Privacy Policy

Effective Date: January 1, 2026
Last Updated: October 29, 2025

Introduction

SHREY.FIT ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness coaching platform ("Service").

Please read this Privacy Policy carefully. By using our Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Name, email address, phone number
  • Date of birth, gender
  • Password (encrypted)

Profile Information:

  • Profile photo
  • Physical address
  • Emergency contact details
  • Medical notes and health information

Fitness Information:

  • Fitness goals and workout history
  • Progress measurements
  • Exercise performance data
  • Progress photos

Payment Information:

  • Credit card information (processed by Stripe, not stored by us)
  • Billing address and purchase history

1.2 Information We Collect Automatically

  • Usage data (pages visited, features used)
  • Device information (IP address, browser, OS)
  • Location information (approximate from IP)
  • Cookies and tracking technologies

2. How We Use Your Information

To Provide Our Service:

  • Create and manage your account
  • Process payments and subscriptions
  • Deliver customized workout programs
  • Track your progress
  • Enable communication with trainers

To Improve Our Service:

  • Analyze usage patterns
  • Identify bugs and issues
  • Develop new features
  • Conduct research and analytics

To Communicate With You:

  • Send workout reminders and progress updates
  • Provide customer support
  • Send administrative messages

4. How We Share Your Information

With Your Trainer

We share relevant information with your assigned trainer including:

  • Name and contact information
  • Fitness goals and progress
  • Medical information you provide
  • Emergency contact details

Service Providers

We share information with:

  • Stripe: Payment processing
  • Firebase/Google Cloud: Data storage and infrastructure
  • Analytics Providers: Usage analytics (anonymized)

✓ We will NEVER sell your personal information to third parties.

5. Your Privacy Rights

Right to Access

Request a copy of your personal data and review what information we have.

Right to Data Portability

Download your data in JSON format using the "Download My Data" feature in your profile.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data using the "Delete Account" feature. We will delete within 30 days.

Right to Object

Object to processing for marketing purposes. Opt out of marketing communications anytime.

6. Data Retention

Active Accounts

We retain your data while your account is active (profile, workouts, messages, etc.).

After Account Deletion

  • Personal data: Deleted within 30 days
  • Payment records: Retained for 7 years (legal requirement)
  • Aggregated data: May be retained indefinitely
  • Backup data: Deleted within 90 days

7. Data Security

We implement industry-standard security measures:

  • Encryption: TLS/SSL in transit, AES-256 at rest
  • Authentication: Secure Firebase Auth with password hashing
  • Access Controls: Limited employee access with permissions
  • Regular Audits: Security audits and updates

Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Privacy Rights by Region

European Union (GDPR)

If you are in the EU, you have rights under GDPR including:

  • Right to Access (Article 15)
  • Right to Rectification (Article 16)
  • Right to Erasure (Article 17)
  • Right to Data Portability (Article 20)

California (CCPA)

California residents have additional rights:

  • Right to Know what personal information is collected
  • Right to Delete your personal information
  • Right to Opt-Out of sale (we don't sell data)
  • Right to Non-Discrimination

Contact Us

For privacy-related questions or to exercise your rights:

Summary

What We Collect:

  • ✓ Account and profile information
  • ✓ Fitness and health data
  • ✓ Usage and device information
  • ✓ Payment info (via Stripe)

Your Rights:

  • ✓ Access your data
  • ✓ Download your data (JSON)
  • ✓ Delete your data
  • ✓ Opt out of marketing

Security:

  • ✓ Industry-standard encryption
  • ✓ Secure Firebase infrastructure
  • ✓ Regular security audits
  • ✓ Employee training

We Do NOT:

  • ✗ Sell your information
  • ✗ Share without consent
  • ✗ Use for unrelated purposes
  • ✗ Store credit cards ourselves

Last Updated: October 29, 2025

Version: 1.0

Terms of Service | Back to Home

📄 Full Privacy Policy Available

This page highlights key sections of our Privacy Policy. For the complete document, please see: docs/03-legal/privacy-policy.md