This Privacy Policy describes how Joydeep Paul ("we", "us") collects, uses, stores, discloses and protects your personal information when you use the FitMentor AI mobile/web application (the "Service"). This Policy is published in accordance with:
- The Information Technology Act, 2000;
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the "SPDI Rules");
- The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021;
- The Digital Personal Data Protection Act, 2023 (to the extent in force) (the "DPDP Act").
1. Information We Collect
(a) Information you provide
- Account data: name, email address, hashed password.
- Health & fitness data (Sensitive Personal Data): age, gender, height, weight, body-fat goal, fitness experience level, diet preference, sleep hours, water intake, mood, stress level, physical injuries, allergies, region/cuisine preference.
- Activity data: daily check-ins, workout completions, weight log entries, recovery sessions, chat conversations with the AI coach.
- User content: progress photos you choose to upload (stored in encrypted object storage), community posts.
- Payment data: we do not store card or banking credentials. Payment processors (such as Stripe and, where enabled, Razorpay) handle them under their own privacy policies and PCI-DSS compliance.
(b) Information collected automatically
- Device/browser type, IP address (truncated where possible), language, time zone.
- Service-usage logs (login events, API requests, error traces) for security and reliability.
- Local-storage data for UI preferences (e.g. trainer-voice mute state, completed grocery items). This data stays on your device.
2. Why We Collect It (Purposes)
- To create and authenticate your account.
- To generate personalised AI workout plans, diet plans, weekly reports and coaching responses.
- To track your progress, streaks, badges and tier progression.
- To process payments and manage subscriptions.
- To send transactional emails (e.g. email-verification OTPs, payment confirmations).
- To detect, prevent and respond to fraud, abuse or security incidents.
- To comply with legal obligations.
3. Sensitive Personal Data & Consent
Health, fitness and body-metric data qualify as "Sensitive Personal Data or Information" (SPDI) under Rule 3 of the SPDI Rules. By submitting such data through the onboarding wizard, check-in flow or chat, you provide your express, informed and free consent for us to collect and process it solely for the purposes listed in Section 2.
You may withdraw your consent at any time by writing to supportfitmentor@gmail.com. Withdrawal will result in account closure and deletion of personal data, save for records we are required to retain by law.
4. How We Share Information
We do not sell your personal information. We share it only with:
- AI service providers (OpenAI / Anthropic / Google) for the limited purpose of generating plans, chat replies and weekly reports. Inputs sent to these providers are minimised and do not include direct identifiers (e.g. email).
- Payment processors (Stripe; Razorpay where enabled) to charge subscriptions.
- Email delivery services (e.g. Resend) for transactional emails.
- Cloud infrastructure providers for hosting, database and object storage.
- Law-enforcement or government authorities when compelled by a valid legal process under Indian law.
5. Data Storage & Security
- Passwords are stored as bcrypt hashes — never in plaintext.
- Authentication uses signed JSON Web Tokens (JWT).
- Data in transit is protected via TLS / HTTPS.
- Database access is restricted to authenticated backend services.
- We follow "reasonable security practices and procedures" under Rule 8 of the SPDI Rules, broadly aligned with international standards such as ISO/IEC 27001.
6. Data Retention
We retain personal data for the duration your account is active and for a reasonable period thereafter for legal, audit or fraud-prevention purposes. Specifically:
- Account & profile data: until you delete your account.
- Workout / diet / check-in history: up to 24 months after last activity.
- Payment / invoice records: 8 years (as required under Indian tax law).
- Server logs & security events: up to 12 months.
7. Your Rights
You have the right to:
- Access the personal information we hold about you.
- Correct or update inaccurate data via your Profile page or by emailing us.
- Withdraw consent and request erasure of your data (subject to legal-retention exceptions).
- Receive a copy of your data in a portable, machine-readable format.
- Lodge a complaint with our Grievance Officer (Section 10) or the appropriate authority.
To exercise any of these rights, email supportfitmentor@gmail.com from your registered address. We will respond within thirty (30) days.
8. Cookies & Local Storage
The Service uses browser local storage to keep you logged in (JWT) and to persist UI preferences (trainer voice mute, theme, completed grocery items). We do not use third-party advertising cookies or cross-site tracking pixels. You may clear local storage at any time through your browser settings; doing so will sign you out.
9. Children
The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe we may have collected such data, please contact our Grievance Officer and we will delete it promptly.
10. Grievance Officer
Pursuant to Rule 5(9) of the SPDI Rules and Rule 3(2) of the IT (Intermediary Guidelines) Rules, 2021, our designated Grievance Officer is:
- Name: Joydeep Paul
- Designation: Grievance Officer
- Email: supportfitmentor@gmail.com
- Address: Shillong, Meghalaya, India
Complaints will be acknowledged within twenty-four (24) hours and resolved within fifteen (15) days from receipt.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. Continued use of the Service after the change constitutes acceptance of the revised Policy.
12. Contact
Privacy questions? Write to supportfitmentor@gmail.com.