Fitsmith — Privacy Policy

Effective date: 4 October 2025
Last updated: 14 October 2025

1 · Who we are & territorial scope

Fitsmith (“App”) is developed and operated by Joshua Minzner (“we”, “us”, “our”).

Contact e‑mail: hello@fitsmith.app
Mailing address: 4502 Ditmars Blvd Apt 411, Astoria, NY 11105

Fitsmith is not intended for users located in the European Economic Area (EEA), the United Kingdom, Switzerland, Norway or Iceland.
Geofencing: Our App Store listing excludes those territories and our backend responds 403 Service unavailable in your region to EU/UK IP addresses. Use of the App from the EU/UK is prohibited and voids any licence.

2 · What the App does

Fitsmith lets you create custom running or fitness workouts for Apple Watch.
You describe a workout in free text; our service uses a large‑language model (LLM) to convert that description into a structured WorkoutKit plan.

3 · Data we collect

Category	Examples	Purpose	Retention
User Content	Workout description text (pseudonymised; never linked to ads or profiles)	① Build the workout plan ② Debug & improve the service (aggregate only)	30 days (our copy); OpenAI may retain longer under court-ordered legal hold—see § 4.
Sensitive data (fitness inference)	Target heart‑rate zones, pace goals (derived from User Content)	Provide service with user opt‑in consent	30 days
Diagnostics	Server logs, crash reports, performance metrics; IP address collected only in RAM for the geofence and discarded immediately (never written to disk)	Reliability & abuse prevention	30 days for device info; 0 for IP (discarded immediately)
Transaction Identifiers	`original_transaction_id` (SHA‑256 hashed)	Validate subscription; maintain consent audit trail	Up to 6 years
Payments	Apple receipt JWT (validated then discarded)	Free‑trial / subscription access	<24 h

4 · Where & how we process your data

Processor	Role	Region	Safeguards
OpenAI, L.L.C.	Converts workout text into a structured plan	USA	Account not enrolled in Zero-Data-Retention. By policy, OpenAI retains API inputs/outputs for up to 30 days for abuse monitoring; however, as of June 5, 2025, a court preservation order in ongoing litigation requires OpenAI to retain consumer ChatGPT and API content beyond 30 days under legal hold. Data under legal hold is isolated and not used for other purposes; only a small, audited OpenAI legal/security team may access it. When the order is lifted, OpenAI says it will revert to its standard retention.
Supabase Inc.	Stores crash/diagnostic logs (no IP)	USA	AES‑256 encryption at rest; TLS in transit.
Vercel Inc.	Hosts the Fitsmith API & static assets	USA	HTTPS / TLS 1.3; 30‑day log rotation (no client IP retained).
Langfuse GmbH	AI tracing dashboard (US‑only traffic)	USA	30‑day retention; disabled for non‑US IP addresses.

Apple HealthKit / WorkoutKit data is used solely to provide and debug the workout feature; we do not use HealthKit‑derived data for advertising, marketing, or data‑mining purposes, and never share it with third parties except to process your request or as required by law.

5 · Security, retention & breach notification

Mandatory HTTPS / TLS 1.3 for all traffic.
Least‑privilege IAM & audit logging.
Automatic deletion after the periods in § 3 except where we must retain to comply with law or where our processors are under legal hold (e.g., current OpenAI order).
Transaction IDs are hashed and stored separately from prompts.
Breach notice: If a breach of security compromises personal data, we will notify affected users in writing without undue delay and, where feasible, within 72 hours (e.g., Cal. Civ. Code § 1798.82, LGPD Art 48).

6 · Consent & controls

Explicit consent – The first time you tap “Structure Workout” a modal explains what data are sent to OpenAI (USA) and for how long. You must tap “Agree & Continue” before any data leave your device. No request is sent until you tap Agree.
Global Privacy Control & other UOOMs – Our API honours the GPC header and any future universal opt‑out mechanisms recognised by U.S. regulations, blocking prompt processing when detected.
Withdrawal (stop future processing) – Turn off Settings → Privacy → AI Processing. Fitsmith will no longer send workout descriptions off‑device.
Deletion (on request) – Email hello@fitsmith.app with any one of: the hashed Transaction ID (shown in‑app), the exact prompt text, or your App Store receipt. We will delete our copy and forward your request to OpenAI; OpenAI may be legally prohibited from deleting content while a court-ordered legal hold is in effect.

7 · U.S. state privacy rights (CCPA/CPRA, CPA, CTDPA, VCDPA, etc.)

Residents of California, Colorado, Connecticut, Utah, Virginia, Texas, Oregon, Minnesota, Maryland, Delaware, Iowa, Nebraska, New Hampshire, New Jersey and Tennessee have additional rights. You may, once every 12 months, exercise:

Access & portability – get a copy of personal data we hold.
Deletion – ask us to erase data unless an exemption applies.
Correction – fix inaccurate personal data.
Opt‑out of “selling” / “sharing” personal data (we do neither).
Opt‑out of targeted advertising & profiling (not used).
Appeal – if we decline your request, reply “APPEAL” within 60 days (or a shorter timeframe if your jurisdiction requires).

How to exercise: email hello@fitsmith.app with your hashed original_transaction_id (shown in‑app under Settings → Privacy). We will respond within 45 days (California: 30 days) and respect authenticated GPC or other recognised UOOM signals.

8 · Notice at collection (preceding 12 months)

Category	Source	Purpose	Shared/Sold	Retention
Identifiers (hashed transaction ID)	Apple receipt	Subscription, consent audit	No sale / No share	Up to 6 years
User Content (workout text)	User‑supplied	Build plan; debug service	OpenAI API (processor); processing occurs only after opt‑in consent (§ 6)	30 days
Sensitive data (fitness inference)	Derived	Provide service with user opt‑in consent	OpenAI API	30 days
Internet activity (transient IP)	Automatic	Geofence & abuse blocking	None	0 days (discarded immediately)
Internet activity (device info)	Automatic	Abuse, security logs	Vercel, Supabase	30 days

We do not sell or share personal data for cross‑context behavioural advertising. We do not use or disclose sensitive data for any secondary purpose.

9 · Other regional rights

Brazil LGPD – Processing relies on consent and legitimate interest. We keep copies of SCC‑style contracts for all processors handling Brazilian data. You may request access, deletion, correction, and review of automated decisions via the email above.
Canada PIPEDA – Personal data are stored in the United States. We observe the ten Fair Information Principles. Complaints may be filed with the Office of the Privacy Commissioner of Canada.
Australia Privacy Act (APPs) – You have the right to access and correct your data and complain to the OAIC; the App is offered from the U.S.
Singapore PDPA / South Africa POPIA / HK PDPO – You may request access, correction, or deletion via the same email route.

10 · Children’s privacy

Fitsmith is not directed to children under 13 and we do not knowingly collect personal data from children. Parents who believe we collected information from a child under 13 may email us and we will delete it within 10 days.
Users under 18 (or their guardians) may request deletion or opt‑out using the contact methods above, and we will comply without undue delay.

11 · Changes to this policy

We may update this policy when our data practices change. For material changes we will provide at least 15 days’ advance notice via an in‑app banner or email (where available). If we introduce EU availability, we will issue a new policy and capture fresh consent. The “Last updated” date will always reflect the current version.

12 · Contact

Email hello@fitsmith.app or write to the mailing address above to exercise any privacy right or ask a question.
We aim to respond within 45 days and no later than applicable law requires.

13 · Documentation on file

We maintain a written Data‑Protection Impact Assessment covering the processing of sensitive fitness data and automated decision‑making, as required by TX TDPSA, OR ODPA, MN MCDPA, and MD MCDPA.