FitFirst
Privacy Terms Join the beta

Privacy Policy

Last updated: 26 June 2026

1. Who we are

Fit First ("Fit First", "we", "us", "our") is a fitness-tracking mobile app operated by Ali Akbar Naiemi, based in Germany. We are the "data controller" responsible for your personal data under the EU General Data Protection Regulation (GDPR).

  • Contact for privacy matters: kontakt@fitfirst.app
  • Postal address: Ali Akbar Naiemi, Mansfeldstraße 33, 40625 Düsseldorf, Germany

2. What data we collect

Account & sign-in

  • Email address and password (passwords are stored only in hashed form by our authentication provider — we never see them).
  • If you sign in with Google or Apple, we receive your email and basic profile info from them.

Profile

  • Display name, username, and bio (these are public).
  • Full name, height, weight, date of birth, and gender (these are private — not shown to other users).
  • Profile picture (a default avatar or one you upload from your device).
  • Your subscription status (whether you have Fit First Premium).

Health & fitness data (you enter this manually — we do not read your phone's health sensors, Google Fit, or Apple Health)

  • Your weight, steps, hydration, and sleep logs.
  • Your goals (weight, steps, hydration, sleep).
  • Your workout routines and logged workout sessions.
  • Your achievements.

Social / community

  • Posts you publish, and any workouts you attach to a post (these become public as part of the post).
  • Comments, likes, and post views you create.
  • Reports you submit about other content, and users you block.

AI Coach

  • The messages you send to the in-app AI Coach and your conversation history.
  • A "coach memory" — a saved summary the AI uses to personalize its replies.
  • Your AI usage (e.g. how many requests you have made), used to enforce plan limits.

Support & technical

  • Feedback you send us.
  • Crash and diagnostic data (device model, OS version, app version, crash logs) collected automatically when the app crashes, to help us fix bugs.

We do not collect your location, we do not use advertising, and we do not use third-party analytics/tracking SDKs.

3. How we use your data & our legal basis (GDPR Art. 6 & 9)

  • Run your account — provide tracking, goals, workouts, the social feed, and the AI Coach: performance of a contract (Art. 6(1)(b)).
  • Process your health & fitness data and AI Coach chats (special-category data): your explicit consent (Art. 9(2)(a)) — given when you enter the data; withdrawable any time by deleting the data or your account.
  • Security & anti-bot — verify sign-ups and logins are genuine and keep the service secure: legitimate interests (Art. 6(1)(f)).
  • Diagnose crashes and improve stability: legitimate interests (Art. 6(1)(f)).
  • Manage subscriptions and payments: performance of a contract (Art. 6(1)(b)).
  • Comply with legal obligations: legal obligation (Art. 6(1)(c)).

4. What is public vs. private

  • Public to other users: your username, display name, bio, profile picture, the posts/comments/likes you make, and any workouts attached to your posts.
  • Private: your email, password, full name, date of birth, gender, height, weight, all health metrics and goals, workouts not attached to a post, AI Coach chats and memory, feedback, and crash data.

5. Who we share data with (processors & sub-processors)

We don't sell your data. We share it only with the providers needed to run the app, each acting under a data-processing agreement:

  • Supabase — database, authentication, and image storage. Hosted in the EU (Ireland).
  • Anthropic — powers the AI Coach. When you use the Coach, your messages (and relevant context) are sent to Anthropic to generate a reply. This data is not used to train any AI models. (United States)
  • Google — crash reporting (Firebase Crashlytics), Google Sign-In, and Google Play in-app billing. (United States)
  • Apple — Sign in with Apple and App Store billing (iOS). (United States)
  • Cloudflare — bot protection (Turnstile) on sign-up/login; processes your IP address and browser signals to confirm you're human. (Global)
  • RevenueCat — manages Fit First Premium subscriptions; receives a user identifier and purchase information. (United States)

6. International data transfers

Your data is stored primarily in the EU (Ireland). Some of the providers above are located in the United States or operate globally. Where your data is transferred outside the EU/EEA, we rely on EU Standard Contractual Clauses and equivalent safeguards to protect it.

7. How long we keep your data

We keep your personal data only while your account is active. When you delete your account, your personal data and content are permanently erased as described in Section 9. We may retain limited records for a short period where required to meet legal obligations or to prevent fraud and abuse.

8. Your rights under GDPR

You have the right to: access your data, correct it, delete it ("right to be forgotten"), restrict or object to processing, withdraw consent at any time, and receive a portable copy of your data. To exercise any of these, use the in-app options or email kontakt@fitfirst.app.

You also have the right to lodge a complaint with a supervisory authority — in Germany, your state Data Protection Authority.

9. Deleting your account and data

You can delete your account at any time: Profile → Settings → Delete Account. To prevent accidental or unauthorized deletion, we email you a verification code that you must enter to confirm.

Once confirmed, your account and all associated personal data — profile, health metrics, goals, workouts, posts, comments, likes, AI Coach messages and memory, and uploaded images — are permanently deleted. This cannot be undone.

You can also request deletion on the web: fitfirst.app/delete-account.

10. Children

Fit First is not intended for anyone under 16 (the age of digital consent in Germany). We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact us and we will delete it.

11. Security

We protect your data with encrypted connections, hashed passwords, and access controls. No system is perfectly secure, but we work continuously to keep your data safe.

12. Changes to this policy

We may update this policy. We'll post the new version here, update the date above, and notify you in-app of significant changes.

13. Contact

Questions or requests about your privacy: kontakt@fitfirst.app.

© 2026 FitFirst · Ali Akbar Naiemi
Privacy Terms Impressum Delete account Support