Privacy Policy / Datenschutzerklärung

1. Controller & Data Protection Officer

Controller:
FitApp
[Your Address - to be added before public launch]
Switzerland

Data Protection Contact:
Email: privacy@fitapp.ch

2. Scope & Purpose

This Privacy Policy explains how FitApp collects, uses, stores, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swiss Federal Act on Data Protection (FADP).

3. Data We Collect

3.1 Account Data

• Username: For identification within the application
• Email address: For account creation, authentication, and communication
• Password: Stored as hashed value (PBKDF2, 150,000 iterations)
• Account creation date: For record keeping

3.2 Health Data (Special Category - Art. 9 GDPR)

• Body weight: Weight measurements over time
• Food intake: Meals, ingredients, calories, nutritional information
• Exercise data: Workout logs, duration, calories burned, distance
• Physical characteristics: Height, birthdate, sex
• Health goals: Target weight, activity level, dietary preferences

3.3 Technical Data

• IP address: For security and abuse prevention (retained 90 days)
• Browser type & version: For compatibility
• Device information: For session management
• Access logs: Page views, timestamps (retained 90 days)
• Session data: Authentication tokens, login timestamps

3.4 Security Data

• Login attempts: Failed/successful login records (retained 30 days)
• 2FA settings: If you enable two-factor authentication
• Activity logs: Account actions for security monitoring (retained 180 days)

3.5 Nutrition Label Scanning - Third Party Processing

What happens when you scan a nutrition label:

• Image Upload: Your photo of the nutrition label is compressed and sent to OpenAI's API
• AI Processing: OpenAI's GPT-4o-mini Vision model analyzes the image to extract nutrition values
• AI Training: OpenAI may use your images to improve their AI models (per Content Sharing Agreement)
• Data Location: Processing occurs on OpenAI servers in the United States
• Retention by OpenAI: Images are retained for 30 days, then automatically deleted
• No Storage by Us: We do NOT store nutrition label images on our servers

Third Party Processor:
OpenAI, L.L.C.
3180 18th Street
San Francisco, CA 94110
United States
Privacy Policy: openai.com/policies/privacy-policy

Your Control: This feature is entirely optional. You can always enter nutrition data manually without using the scanning feature. You will be asked for explicit consent once per browser session. You can revoke consent at any time by clearing your browser data.

4. Legal Basis for Processing (GDPR Art. 6 & 9)

• Art. 6 (1) b GDPR - Contract Performance:
  Processing of account data (username, email, password) is necessary to provide the service.
• Art. 9 (2) a GDPR - Explicit Consent:
  Processing of health data (weight, nutrition, exercise) is based on your explicit consent given during registration.
• Art. 6 (1) a GDPR - Consent for Third Party Processing:
  Processing of nutrition label images by OpenAI (USA) requires your separate, explicit consent once per browser session. You can decline at any time and use manual entry instead. Consent can be revoked by clearing browser data.
• Art. 6 (1) f GDPR - Legitimate Interest:
  Processing of technical data (IP, logs) for security, fraud prevention, and service improvement.

5. How We Use Your Data

• Service Provision: To provide fitness tracking functionality
• Calculations: To calculate BMR, TDEE, calorie balance, and progress statistics
• Personalization: To tailor the experience to your goals and preferences
• Security: To protect your account and detect abuse
• Communication: To send important service-related notifications (security alerts, policy changes)
• Legal Compliance: To comply with legal obligations

We do NOT:

• Sell your data to third parties
• Use your data for advertising
• Share your health data with anyone without your consent
• Use third-party analytics or tracking services

6. Data Storage & Location

Server Location: Your data is stored on secure servers located in:
• Primary: Germany (Falkenstein/Nürnberg)
• Provider: Hetzner Online GmbH

Hosting Provider:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Privacy Policy: www.hetzner.com/rechtliches/datenschutz

Data Transfer: Your account and health data are stored exclusively in the EU (Germany). However, if you choose to use the nutrition label scanning feature, images are temporarily processed by OpenAI Inc. in the United States (see Section 3.5). This requires your explicit consent for each scan.

7. Data Security Measures

We implement state-of-the-art technical and organizational measures:

• Encryption in Transit: TLS 1.3 (HTTPS) for all data transmission
• Encryption at Rest: Database encryption
• Password Security: PBKDF2 hashing with 150,000 iterations
• Two-Factor Authentication: Optional 2FA with TOTP
• Access Control: Role-based access, least privilege principle
• Rate Limiting: Protection against brute-force attacks
• Security Headers: HSTS, CSP, X-Frame-Options
• Regular Backups: Encrypted daily backups (30-day retention)
• Monitoring: Real-time security monitoring and logging
• Updates: Regular security patches and updates

8. Data Retention

After these periods, data is permanently and irreversibly deleted from all systems including backups. Nutrition label images sent to OpenAI are automatically deleted after 30 days per their retention policy.

9. Your Rights under GDPR

You have the following rights regarding your personal data:

To exercise your rights, contact:
Email: privacy@fitapp.ch
We will respond within 30 days.

10. Cookies & Local Storage

We use minimal browser storage for essential functionality only:

We do NOT use:

• Tracking cookies
• Advertising cookies
• Third-party analytics (e.g., Google Analytics)
• Social media pixels

11. Third-Party Services

FitApp does NOT use any third-party services for analytics, advertising, or tracking. All data processing occurs on our own servers.

We may share your data only in these exceptional cases:

• Legal Obligation: When required by law or court order
• Protection of Rights: To protect our rights, property, or safety
• With Your Consent: When you explicitly authorize sharing

12. Children's Privacy

If you believe we have collected data from a child under 16, please contact us immediately at privacy@fitapp.ch and we will delete it promptly.

13. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify the relevant supervisory authority within 72 hours (GDPR Art. 33)
• Notify affected users without undue delay if the breach poses a high risk (GDPR Art. 34)
• Provide information about the breach and remediation steps

14. Automated Decision-Making

FitApp does NOT use automated decision-making or profiling (GDPR Art. 22). All calculations (BMR, TDEE, etc.) are transparent mathematical formulas that you can review.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to your registered email address
• Prominent notice on the website
• Updated "Last Updated" date at the top of this policy

Continued use of the service after changes constitutes acceptance of the updated policy. If you do not agree with changes, please delete your account before they take effect.

16. Contact & Questions

For questions about this Privacy Policy or to exercise your rights:

17. Data Transfers & Third Countries

No Third Country Transfers:
We do NOT transfer any personal data to countries outside the EU/EEA/Switzerland. All data processing takes place exclusively within:

• Germany: Primary hosting and data storage (Hetzner Data Centers)
• Switzerland: Business operations and support

Both Germany and Switzerland provide adequate data protection levels recognized by the European Commission.