Privacy Policy
Effective date: May 20, 2026 · Version 1.0
Available in: English
SimpleFit ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and what rights you have under the Lei Geral de Proteção de Dados (LGPD) — Brazilian Law No. 13,709/2018 — and the General Data Protection Regulation (GDPR) for users in the European Union.
Plain summary: We do not sell your data. We do not share your data with advertisers. Only your linked fitness professional can see your personal progress data — and only while that link is active.
1. Who We Are
SimpleFit is a health and fitness tracking platform. We act as the data controller for personal data you provide directly to us.
Data Controller: SimpleFit
Website: simplefit.me
Contact: privacy@simplefit.me
Data Protection Officer (DPO): John Doe — privacy@simplefit.me
2. Data We Collect
2.1 Data You Provide
When you use SimpleFit, you may provide:
- Profile information: name, email address, date of birth, height, weight, fitness goals
- Workout logs: exercises performed, sets, reps, and weight lifted per session
- Meal completion status: which prescribed meals you checked off each day
- Water intake: number of glasses logged per day
- Sleep data: nightly rest rating or checklist completion
- Supplement and medication checklist: daily completion status for prescribed items
2.2 Data Added by Your Professional
If you are linked to a fitness professional on SimpleFit, they may add:
- Body measurements: weight, body fat percentage, body circumferences
- Assigned workout plans: exercises, sets, reps, rest periods, and technique notes
- Assigned nutrition plans: prescribed meals, macronutrient targets, hydration goals, supplement schedules
- Professional observations and notes about your progress
2.3 Data Collected Automatically
When you use the app, we automatically collect:
- Firebase Analytics events: screen views, feature usage patterns (anonymised)
- Firebase Crashlytics reports: crash logs and diagnostic data to improve stability
- Device information: device type, operating system version
- App version
We do not use cookies or web tracking technologies beyond Firebase Analytics on our web properties.
3. How We Store Your Data
Your data is stored in Firebase (Firestore database and Firebase Authentication), operated by Google LLC under Google Cloud infrastructure. Firebase acts as our data processor, not a data recipient.
Storage region: Your data is stored in Brazil, using Google Cloud infrastructure (Firebase / Google LLC). All data at rest resides within Brazil.
Data is protected by Firebase's built-in security rules, and access requires authenticated sessions. We do not store passwords — authentication is handled via Firebase Authentication using secure industry-standard methods.
4. How We Share Your Data
No third-party sharing.
We do not sell, rent, or share your personal data with advertisers, data brokers, or any third parties for commercial purposes. We do not use advertising SDKs.
Your linked professional: If you accept an invitation from a fitness professional on SimpleFit, that professional can view your workout logs, meal completion status, body measurements, and compliance metrics — the data necessary to provide their service. This access is revoked immediately when you remove the professional link or deactivate your account.
Firebase / Google Cloud: As described above, Firebase processes your data as a subprocessor on our behalf, under Google's data processing agreements. This is a technical necessity for service delivery, not a data sale or third-party disclosure.
Legal requirement: We may disclose data if required to do so by applicable law, court order, or regulatory authority.
5. Your Rights
Under LGPD (Art. 18) and GDPR (Art. 15–20), you have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten)
Request deletion of your personal data. You can deactivate your account in-app; full data deletion occurs 30 days after deactivation.
Right to Data Portability
Request a copy of your personal data in PDF report format. Self-service export is not yet available. Contact privacy@simplefit.me to submit a portability request.
Right to Withdraw Consent
You may withdraw consent at any time by deactivating your account. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to Object / Restriction
Request restriction of processing or object to specific processing activities.
Right to Anonymization
Request anonymization of personal data that is unnecessary, excessive, or processed in non-compliance with LGPD.
To exercise any of these rights, contact us at privacy@simplefit.me. We will respond within 15 business days (LGPD) or 30 calendar days (GDPR).
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Retained while your account is active |
| Deactivated account data | Retained for 30 days after deactivation, then permanently deleted |
| Crash logs (Crashlytics) | 90 days (Firebase Crashlytics default) |
| Analytics events | 14 months (Firebase Analytics default, anonymised) |
7. Age Restriction
SimpleFit is restricted to users aged 16 and older. We do not knowingly collect personal data from users under 16. If we become aware that a user under 16 has registered, we will terminate the account and delete all associated data without delay.
If you believe a person under 16 has created an account, please contact us at privacy@simplefit.me.
8. Contact & Data Protection Officer
For any privacy-related questions, data access requests, or complaints, contact us at:
Email: privacy@simplefit.me
Data Protection Officer: John Doe — privacy@simplefit.me
Response time: Within 15 business days (LGPD) or 30 calendar days (GDPR)
EU residents also have the right to lodge a complaint with their local data protection authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany).
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and notify you via an in-app prompt on your next launch if the changes are material. Continued use of SimpleFit after the notice period constitutes acceptance of the updated policy.
Previous versions of this policy are available on request at privacy@simplefit.me.
Legal review notice: This Privacy Policy is a draft prepared for app store review purposes. It must be reviewed and approved by qualified legal counsel specialising in LGPD and GDPR before the public launch of SimpleFit.