FitStreak Logo
FITSTREAK
Legal Center

Privacy Policy

Last updated: December 16, 2025

Version: 1.0

Have questions?

If you have any questions regarding this policy, our legal team is ready to assist you.

Contact Support

INTRODUCTION SECTION

FitStreak ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the FitStreak mobile application ("App") and our website (collectively, the "Services").

This policy applies to all users of FitStreak and is designed to comply with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), India's Digital Personal Data Protection Act (DPDPA), and Google Play Store policies.

Please read this policy carefully. By using FitStreak, you agree to the collection and use of your information as described in this Privacy Policy. If you disagree with any part of this policy, please discontinue use of our Services.

Medical Disclaimer: FitStreak is a fitness and wellness application and is not a medical device or clinical tool. The information and data within FitStreak are not intended to diagnose, treat, cure, or prevent any disease. Always consult a qualified healthcare professional for medical advice.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

When you create an account or use FitStreak, you may provide us with:

Account Information

  • Full name
  • Email address
  • Password (stored in encrypted form — we never store passwords in plain text)
  • Profile photo (optional, uploaded by you)
  • Referral code (optional, used to link referrals)

Profile & Fitness Metrics (Collected during onboarding; used only to personalize your experience)

  • Gender
  • Date of birth (to calculate age-appropriate fitness insights)
  • Height (in cm or ft/in)
  • Body weight (in kg or lbs)
  • Daily step goal

Reward Claim Information (Collected only when you win an event and choose to claim a prize)

  • Email address (for all reward types)
  • Phone number (for physical reward delivery)
  • Mailing address (for physical reward delivery)

1.2 Information We Collect Automatically

Health & Fitness Data (With your explicit permission)

FitStreak integrates with Android Health Connect to read and write the following data:

  • Steps (daily count, historical up to 30 days)
  • Distance traveled (calculated locally from steps, not read from Health Connect)
  • Calories burned (calculated locally from steps)
  • Active minutes (calculated locally from steps)

This data is used solely to power your streak tracking, leaderboard participation, progress charts, and green energy feature. We request only the minimum permissions necessary.

Physical Activity & Sensor Data (Background step counting)

FitStreak requests access to your physical activity data via the android.permission.ACTIVITY_RECOGNITION permission. We use this permission alongside your device's built-in motion sensors (e.g., TYPE_STEP_COUNTER) to detect your physical movement and count your steps, even when the App is closed or running in the background. This physical activity data is collected and used strictly to:

  • Accurately track your daily step counts and maintain your fitness streaks.
  • Calculate related metrics (such as active minutes and distance traveled).
  • Update your progress on virtual event leaderboards.
  • Write step records locally to Health Connect on your device.

We explicitly confirm that your physical activity data is never sold to third parties and is never used for advertising purposes.

Device & Usage Information

  • Device platform (Android)
  • Device model (sent alongside health sync requests for debugging)
  • Network connection status (to queue data syncs when offline)
  • App usage logs (anonymized crash reports and performance data)

Push Notification Token

  • Firebase Cloud Messaging (FCM) device token, used only to send you app notifications (streak reminders, event announcements, rewards). We do not use this token for marketing purposes without your consent.

1.3 Information From Third Parties

Google Sign-In
If you choose to sign in with Google, we receive the following from Google:

  • Your name
  • Email address
  • Google profile picture URL

We do not receive your Google password. Your use of Google Sign-In is also governed by Google's Privacy Policy.


2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • Create and manage your account — We use your name, email, and password to set up and secure your account. (Legal basis: Contract performance)
  • Personalize your fitness experience — We use your gender, date of birth, height, weight, and step goal to tailor recommendations. (Legal basis: Contract performance)
  • Track daily steps and streaks — Step data from your sensor and Health Connect powers your streak and activity tracking. (Legal basis: Contract performance)
  • Display progress charts and analytics — Historical step data is used to generate your weekly and monthly charts. (Legal basis: Contract performance)
  • Power the Green Energy feature — Your daily steps and coin balance are used to calculate your green energy contribution. (Legal basis: Contract performance)
  • Enable virtual event participation and leaderboards — Your step count and profile are used to track your event progress and rank. (Legal basis: Contract performance)
  • Award badges and in-app rewards — Step milestones and streak data are used to unlock achievements. (Legal basis: Contract performance)
  • Send push notifications — Your FCM device token is used to deliver streak reminders and event updates. (Legal basis: Consent — can be revoked at any time)
  • Process reward claims — Your email, phone, and address are used solely to deliver prize rewards when you win an event. (Legal basis: Contract performance)
  • Improve our Services — Anonymized, aggregated usage data helps us identify bugs and improve the app. (Legal basis: Legitimate interests)
  • Comply with legal obligations — We may process data as required by applicable law. (Legal basis: Legal obligation)
  • Prevent fraud and abuse — Account and activity data may be used to detect and prevent misuse. (Legal basis: Legitimate interests)

We do not use your health data for advertising purposes. We do not sell your health data to any third party. We do not use your health data to infer sensitive characteristics unrelated to fitness.


3. HOW WE STORE YOUR INFORMATION

3.1 Data Storage

Your data is stored on secure servers. Health and step data synced to our backend is stored in encrypted databases with access controls. Authentication tokens are stored securely on your device using expo-secure-store (iOS Keychain / Android Keystore).

Non-sensitive preferences and session state are stored using AsyncStorage on your device.

3.2 Data Retention

  • Account data — Retained until you delete your account
  • Health & step data — Retained for up to 2 years, or until account deletion (whichever comes first)
  • Reward claim data — Retained for up to 5 years for legal and compliance purposes
  • Notification tokens — Retained until you uninstall the app or log out
  • Anonymized analytics — Retained for up to 3 years

You may request deletion of your data at any time (see Section 7).


4. HEALTH DATA — SPECIAL NOTICE

FitStreak accesses health and fitness data through Android Health Connect. In compliance with Google's Health Connect policy:

  • We access only step-related data (read and write)
  • We do not access medical records, diagnoses, lab results, medications, or any clinical health data
  • Step data stored in Health Connect on your device remains under your control in the Health Connect app
  • You can revoke Health Connect permissions at any time through Settings → Health Connect → App Permissions → FitStreak
  • We do not share your Health Connect data with third parties except as described in Section 5
  • Your health data is never used for advertising, profiling, or sold to data brokers

We comply with the Health Connect Permissions Policy.


5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information, including your health and physical activity data. We may share your information in the following limited circumstances:

5.1 Service Providers (Data Processors)

We work with trusted third-party service providers who process data on our behalf:

  • Cloud Infrastructure — Provider: Railway — Purpose: Hosting our backend servers — Data shared: Account and health data
  • Authentication — Provider: Google (Firebase Auth) — Purpose: Secure sign-in services — Data shared: Email address and name
  • Push Notifications — Provider: Google (Firebase Cloud Messaging) — Purpose: Delivery of in-app notifications — Data shared: FCM device token only

All service providers are contractually obligated to protect your data and may only use it for the specified purpose.

5.2 Public Leaderboard Data

If you participate in a virtual event, your display name and step count will appear on public event leaderboards visible to other participants. You can choose a display name that does not identify you.

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of FitStreak, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email or in-app notification before your data becomes subject to a different privacy policy.


6. PERMISSIONS WE REQUEST

The following permissions are requested by the FitStreak app:

  • Physical Activity (Activity Recognition) — Required to detect your physical movement and count your steps using the device's built-in motion sensor, even when the app is running in the background.
  • Foreground Service (Health) — Allows step counting to continue in the background with a visible notification, so you never miss steps.
  • Health Connect: Read Steps — Reads your step data from the Health Connect app to display accurate progress.
  • Health Connect: Write Steps — Writes your step data to Health Connect so it stays in sync with other health apps.
  • Receive Boot Completed — Restarts background step tracking automatically after your device reboots.
  • Ignore Battery Optimizations — Prevents Android from stopping the step-tracking service to ensure step counts remain accurate.
  • Read Media Images — Allows you to select a photo from your gallery to use as your profile picture (optional).
  • Internet Access — Required to sync your step data, streaks, and events with our servers.
  • Post Notifications — Enables push notifications for streak reminders, event updates, and reward alerts (optional, can be disabled at any time).

All permissions are optional where technically possible. Denying optional permissions (e.g., notifications, media images) will not prevent core functionality.


7. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights regarding your personal data:

7.1 All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data
  • Portability: Receive your data in a machine-readable format
  • Withdraw Consent: Withdraw consent for push notifications at any time in device Settings → Notifications → FitStreak
  • Health Data: Revoke Health Connect permissions at any time in Health Connect Settings

7.2 EEA / UK Users (GDPR)

You have additional rights including the right to object to processing, restrict processing, and lodge a complaint with your local data protection authority.

7.3 California Residents (CCPA)

You have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. We do not sell your personal information.

7.4 How to Exercise Your Rights

To exercise any of these rights, contact us at support@fitstreak.fit. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

To delete your account, you may also use the In-App Account Deletion option located in Settings → Account → Delete Account.


8. CHILDREN'S PRIVACY

FitStreak is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@fitstreak.fit and we will delete that information promptly.


9. SECURITY

We implement industry-standard technical and organizational measures to protect your information, including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage for authentication tokens (device Keystore/Keychain)
  • Access controls and role-based permissions on our backend systems
  • Regular security assessments

However, no method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.


10. COOKIES AND TRACKING ON OUR WEBSITE

Our website (fitstreakapp.com and associated pages) may use cookies and similar tracking technologies:

  • Essential Cookies — Required for the website to function correctly (e.g., managing your session and keeping you logged in)
  • Analytics Cookies — Help us understand how visitors use our website so we can improve it (e.g., Google Analytics with anonymized IPs)
  • Preference Cookies — Remember your settings and preferences between visits (e.g., dark mode, language)

You can control cookies through your browser settings. Disabling cookies may affect some website functionality.


11. THIRD-PARTY LINKS

Our App and website may contain links to third-party websites or services (e.g., reward claim partners, app stores). We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.


12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Displaying a prominent notice in the App
  • Sending a push notification (if notifications are enabled)
  • Updating the "Last Updated" date at the top of this page

Your continued use of FitStreak after the effective date of the revised policy constitutes your acceptance of the changes.


13. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

FitStreak
Email: support@fitstreak.fit
Address: Surat, Gujarat, India

We aim to respond to all privacy-related inquiries within 30 days.


14. GOVERNING LAW

This Privacy Policy is governed by the laws of the Republic of India. Any disputes arising from this policy shall be resolved in the courts of Surat, Gujarat.