Introduction

Welcome to RazFit. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our iOS application.

This policy applies to all users of the RazFit application, available on the Apple App Store for iOS devices.

Data Controller

The data controller responsible for your personal data is:

Elu Gonzalez

Email: support@razfit.app

For any questions regarding your personal data, please contact us at the email address above.

Data We Collect

We collect the following categories of personal data:

Profile Information

Username (chosen by you)
Age range (18-25, 26-35, 36-45, 46+)
Gender (optional)
Fitness goal (weight loss, muscle gain, stay active, improve health)
Fitness level (beginner, intermediate, advanced)

Usage and Activity Data

Completed workouts and exercises
Calories burned per session
Training duration and frequency
Achievement badges unlocked
Workout streaks and statistics
Favorite exercises

Preferences

AI avatar selection (Orion or Lyssa)
Language preference
Notification settings (days and times)

Technical Data

Device identifier
iOS version
App version

Subscription Data

Subscription payments are processed entirely by Apple through the App Store. We do not have access to your payment details (credit card, bank account, etc.). We only receive confirmation of your subscription status.

How We Use Your Data

We use your personal data for the following purposes:

To provide and maintain the RazFit service
To personalize your workout experience based on your goals and level
To track your progress and display statistics
To unlock achievements and badges based on your activity
To send workout reminders (only with your consent)
To improve our application and develop new features
To sync your workout data with Apple Health (with your permission)

Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

Consent

For sending notifications and accessing HealthKit data. You can withdraw consent at any time.

Contract Performance

To provide the RazFit service you have subscribed to, including workout tracking, statistics, and personalization.

Legitimate Interest

For technical data collection necessary to ensure app functionality and security.

Data Sharing

We share your data only with the following parties:

Supabase (Data Storage)

We use Supabase as our backend infrastructure to securely store your profile and activity data. Supabase complies with GDPR and implements industry-standard security measures.

Apple (Subscriptions and HealthKit)

Apple processes your subscription payments through the App Store. If you grant permission, your workout data is shared with Apple Health on your device.

We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

RazFit does not display third-party advertisements and does not share data with advertising networks.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). Supabase operates data centers in various locations. When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Data processing agreements with all service providers
Encryption of data in transit and at rest

Data Retention

We retain your personal data for as long as your account is active and you continue to use RazFit.

Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain certain information.

Subscription records may be retained for tax and legal compliance purposes for the period required by applicable law.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

Right to Data Portability

You can request your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at support@razfit.app. We will respond within 30 days.

Apple HealthKit Integration

RazFit integrates with Apple HealthKit to enhance your fitness experience. This integration is entirely optional and requires your explicit permission.

Data We Read from Health

Weight and height (for calorie calculations)
Date of birth (for personalized recommendations)
Active calories and steps (to show your overall activity)

Data We Write to Health

Completed workouts
Calories burned during RazFit sessions
Exercise minutes (contributing to your Activity rings)

HealthKit Data Privacy

HealthKit data remains on your device and is not uploaded to our servers
We never share HealthKit data with third parties
We do not use HealthKit data for advertising or marketing
You can revoke HealthKit access at any time in iOS Settings

AI-Powered Features

RazFit uses AI-powered virtual coaches (Orion and Lyssa) to personalize your workout experience.

These AI features are powered by Google Gemini. When you interact with our AI coaches, certain data may be processed by Google to generate personalized responses.

Data shared with Google Gemini includes:

Your fitness goals and preferences
Workout history and progress
Questions or prompts you submit to the AI coaches

By using the AI coach features, you explicitly consent to this data being processed by Google. You can opt out by not using the AI coach features.

For more information about how Google processes data, please review Google's Privacy Policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication and access controls
Regular security assessments of our infrastructure
Limited access to personal data on a need-to-know basis
Supabase's enterprise-grade security infrastructure

Children's Privacy

RazFit is designed for users aged 16 and older. We do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16, we will delete it promptly.

If you believe a child has provided us with personal data, please contact us at support@razfit.app.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or by other appropriate means.

We encourage you to review this policy periodically. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: support@razfit.app

We will respond to your request within 30 days, as required by GDPR.