Introduction
based.fit ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our fitness tracking application and related services.
Information We Collect
Account Information
- Email address (required for account creation)
- Profile information you provide: weight, height, age, gender, fitness goals, and experience level
- App preferences: measurement system (imperial/metric), theme settings
Workout Data
- Workout sessions: names, start/end times, duration, notes, bodyweight
- Exercises performed: exercise types, equipment used, muscle groups targeted
- Set details: weights lifted, repetitions, duration, distance
- Custom exercises and workout routines you create
- Training programs and schedules
Health and Fitness Data
- Heart rate data: average, maximum, and minimum heart rate during exercises (if you connect a heart rate monitor)
- Bodyweight measurements logged with workouts
Location Data
- GPS location data during outdoor activities (runs, rides, walks) including coordinates, altitude, and speed
- Location data is only collected when you actively track an outdoor activity and grant location permission
Third-Party Integrations
- Discord: If you link your Discord account, we store your Discord user ID and guild connections to enable workout announcements
- Polar heart rate monitors: Heart rate data transmitted via Bluetooth during workouts
How We Use Your Information
- Provide and maintain the based.fit service
- Track your workouts and display your fitness progress
- Calculate statistics, personal records, and analytics
- Sync your data across devices
- Send workout announcements to Discord (if enabled)
- Respond to your support requests
- Improve our services based on usage patterns
Data Storage and Security
Your data is stored securely using Supabase, a trusted cloud database provider with servers in the United States. We implement industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted data storage at rest
- Secure authentication via Supabase Auth
- Regular security updates and monitoring
The mobile app stores data locally on your device using an encrypted SQLite database, enabling offline functionality. Local data syncs with our servers when you're online.
Data Sharing
We do not sell, trade, or rent your personal information to third parties. We only share your data in the following circumstances:
- Discord: If you enable Discord integration, workout summaries are shared to your configured Discord server
- Service providers: We use Supabase for database hosting and Vercel for web hosting. These providers process data on our behalf under strict data processing agreements
- Legal requirements: We may disclose information if required by law or to protect our rights
Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your account and all associated data
- Export: Request an export of your workout data in a portable format
- Restriction: Request that we limit processing of your data
- Objection: Object to processing of your personal data
To exercise any of these rights, please contact us using the information below.
GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis: We process your data based on your consent (account creation) and legitimate interests (service improvement)
- Data portability: You can request your data in a machine-readable format
- Right to be forgotten: You can request complete deletion of your data
- Supervisory authority: You have the right to lodge a complaint with your local data protection authority
CCPA Compliance (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to know: You can request information about what personal data we collect and how we use it
- Right to delete: You can request deletion of your personal information
- Right to opt-out: We do not sell personal information, so this right does not apply
- Non-discrimination: We will not discriminate against you for exercising your CCPA rights
Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete all your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymized, aggregated data may be retained indefinitely for analytics purposes.
Children's Privacy
based.fit is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data, please contact us: