Legal

Data & Compliance

Last updated: 16 April 2026

This page describes how FitTrack collects, structures, stores and protects data — including our GDPR compliance position and information for research partners interested in our anonymised datasets.

✓ GDPR Compliant · UK Data Protection Act 2018

Data location

United Kingdom

Private server, not cloud-hosted

Encryption

TLS 1.3

All data in transit encrypted

AI processing

On-premise

Ollama runs locally — no data leaves our server

Backups

Nightly

Encrypted database backups retained 30 days

Password storage

bcrypt hashed

One-way hash — not reversible

Data deletion

Within 30 days

Full deletion on account closure

Data we collect

The following table describes every category of personal data FitTrack collects, the legal basis for processing it, and how long it is retained.

Data category	Legal basis	Retention
Name & email Account identification and communication	Contract performance	Until account deletion
Password hash Authentication (bcrypt, not reversible)	Contract performance	Until account deletion
Food log entries Descriptions, calorie and macro estimates	Contract performance	Until account deletion
Activity data Steps, active calories from HealthKit/Garmin	Contract performance	Until account deletion
Health metrics Weight, sleep, mood, energy, workouts, measurements	Explicit consent	Until account deletion
iMessage ID Phone number or Apple ID for messaging feature	Explicit consent	Until removed by user or account deletion
Subscription data Stripe customer ID, subscription status	Contract performance	7 years (financial records)
Anonymised aggregate data Statistical patterns with no personal identifiers	Legitimate interests	Indefinite

GDPR compliance

FitTrack processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Lawful bases for processing

Contract performance — processing necessary to provide the service you've subscribed to
Explicit consent — for health metrics (special category data under Article 9 GDPR) and iMessage linking
Legitimate interests — for anonymised aggregate research data, balanced against your rights

Special category data

Health metrics (weight, sleep, mood, workout data, body measurements) constitute special category data under Article 9 of the UK GDPR. We process this data only with your explicit consent, given when you enable these modules in the app. You can withdraw consent at any time by disabling the relevant module or deleting your account.

Your rights

Right of access (Article 15) — request all data we hold about you
Right to rectification (Article 16) — correct inaccurate data
Right to erasure (Article 17) — delete your account and all data
Right to data portability (Article 20) — receive your data in JSON or CSV format
Right to object (Article 21) — object to processing for research purposes
Right to withdraw consent — disable health modules or iMessage at any time

To exercise any right, email [email protected]. We will respond within 30 days.

Anonymised research data

FitTrack maintains a structured anonymised dataset suitable for health research and corporate wellness analysis. This dataset is generated from user data but contains no personal identifiers.

Anonymisation method: User IDs are replaced with one-way MD5 cryptographic hashes salted with a secret key. This means individual users can be tracked longitudinally within the dataset (their hash is consistent over time) but cannot be re-identified. No names, emails, phone numbers, or Apple IDs are included in any exported dataset.

Available datasets

Food & nutrition — daily calorie intake, macro breakdown, meal timing, AI estimation rates
Activity patterns — step counts, active calories, synced device types
Sleep — duration, quality ratings, bedtime patterns, weekday vs weekend variation
Mood & energy — daily check-in scores, longitudinal trends, day-of-week patterns
Workout — exercise types, duration, intensity, frequency
Weight & measurements — longitudinal weight change, body composition trends
Aggregate insights — cohort-level health patterns, correlation analysis

Research partnerships

We welcome enquiries from academic institutions, healthcare organisations, and corporate wellness programmes interested in anonymised health behaviour data. All data sharing is subject to a data sharing agreement and requires legitimate research purposes.

Contact [email protected] with the subject line "Research Partnership" to discuss data access.

Sub-processors

Processor	Purpose	Location
Stripe	Payment processing	USA (EU-US DPF)
Cloudflare	DNS, DDoS protection, tunnel routing	USA (EU-US DPF)
Resend	Transactional email	EU (Ireland)

Security measures

All network traffic encrypted via TLS 1.3 (HTTPS)
Passwords stored as bcrypt hashes with cost factor 12
JWT authentication tokens with 7-day expiry
API rate limiting on all endpoints
Admin endpoints protected by separate API key
Database not exposed to public network (Docker internal network only)
Nightly encrypted backups with 30-day retention
AI model runs entirely on-premise (no external API calls for food logging)

Breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and affected users without undue delay, as required by Article 33 and 34 of the UK GDPR.

Contact & complaints

For data protection enquiries: [email protected]

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk