FITROX logoFITROXDownload now
← Back to home

Privacy Policy

Effective Date: April 27, 2026

Last Updated: April 27, 2026

This Privacy Policy explains how we ("we," "us," or "our") collect, use, store, share, and protect your information when you use our mobile application (the "App"). By using the App, you agree to the practices described below.

1. Information We Collect

a. Camera & Face / Body Data

The App uses your device camera together with on-device pose detection to count push-ups and provide form feedback.

  • Face and body landmark data (such as shoulder, elbow, and wrist positions) is processed in real time, on your device only.
  • We do not record, upload, transmit, or store any video, images, or biometric identifiers on our servers or with third parties.
  • This data is never used for advertising, identification, or profiling.

b. Microphone

If enabled, the microphone may be used for voice cues or in-workout audio features. Audio is processed on-device and is not recorded or transmitted.

c. Motion & Fitness Activity

With your permission, the App reads motion and fitness data (e.g., movement sensors) to improve push-up detection accuracy. This data stays on your device.

d. Account Information

If you sign in (e.g., with Apple or Google), we receive a unique user identifier and, where you choose to provide it, your name and email address.

e. Workout & Usage Data

We store your workout history, push-up counts, ranks, and session data so you can track progress across devices.

f. Diagnostics

We may collect anonymous crash logs and performance data to improve reliability.

2. How We Use Your Information

  • To provide core App functionality (push-up tracking, ranks, history).
  • To sync your progress across your devices.
  • To improve detection accuracy and overall App quality.
  • To respond to support requests.

We do not sell your personal data. We do not use your data for third-party advertising.

3. How We Store and Protect Your Information

  • Camera, face, body, and microphone data is processed locally on your device and is never uploaded.
  • Account and workout data is stored on secure servers protected by encryption in transit (TLS) and at rest.
  • Access to data is restricted to authorized personnel only.

4. Sharing of Information

We share information only with:

  • Service providers who help us operate the App (e.g., authentication, cloud storage, analytics) under strict confidentiality.
  • Legal authorities when required by law or to protect rights and safety.

We do not share face, body, camera, or microphone data with anyone.

5. Your Rights

Depending on your jurisdiction (including under GDPR and CCPA), you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Withdraw consent or restrict processing.
  • Export your data in a portable format.
  • Lodge a complaint with a data protection authority.

You can revoke camera, microphone, and Motion & Fitness permissions at any time in iOS Settings → Privacy.

To delete your account and associated data, contact us using the email below.

6. Children's Privacy

The App is not directed to children under 13 (or the equivalent minimum age in your country). We do not knowingly collect personal information from children.

7. Data Retention

We keep account and workout data for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

8. International Transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version in the App and update the "Last Updated" date above. Material changes will be communicated through the App.

11. App Privacy Summary

This app is designed with privacy as a core principle. Here's exactly what we do and don't do with your data.

On-Device AI Processing

  • All AI features — including pose detection, shadowboxing tracking, and push-up counting — run entirely on-device using Apple's Vision framework (VNDetectHumanBodyPoseRequest).
  • No camera frames, images, video, or pose data are ever transmitted off the device.
  • No user data is sent to any third-party AI service. We do not use OpenAI, Anthropic, Google AI, or any other third-party AI provider.

Data We Upload to Our Backend (Firebase)

We use Google Firebase (Authentication, Firestore, Storage) as our sole backend. The only data uploaded is:

  • Account info: email address, display name, and profile photo (if you choose to add one).
  • Workout results: aggregate session statistics (score, duration, hit counts, accuracy %, calories, streaks, difficulty, timestamp).

We do not upload: camera footage, raw pose landmarks, biometric data, contacts, location, or device identifiers for tracking.

Third Parties

  • Google Firebase — backend storage and authentication only. Firebase is bound by Google's data processing terms, which provide equivalent privacy protections.
  • RevenueCat — subscription management only (purchase receipts, no personal data).
  • No third-party AI services are used.

In-App Consent

Before any AI-powered session (shadowboxing or push-up tracking) begins, users see a dedicated consent screen that:

  • Explains that AI runs locally on-device using Apple's Vision framework.
  • Confirms no data is sent to any third-party AI service.
  • Lists exactly what is uploaded to Firebase (account info + workout results).
  • Requires the user to tap Allow before proceeding.
  • Offers a path to use the app without AI features if declined.

Per-Data-Type Declarations

The following data types are declared in App Store Connect as Collected → Linked to User → Not used for tracking:

Data TypePurposeLinkedTracking
Email AddressApp Functionality, Account ManagementYesNo
NameApp FunctionalityYesNo
Photos (profile only, user-selected)App FunctionalityYesNo
Other User Content (workout stats)App Functionality, AnalyticsYesNo
Purchase HistoryApp Functionality (RevenueCat)YesNo

We do not collect: Camera, Health & Fitness data sent off-device, Contacts, Location, Sensitive Info, Browsing History, Search History, Device ID for tracking, or any AI-service-related categories.

App Review Notes

Per Guideline 5.1.1(i) and 5.1.2(i): this app does not send any user data to any third-party AI service. All AI features (pose detection for shadowboxing and push-up tracking) run entirely on-device using Apple's Vision framework (VNDetectHumanBodyPoseRequest). Camera frames never leave the device.

The only backend is Google Firebase, which stores account info (email, display name, optional profile photo) and aggregate workout results (scores, durations, counts).

Before any AI session, users see a dedicated in-app consent screen that discloses exactly what data is processed, where it stays (on-device), and what is uploaded to Firebase. Users must tap "Allow" to proceed; declining offers non-AI alternatives.

The in-app Privacy Policy, the in-app AI consent screen, and this App Store privacy declaration are fully aligned.

In-App Privacy Policy Alignment

  • ✅ AI runs on-device via Apple Vision — no third-party AI.
  • ✅ Firebase is the sole backend (Auth + Firestore + Storage).
  • ✅ Only account info and workout results are uploaded.
  • ✅ No camera frames, images, or raw pose data leave the device.
  • ✅ Consent required before AI sessions; decline path available.
  • ✅ All Supabase/AWS references removed.

All three surfaces — App Store privacy section, in-app Privacy Policy, and AI Consent screen — tell the same story.

12. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or your data, contact:

Email: mohammadfaisalrezai10@gmail.com