Privacy Policy

Effective date: 31 May 2026

In short

We don't sell your data. Ever. You can export it or delete it at any time. We use trusted providers to make Fitsero work — listed in section 5.

Contents

1. Who we are 2. Information we collect 3. How we use your data 4. Legal bases (GDPR)5. Service providers (sub-processors)6. International data transfers 7. Data retention 8. Your rights 9. Security 10. Children 11. Changes to this policy 12. Contact

1. Who we are

In short

We're the team behind Fitsero, and we're responsible for looking after your data. Questions? Email us.

Fitsero ("Fitsero", "we", "us") is an AI nutrition and meal-planning service operated by [LEGAL ENTITY], based at [REGISTERED ADDRESS]. We are the data controller responsible for your personal data. For any privacy question, contact us at hello@fitsero.ai.

2. Information we collect

In short

Only what we need to build your plan and run the service — your profile, what you log, and basic usage data.

•

Account data: email address, name, age, and gender.

•

Health and profile data: height, weight, weight goals, activity level, dietary preferences, cooking level, food allergies, and disliked ingredients. You provide this so the service can build your meal plan. Some of this is health-related data and we treat it with extra care.

•

Usage data: meal plans, meal logs, plan adjustments, in-app chat messages, voice messages, and food/menu/fridge photos you upload.

•

Payment data: subscription status and plan. Payments are processed by Paddle (Merchant of Record); we do not store your full card details.

•

Technical and analytics data: device and browser information, approximate location derived from IP, and product-usage events collected via PostHog.

3. How we use your data

In short

To build your plans, run the coaching, photo and voice features, handle billing, and keep the service working.

We use your data to: create and personalise your meal plans; operate the AI coaching, photo recognition, and voice features; process subscriptions; communicate with you about your account; improve the service; and meet legal obligations.

4. Legal bases (GDPR)

In short

We rely on our contract with you, your consent for health data, our legitimate interests, and our legal duties.

We process personal data on the basis of: performance of our contract with you (to provide the service); your consent (for health-related data and non-essential cookies); our legitimate interests (to secure and improve the service); and compliance with legal obligations.

5. Service providers (sub-processors)

In short

We use a short list of trusted providers to run Fitsero — and we don't sell your data.

We share data only with providers that help us run Fitsero, under appropriate agreements:

•

Supabase — database, authentication, and file storage.

•

Paddle (Merchant of Record) — payment processing.

•

Resend — transactional and account emails.

•

Google (Gemini) — AI coaching, photo recognition, and embeddings.

•

Groq — voice speech-to-text.

•

OpenAI — voice text-to-speech.

•

PostHog — product analytics.

•

Vercel, Expo (EAS), and Cloudflare — hosting and infrastructure.

We do not sell your personal data.

6. International data transfers

In short

Some providers are outside the EEA, including the US. When data moves, we use safeguards like Standard Contractual Clauses.

Our providers operate partly outside the European Economic Area, including in the United States. Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.

7. Data retention

In short

Photos auto-delete after 30 days. Account data is removed or anonymised after you close your account, unless the law requires us to keep some records.

•

Uploaded food, menu, and fridge photos are automatically deleted after 30 days.

•

Account and profile data are kept while your account is active and deleted (or anonymised) after account closure, unless we must retain certain records for legal reasons.

8. Your rights

In short

You can access, correct, delete, or export your data, and withdraw consent — anytime. Just ask.

Depending on where you live, you have the right to access, correct, delete, or export your data, to object to or restrict certain processing, and to withdraw consent.

•

EEA / UK (GDPR): you may also lodge a complaint with your local data protection authority.

•

California (CCPA/CPRA): you have the right to know what we collect, to request deletion, and to opt out of the sale or sharing of personal information — note that we do not sell personal data.

To exercise any right, contact hello@fitsero.ai.

9. Security

In short

Your data is encrypted, access is locked down per user, and we work to keep it safe.

We protect your data with encryption in transit and at rest, row-level database access controls so each user can only access their own data, and access restrictions on our side. No system is perfectly secure, but we work to keep your data safe.

10. Children

In short

Fitsero is for adults 18 and over. We don't knowingly collect data from anyone younger.

Fitsero is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If we learn that we have, we will delete it.

11. Changes to this policy

In short

If this policy changes, we'll update the date and tell you about anything significant.

We may update this policy. We will post the new version with an updated effective date and, for significant changes, notify you.

12. Contact

In short

Reach us anytime at hello@fitsero.ai.

Questions about this policy or your data: hello@fitsero.ai.

Your plan adapts. You enjoy life.

Product

How it works

How it adapts

Pricing

FAQ

Contact

Legal