Privacy Policy

Effective Date: November 4, 2025

Last Updated: November 4, 2025

My Fitness Plan Pro Privacy Policy

Effective Date: November 4, 2025 | Version 1.0

Last Updated: November 4, 2025

Your Privacy Matters

My Fitness Plan Pro (“we,” “our,” “us”) values your privacy and the trust you place in us. This Policy explains how we collect, use, store, and protect your personal and health-related information when you use our mobile app or website (“App”).

By creating an account or continuing to use My Fitness Plan Pro, you explicitly consent to the practices described here. You may withdraw consent at any time by contacting privacy@fitplanpro.com
.

##1. Information We Collect

We collect the following categories of data:

1.1 Account and Contact Information

Name, email address, encrypted password, date of birth, gender, subscription status.

1.2 Payment Information

Payments are processed through Stripe; My Fitness Plan Pro does not store complete card numbers.

1.3 Health and Fitness Data (Special Category Data)

Height, weight, dietary restrictions, allergies, medical conditions, exercise history, fitness goals, nutrition logs, and related metrics.
Legal basis: Explicit consent (GDPR Art. 9 (2)(a)).

1.4 Usage and Device Data

IP address, device type, operating system, interaction logs, session duration, crash reports.

1.5 Cookies and Similar Technologies

Used to maintain sessions, remember preferences, secure the App, and analyze performance.
For EEA/UK users, we display a Cookie Banner where you may manage consent preferences.
See our separate [Cookie Policy].

##2. How We Use Your Data
Purpose Data Used Legal Basis
AI-Generated Recommendations Health, nutrition, and preference data Consent
Account & Subscription Management Account, payment data Contract performance
Communication & Support Contact data Legitimate interest
Fraud Prevention & Security Device and usage data Legitimate interest / Legal obligation
Product Improvement Aggregated usage data Legitimate interest
Legal Compliance Any relevant data Legal obligation
3. Third-Party Processors and Sub-Processors

We engage reputable vendors under written Data Processing Agreements (“DPAs”) consistent with GDPR Art. 28, including:

Stripe – billing and subscription management

OpenAI – AI model services

Neon Database & Cloud Providers – secure hosting and storage

SendGrid – email delivery

These processors act only on our documented instructions and may not use data for their own purposes.

##4. International Data Transfers

When data leaves your country, we apply adequate transfer mechanisms, such as:

The EU-U.S. Data Privacy Framework, or

The European Commission’s Standard Contractual Clauses (SCCs).

##5. Data Retention

Active Accounts: retained while your subscription remains active.

Closed Accounts: deleted within 30 days unless law requires longer retention.

Backups: purged per 90-day rolling schedule.

Analytics: anonymized after 12 months.

##6. Security Measures

We employ industry-standard safeguards:
TLS/SSL encryption, bcrypt-hashed passwords, JWT authentication, access-controlled databases, periodic penetration testing, and least-privilege employee access.

Despite these measures, no system is completely secure; users accept residual risk inherent in online data transmission.

##7. Your Privacy Rights

You may, at any time:

Access and receive a copy of your data

Correct inaccurate data

Delete (“be forgotten”)

Restrict or object to processing

Withdraw consent (for health data)

Export your data (portability)

Requests: privacy@fitplanpro.com
or in-app privacy settings.
We verify identity and respond within 30 days.

##8. U.S. State Privacy Rights

Residents of California, Colorado, Connecticut, Utah, Virginia, and other applicable states enjoy additional rights:

Know, delete, and correct personal data;

Opt out of targeted advertising or sale (we do not sell data);

Appeal any refusal of a request.

To exercise: email privacy@fitplanpro.com
.

##9. Children’s Privacy

My Fitness Plan Pro is not for individuals under 18. We do not knowingly collect minors’ data; detected information is deleted immediately. Parents may contact us to ensure removal.

##10. Business Transfers

If My Fitness Plan Pro undergoes merger or acquisition, you’ll receive 30-day prior notice and an option to delete or export data before transfer.

##11. Regulatory Disclosures & Legal Requests

We may disclose data only when required by law, court order, or to protect our legal rights and users’ safety.

##12. Data Protection Impact Assessments

Because My Fitness Plan Pro processes AI-based health data, we conduct periodic DPIAs to evaluate and minimize risks to individual rights and freedoms.

##13. Supervisory Authorities & EU Representative

EU/EEA users may lodge complaints with their local supervisory authority or contact our EU representative via dpo@fitplanpro.com
.

##14. Policy Updates

We may update this Privacy Policy to reflect legal or technical changes. Material updates will be notified in-app or via email. Continued use after notice constitutes acceptance.

##15. Contact Us
My Fitness Plan Pro LLC
📧admin@myfitnessplan.app

My Fitness Plan Pro Privacy Policy

Effective Date: January 1, 2025 | Version 1.0

Last Updated: January 1, 2025

1. Introduction

My Fitness Plan Pro ("we," "our," "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes:

• What information we collect

• How we use your information

• How we store and protect your information

• Your rights regarding your information

• How we share information with third parties

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information when you create an account:

• Account Information: Name, email address, password (encrypted), date of birth, gender

• Contact Information: Email address for communications and account verification

• Payment Information: Payment details are processed securely through Stripe; we do not store complete credit card information

2.2 Health and Fitness Data

To provide personalized recommendations, we collect sensitive health and fitness information, including:

• Physical Metrics: Height, weight, body type, age, gender

• Health Information: Dietary restrictions, allergies, food preferences, medical conditions, injuries

• Fitness Data: Fitness goals, exercise preferences, workout experience level, activity schedules

• Nutritional Preferences: Dietary restrictions (vegan, vegetarian, pescatarian, etc.), avoided foods, loved foods

• Budget Information: Food budget, workout budget, supplement budget

• Progress Data: Workout logs, nutrition logs, weight tracking, habit tracking, body metrics

• Location Data: Address, city, state, zip code (used for local restaurant and gym recommendations)

2.3 Usage Data

We automatically collect certain information when you use the App:

• Device Information: IP address, browser type, device type, operating system

• Usage Patterns: Pages viewed, features used, time spent in the App, click patterns

• Technical Data: Error logs, performance data, crash reports

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your logged-in session

• Remember your preferences

• Analyze usage patterns and improve the App

• Prevent fraud and enhance security

3. How We Use Your Information

Purpose
Data Used


AI-Generated Recommendations
All health, fitness, and preference data to generate personalized meal plans, workout routines, and product suggestions


Account Management
Email, password, subscription status for account creation, authentication, and management


Payment Processing
Payment information (via Stripe) for subscription billing and payment management


Location Services
Location data to provide local restaurant, gym, and fitness center recommendations


Communication
Email address for account notifications, updates, support responses, and service announcements


Service Improvement
Usage data and feedback to improve App features, fix bugs, and enhance user experience


Security and Fraud Prevention
IP address, device information, usage patterns to detect and prevent fraudulent activity


Legal Compliance
Any data as required to comply with legal obligations, court orders, or government requests

4. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your health data for AI recommendations

• Contract Performance: Processing is necessary to provide the services you requested

• Legitimate Interests: We have legitimate interests in improving our services, preventing fraud, and ensuring security

• Legal Obligation: We must process data to comply with applicable laws and regulations

5. How We Share Your Information

5.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist in operating our App:

• Stripe: Payment processing and subscription management (subject to Stripe's Privacy Policy)

• OpenAI: AI model services for generating personalized recommendations (subject to OpenAI's Privacy Policy)

• Neon Database: Secure database hosting for user data storage

• SendGrid: Email delivery for account verification and notifications

• Cloud Hosting Providers: Server infrastructure and data storage

5.2 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

5.3 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests

• Enforce our Terms of Service

• Protect our rights, privacy, safety, or property

• Prevent fraud or illegal activity

5.4 What We DON'T Share

• We do NOT sell your personal information to third parties

• We do NOT share your health data with advertisers

• We do NOT provide your information to data brokers

6. Data Security and Protection

6.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL

• Password Protection: Passwords are hashed and salted using bcrypt encryption

• Authentication: Secure JWT-based authentication system

• Database Security: Access-controlled database with encryption at rest

• Regular Security Audits: Periodic security assessments and vulnerability testing

• Access Controls: Limited employee access to personal data on a need-to-know basis

6.2 Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Notify affected users within 72 hours of discovery

• Provide details about the nature of the breach

• Outline steps we are taking to address the breach

• Recommend actions you can take to protect yourself

• Comply with all applicable data breach notification laws

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data is retained while your account is active

• Deleted Accounts: Data is permanently deleted within 30 days of account deletion, except where required by law

• Legal Requirements: Some data may be retained longer to comply with legal, tax, or accounting requirements

• Backup Data: Backup copies are automatically deleted according to our backup retention schedule

8. Your Privacy Rights

8.1 Access and Control

You have the following rights regarding your personal information:

• Access: Request a copy of all personal data we hold about you

• Correction: Update or correct inaccurate personal information

• Deletion: Request deletion of your personal data ("right to be forgotten")

• Portability: Receive your data in a structured, machine-readable format

• Restriction: Request restriction of processing in certain circumstances

• Objection: Object to processing of your data for specific purposes

• Withdraw Consent: Withdraw consent for processing at any time

8.2 How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@fitplanpro.com

• Use the privacy controls in your account settings

• We will respond to your request within 30 days

• We may request verification of your identity before processing requests

8.3 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold

• Right to delete personal information held by businesses

• Right to opt-out of the sale of personal information (Note: We do not sell personal information)

• Right to non-discrimination for exercising CCPA rights

9. Children's Privacy

My Fitness Plan Pro is NOT intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

• If you are under 18, do not use this App

• If we discover that we have collected data from a child under 18, we will delete it immediately

• Parents who believe their child has provided information to us should contact us immediately

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

• We ensure appropriate safeguards are in place for international transfers

• Data transferred to the US is protected under applicable frameworks

• We comply with EU-US and Swiss-US Privacy Shield principles where applicable

11. Third-Party Links and Services

The App may contain links to third-party websites, products, or services. This Privacy Policy does not apply to third-party sites:

• We are not responsible for third-party privacy practices

• We encourage you to read the privacy policies of third-party sites

• Restaurant and gym recommendations are provided for informational purposes only

12. Changes to This Privacy Policy

• We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements

• Material changes will be notified through the App or by email

• The "Last Updated" date at the top indicates when changes were made

• Continued use after changes constitutes acceptance of the updated Privacy Policy

• Users will be required to review and accept updated policies before continuing to use the App

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

• Privacy Email: privacy@fitplanpro.com

• Support Email: support@fitplanpro.com

• Company: My Fitness Plan Pro LLC

• Address: [Your Business Address]

• Data Protection Officer: dpo@fitplanpro.com (for EU inquiries)

14. Regulatory Compliance

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR) - EU

• California Consumer Privacy Act (CCPA) - California, USA

• Health Insurance Portability and Accountability Act (HIPAA) principles (where applicable)

• Electronic Communications Privacy Act (ECPA) - USA

• Other applicable data protection and privacy laws

Your Consent

By using My Fitness Plan Pro, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein.

Copyright © 2025 My Fitness Plan Pro LLC. All rights reserved.

Version 3.0 Update

New privacy terms.