Privacy Policy
Last updated: June 5, 2026
This Privacy Policy explains how FitSplit(“FitSplit”, “we”, “us”) collects, uses, shares, and protects your personal data when you use the FitSplit gym-management platform, and the rights you have over that data — including under the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (“CCPA”).
1. Who is responsible for your data
FitSplit provides the platform. Each gym that uses FitSplit decides what member data to collect and why, and is the controllerof its members’ data;FitSplit acts as a processoron that gym’s behalf. For data we collect for our own purposes (e.g. account security, platform analytics), FitSplit is the controller.
Questions, or to exercise your rights, contact us at fitsplit.in@gmail.com. Operator: FitSplit, India.
2. Data we collect
- Account & identity:name, username, mobile number, email, role, gym association, and an authentication secret (a hashed password or PIN — we never store it in plaintext).
- Health & fitness data: workouts, lift logs, body metrics (weight, body-fat), muscle/volume data, macros/nutrition, activity logs, injury notes, and coach notes. Some of this is health-related data, treated as a special category under GDPR Article 9 (see “Legal bases”).
- Attendance & location: gym check-in/out records and, where you enable it, approximate geolocation used solely to verify you are at the gym (geofencing).
- Membership & billing: packages, membership periods, and payment requests. FitSplit records membership status; it does not process card payments itself.
- Device & usage: a session cookie, push-notification token (if you opt in), and limited diagnostic/error data to keep the service secure and working.
3. How we use your data and our legal bases
We use personal data to:
- provide the workout, training, progress, and membership features you request — legal basis: performance of a contract;
- process and store health & fitness data, including injury notes — legal basis: your explicit consent (GDPR Art. 9(2)(a)), which you may withdraw at any time;
- secure accounts, prevent abuse, and operate the platform — legal basis: our legitimate interests;
- send service and (if you opt in) push notifications — legal basis: consent / legitimate interests;
- comply with legal obligations and resolve disputes — legal basis: legal obligation.
We do not use your data for automated decisions producing legal effects, and we do not sell your personal information.
6. International transfers
FitSplit is operated from India and uses Google Cloud regions (primary region asia-south1). Where data is transferred across borders, our providers rely on recognised safeguards such as the EU Standard Contractual Clauses. We take steps to ensure your data remains protected wherever it is processed.
7. How long we keep data
We keep personal data for as long as your account is active and as needed to provide the service. Deleted records are moved to a soft-delete archive and permanently purged after 60 days, unless a longer period is required by law. You can ask us to delete your data sooner (see your rights below).
8. How we protect data
We apply industry-standard safeguards: encrypted transport (HTTPS/HSTS), a strict Content Security Policy and security headers, role-based access controls enforced by Firestore and Storage security rules, multi-tenant isolation between gyms, hashed credentials, and login rate-limiting/lockout. No system is perfectly secure, but we work to protect your data and to respond promptly to any incident.
9. Your GDPR rights (EU/UK)
If the GDPR applies to you, you have the right to:
- access a copy of your data, and rectify inaccurate data;
- erase your data (“right to be forgotten”) and restrict processing;
- data portability — receive your data in a machine-readable format;
- object to processing based on legitimate interests;
- withdraw consent at any time (this does not affect prior processing);
- lodge a complaint with your local data-protection supervisory authority.
10. Your CCPA/CPRA rights (California)
If you are a California resident, you have the right to:
- know what personal information we collect and how it is used and disclosed;
- delete personal information we hold about you;
- correct inaccurate personal information;
- opt out of the “sale” or “sharing” of personal information — note we do not sell or share it;
- not be discriminated against for exercising your rights.
You may use an authorised agent to make a request on your behalf; we will verify the request before acting on it.
11. How to exercise your rights
Email fitsplit.in@gmail.com with your request. Members can also ask their gym’s owner to action many requests directly. We will respond within the timeframe required by applicable law (generally 30 days under the GDPR; 45 days under the CCPA), and may need to verify your identity first.
12. Children
FitSplit is not directed to children. We do not knowingly collect data from anyone under 16 (or the minimum age in your jurisdiction) without verifiable parental/guardian consent. If you believe a child has provided us data, contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide a more prominent notice. Continued use of FitSplit after an update means you accept the revised policy.
14. Contact us
For any privacy question or request, write to fitsplit.in@gmail.com. See also our Terms of Service and About page.