Privacy Policy

Last updated: February 2026

This Privacy Policy describes how FitGlue ("we", "us", or "our") collects, uses, and protects information about you when you use our website, web application, mobile application, and related services (collectively, the "Service"). We are committed to protecting your privacy and being transparent about our data practices.

Our Commitment to You

We will never sell, rent, or trade your personal data to anyone. Your fitness and health data belongs to you, and we only access it with your explicit permission to provide the services you have requested.

Information We Collect

We collect information you provide directly to us, such as when you create an account, connect a fitness platform, upload a file, or contact us for support. We collect only the minimum data necessary to provide the Service.

Account Information

Email address and authentication credentials, managed securely through Firebase Authentication.

Fitness & Workout Data

Workout data from connected platforms (such as Hevy, Strava, Fitbit, Garmin, TrainingPeaks, Intervals.icu, and others) that you explicitly authorise us to access. This may include exercise type, duration, sets, reps, weights, and performance metrics.

Health & Biometric Data

When you connect a wearable device or health platform, we may access health data including heart rate, training zones, and calorie estimates. This data may originate from:

• Apple HealthKit (via our iOS app)
• Google Health Connect (via our Android app)
• Fitbit (via API connection)
• FIT file uploads (from Garmin and other devices)

We access this data solely to enrich your activities with training insights. We never use health data for advertising, data mining, or any purpose beyond providing the Service.

GPS & Location Data

Route, elevation, and coordinate data from activities (via connected platforms, FIT file uploads, or mobile health sync). This data is used to provide location context, elevation profiles, and weather enrichment for your activities.

Uploaded Files

Files you upload to the Service, such as FIT files from fitness devices. These are processed to extract activity data and are stored securely in our infrastructure.

Subscription & Billing Data

If you subscribe to a paid plan, billing is handled by Stripe. We do not store your credit card details. We receive only basic subscription status information (plan type, billing period, subscription state) from Stripe.

Push Notification Tokens

If you enable push notifications, we collect a device token via Firebase Cloud Messaging (FCM) to deliver notifications about your activity processing. These tokens contain no personal information.

Usage Data

Basic information about how you use our Service, and error reporting data via Sentry to help us identify and fix issues.

How We Use Your Information

We use the information we collect solely to:

• Provide, maintain, and improve our services
• Process and sync your fitness data between the platforms you connect
• Enhance your activities with additional insights (boosters) such as heart rate zones, weather context, personal records, and AI-generated descriptions
• Generate Showcase pages when you choose to share an activity publicly
• Send you push notifications about activity processing status
• Send you essential technical notices and support messages
• Respond to your comments and questions

We do not use your data for advertising, profiling, or any purpose beyond providing the Service.

Showcase & Publicly Shared Content

When you create a Showcase page for an activity, the enriched activity data for that specific activity is made publicly accessible via a unique URL. This may include workout details, heart rate data, maps, and other enrichments. You control which activities are shared, and you can remove a Showcase page at any time.

Data Sharing & Third Parties

We share your fitness data only with the platforms you explicitly connect and authorise through FitGlue. We do not:

• Sell your personal information to anyone, ever
• Share your data with advertisers
• Use your data for marketing purposes without consent
• Access your data beyond what is necessary to provide the Service

Sub-processors

We use the following third-party services to operate FitGlue:

• Google Cloud Platform: Infrastructure hosting, data storage (Firestore, Cloud Storage), and serverless compute
• Firebase: Authentication and push notifications
• Stripe: Subscription billing and payment processing
• Sentry: Error monitoring and performance tracking

Each sub-processor is bound by their own privacy policies and data protection commitments.

Data Security

We implement robust technical and organisational measures to protect your data, including encryption in transit and at rest, hashed API keys, and strict access controls. For full details, see our Data Security page.

Data Retention

We retain your data only for as long as necessary to provide our services. When you disconnect an integration, all associated connection data (tokens, credentials, and metadata) is immediately and permanently deleted. When you delete your account, we remove all associated data from our systems within 30 days.

Your Rights (GDPR & Data Protection)

If you are in the European Economic Area (EEA) or United Kingdom, you have specific rights under GDPR and the UK Data Protection Act 2018:

• Right of Access: You can request a copy of all personal data we hold about you (Subject Access Request)
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure (Right to be Forgotten): You can request deletion of your personal data at any time
• Right to Data Portability: You can request your data in a machine-readable format
• Right to Restrict Processing: You can request we limit how we use your data
• Right to Object: You can object to certain types of processing

To exercise any of these rights, please contact us at privacy@fitglue.tech. We will respond to all requests within 30 days.

Account Deletion

You can disconnect any integration and delete your account at any time from within the application. Upon account deletion:

• All associated fitness and health data is permanently deleted
• All integration credentials are deleted from our systems
• All API keys are destroyed
• Your account information is removed from our systems

Health Data

FitGlue accesses health data from Apple HealthKit and Google Health Connect. In accordance with the requirements of both platforms:

• Health data is never used for advertising or data mining
• Health data is not stored in iCloud
• Health data is accessed only with your explicit permission
• We never write false or inaccurate data to HealthKit or Health Connect
• Push notifications never contain sensitive health information

For more detail on our health data handling, see our Data Security page.

Children's Privacy

FitGlue is not intended for children under 16 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us at privacy@fitglue.tech.