FitKarta

Legal

Privacy Policy

Effective Date: Feb 7, 2026 | Last Updated: Feb 7, 2026

Introduction & Our Commitment

At FitKarta, your trust is everything. We built this platform to help you become the best version of yourself — and that starts with being completely transparent about how we handle the personal and health data you share with us.

This Privacy Policy describes exactly what data we collect, why we collect it, how long we keep it, who can access it, and what rights you have over it. We don't use vague corporate language here: everything is written plainly so you always know where you stand.

Information We Collect

1. Account & Identity Data

When you register, we collect information that identifies you and allows us to personalise your experience:

  • Full name and display name
  • Email address and phone number
  • Date of birth and gender
  • Profile photo (optional)
  • Country and preferred language

2. Health & Body Metrics

Your fitness journey is deeply personal. To deliver accurate, adaptive plans, we need — and carefully protect — the following health data:

  • Height, weight, and body measurements (waist, hips, chest, etc.)
  • BMI, body fat percentage, and muscle mass estimates
  • Resting heart rate, blood pressure (manual entry)
  • Fitness level, physical limitations, or injury history
  • Declared health conditions relevant to exercise (e.g., hypertension, diabetes)
  • Dietary preferences, allergies, and intolerances
  • Daily caloric targets and macro goals

Health data is stored in encrypted form and never sold. Access is strictly limited to services necessary to power your personalised plans.

3. Fitness Activity & Workout Data

  • Workout logs — exercises performed, sets, reps, weights, duration
  • Daily step count and active minutes
  • Cardio sessions: distance, pace, heart rate zones
  • Rest and recovery metrics
  • Habit check-ins and streak data
  • Progress photos (stored securely, never shared)
  • Custom exercises and personal bests (PRs)

4. Sleep & Wellness Data

  • Sleep duration, sleep onset time, and wake time
  • Sleep quality scores and stages (where available)
  • Stress and mood self-assessments
  • Hydration intake logs
  • Energy level ratings

5. Menstrual Cycle & Hormonal Data

Our cycle-aware training adapts your workouts and nutrition across your four cycle phases. To do this accurately:

  • Period start and end dates, cycle length
  • Symptom logs (cramps, bloating, mood, energy)
  • Ovulation tracking (optional)
  • Irregularity notes

Menstrual and reproductive health data is among the most sensitive data we handle. It is encrypted at rest and in transit, never shared with advertisers, and access is limited to your account and the AI systems that generate your personalised plans.

6. Third-Party Health Platform Data

With your explicit permission, we integrate with:

  • Apple Health (iOS) — steps, workouts, heart rate, sleep, body metrics
  • Google Fit (Android) — activity data, heart rate, workouts
  • Wearable devices — Fitbit, Garmin, Whoop (where supported)

You can revoke these integrations at any time from your app settings. Revoking access stops future data sync but does not automatically delete previously imported data unless you request deletion.

7. Device & Technical Data

  • Device type, model, OS version, app version
  • IP address (used for security; not stored permanently)
  • Session metadata — login timestamps, session duration
  • Crash reports and diagnostic logs (anonymised)
  • Push notification tokens (for reminders)

8. Location Data

Location is only accessed when you explicitly grant permission — for features like outdoor route tracking during runs or walks. We never access your location in the background without your knowledge.

How We Use Your Information

Core Service Delivery

  • Create, maintain, and secure your account
  • Generate personalised workout and nutrition plans tailored to your goals
  • Power the AI coach — adapting plans based on your progress, recovery, and feedback
  • Track your fitness journey and calculate meaningful progress metrics
  • Send workout reminders, habit nudges, and goal alerts
  • Sync data across your devices

AI & Machine Learning

Our AI engine analyses patterns in your workout performance, sleep quality, nutrition adherence, cycle phases, and recovery metrics to continuously refine and improve your plans. This processing happens on secure servers and is governed by strict data minimisation principles — we only use what's necessary to generate useful insights.

Communication

  • Transactional emails — account registration, subscription confirmations, receipts
  • In-app notifications — workout reminders, streak achievements, goal milestones
  • Product updates — new features or important changes (opt-out available)
  • Support communications — responses to your queries or reports

Safety & Security

  • Detect and prevent fraudulent or unauthorised activity
  • Enforce our Terms & Conditions
  • Respond to legal obligations
  • Maintain the integrity and security of our systems

Analytics & Improvement

We use aggregated and anonymised data to understand how users interact with FitKarta, identify features that need improvement, and develop new capabilities. This analysis never involves personally identifiable information in its output.

Data Sharing & Third Parties

We do NOT sell, rent, or trade your personal data. Ever.

When We May Share Data

  • Service providers — cloud hosting (AWS/GCP), analytics tools, email delivery platforms. All are contractually bound to confidentiality.
  • Health platforms — Apple Health and Google Fit sync is bi-directional only with your active consent.
  • Personal trainers — if you subscribe to a trainer plan, your workout history, goals, and body metrics are shared with your assigned trainer only.
  • Payment processors — billing information (credit card details) is handled exclusively by Razorpay/Stripe and never stored on our servers.
  • Legal authorities — only when required by a valid legal order, court subpoena, or to protect the rights and safety of our users.
  • Business transfers — in the event of a merger, acquisition, or sale, user data may be transferred. You will be notified in advance.

Aggregate & Anonymised Data

We may share aggregate statistics (e.g., “70% of FitKarta users who track sleep improve workout performance in 4 weeks”) publicly or with partners. This data cannot be used to identify any individual.

Data Security

Protecting your health and personal data is a core engineering priority — not an afterthought. Here's what we implement:

  • AES-256 Encryption: All data stored at rest is encrypted using AES-256.
  • TLS in Transit: All data in transit is protected by TLS 1.3.
  • Access Controls: Strict role-based access controls limit who can see what.
  • Regular Audits: Periodic security audits and penetration testing.
  • MFA Support: Multi-factor authentication available on all accounts.
  • Breach Notification: You will be notified within 72 hours of any confirmed breach.

No digital system is 100% impenetrable. While we take every reasonable measure, we encourage you to use a strong, unique password and enable MFA for maximum account security.

Data Retention

We keep your data only as long as your account is active or as required to provide services and comply with our legal obligations:

  • Active account data — Retained indefinitely while your account is active
  • Deleted account data — Purged within 30 days of verified deletion request
  • Workout & health logs — Retained for your account lifetime; deleted with account
  • Payment records — Retained 7 years for tax and legal compliance
  • Security & audit logs — Retained 90 days, then anonymised
  • Support tickets — Retained 2 years from last activity

Your Privacy Rights

You have full control over your data. Here's what you can do at any time:

  • Access Your Data — Request a complete export of all data we hold about you.
  • Data Portability — Download your data in a machine-readable format (JSON/CSV).
  • Correct Your Data — Update or correct any inaccurate personal information.
  • Delete Your Account — Request full deletion of your account and all associated data.
  • Opt-Out — Unsubscribe from marketing emails and disable push notifications.
  • Revoke Health Access — Disconnect Apple Health, Google Fit, or wearable integrations.

To exercise any of these rights, email us at admin@fitkarta.com. We will respond within 30 days.

Children's Privacy

FitKarta is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us immediately at admin@fitkarta.com and we will promptly delete the account and all associated data.

Users aged 13–17 must have verifiable parental or guardian consent before creating an account. By registering, a minor's parent or guardian confirms they have reviewed and accepted these terms on the minor's behalf.

International Data Transfers

FitKarta is based in India and your data is primarily processed and stored on servers located in India. If you access our services from outside India, your data may be transferred to and processed in India. We take steps to ensure your data receives an equivalent level of protection regardless of where it is processed.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Post the updated policy on this page with a new “Last Updated” date
  • Send you an in-app notification at least 14 days before the changes take effect
  • For significant changes, email you directly

Your continued use of FitKarta after the effective date constitutes your acceptance of the updated policy.

Contact & Data Protection Officer

If you have any questions, concerns, or requests about this Privacy Policy or your data, please reach out:

admin@fitkarta.com
fitkarta.com/privacy