the User’s data with the selected Trainer.
4. Analyzing and improving App performance – Google Firebase, Bugsnag, Branch.
5. Handling payments and subscriptions – Apple / Google / RevenueCat.
6. AI-based features:
   • MateGPT chatbot,
   • workout plan generator,
   • daily calorie goal generator,
   • meal photo analysis (OpenAI).
   Input data for the calorie generator are not stored in the App or on the server.
7. Legitimate interest of the controller – Art. 6(1)(f) GDPR (security, statistics, archiving chats with trainers).
8. Consent to process health data – Art. 9(2)(a) GDPR. Accepting the Policy and Terms constitutes explicit consent to process health data.

4. Data shared with trainers

1. The User may voluntarily select a Trainer.
2. Choosing a trainer means sharing:
   • training data,
   • nutrition data,
   • progress history,
   • photos sent in chat.
3. The trainer may log data on behalf of the User.
4. The User may revoke access at any time.
5. After access is revoked, the trainer no longer has access to previous data or chat.

5. Data storage

1. Storage location
   Data are stored only in the infrastructure of:
   • Google Firebase (region: europe-west3 – Europe).
2. Data retention period
   • Account data (e-mail, login, password) – deleted immediately after account removal.
   • Training and nutrition data – anonymized, not linked to any user.
   • Chat history – archived solely for security purposes (not available to trainers).
   • Photos sent in chat – may be deleted after 30 days, but FitMate does not guarantee full automation.
   • Food photos – not stored in FitMate’s system; they are passed to OpenAI.

6. Data sent to third parties

1. OpenAI (photo analysis and AI)
   Food photos and content sent to MateGPT may be processed by OpenAI. FitMate does not store food photos. OpenAI, according to its rules, may store data and use it to train models.
2. Analytics and crash-reporting platforms
   FitMate uses:
   • Google Analytics / Firebase – statistical analysis, events, performance,
   • Bugsnag – error reports (an anonymous user identifier and technical data are sent),
   • Branch / marketing integrations – advertising campaign identifiers.
3. Payments – Apple / Google / RevenueCat
   FitMate does not process or store payment data. Access to transaction information is limited to technical data necessary to assign subscriptions to an account.
4. Trainer access – trainers only receive data of Users who select them.

7. Data transfers outside the EU

1. Due to the use of OpenAI, Branch, Firebase, and other tools, data may be transferred outside the European Economic Area.
2. Data transfers are based on:
   • standard contractual clauses (SCC),
   • safeguards applied by data processors.

8. User rights

1. The User has the right to:
   • access data,
   • rectify data,
   • erase data (“right to be forgotten”),
   • restrict processing,
   • data portability (where technically feasible),
   • object to processing,
   • withdraw consent at any time,
   • lodge a complaint with the Polish DPA (PUODO).

9. Rules on algorithms and AI

1. AI features (MateGPT, workout plan generator, calorie generator) are informational only.
2. FitMate does not guarantee the accuracy or adequacy of responses.
3. Data for the calorie generator are not saved or stored.
4. The User uses AI features at their own responsibility.
5. No AI feature constitutes medical, dietary, or professional advice.