top of page

Privacy Policy

Section 1: Introduction and Scope

Effective Date: 10/07/2024

Welcome to Fitycal.
 

At Fitycal, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our services, whether as an individual user or as a client of a business using our B2B platform.

By using Fitycal and providing your personal information, you agree to the transfer of your data to the United States, where it will be processed in accordance with our privacy practices. While U.S. laws may not offer the same level of data protection as those in the EU, we take appropriate steps to handle your information securely and responsibly, in line with the standards set by the General Data Protection Regulation (GDPR).


By submitting your information to Fitycal, you consent to this international transfer.
You have the right to withdraw your consent or exercise your data protection rights at any time. To do so, please contact us at info@fitycal.com

This policy applies to:

  • Individuals who use Fitycal directly to track their fitness progress and personal data
     

  • Business clients such as wellness centers, gyms, and fitness professionals who use Fitycal to scan and manage data for their own clients
     

  • End-users whose data is submitted to Fitycal by a third-party business client (in which case Fitycal acts as a data processor)
     

We encourage all users (whether individuals or organizations) to review this policy carefully to understand how we handle personal information under both direct and business-use scenarios.

Section 2: Roles and Responsibilities – Data Controller vs Data Processor

Fitycal operates under two distinct roles depending on how our services are used:

A. When Fitycal acts as the Data Controller:

If you use Fitycal directly, for example, by creating a personal account to scan your body, track your fitness progress, or access personalized plans. Fitycal is the data controller. This means we determine the purposes and methods for processing your personal data. In this role, we are responsible for handling your data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) for EU users.

B. When Fitycal acts as the Data Processor (Used by Businesses for Their Clients):

If a business (such as a wellness center, gym, or fitness coach) uses the Fitycal B2B platform to scan or manage data on behalf of their clients, that business is the data controller, and Fitycal acts as the data processor.

In this role:

  • The business decides what personal data to collect from its clients and why (for example, to track fitness progress or personalize training programs).
     

  • Fitycal only processes that data on behalf of the business, strictly following their instructions and our contractual agreement.
     

Important clarification:
Fitycal does not decide how a business client's customer data is used or why it is collected. These decisions are made solely by the business using our platform. Fitycal simply provides the tools and securely processes the data on their behalf, without using it for our own purposes.

Regardless of our role, we are committed to protecting all data with the same high level of security and privacy.

Section 3: What Information We Collect

At Fitycal, we are committed to transparency in the way we handle personal data. The information we collect depends on whether you are using the app as an individual (B2C) or as part of a business relationship through a wellness center or fitness professional (B2B). This section explains what data we collect and process, how it is collected, and the purpose for each type of information.

 

A. Account Creation:


To create an account, the user needs to provide Fitycal with the correct full name, email, date of birth, height, weight, gender, and a password.

B. 3D Body Avatar Creation:


Fitycal uses Prism Labs technology to provide a body scan service. In each scan, Fitycal sends Prism images of you and related data, including gender, height, and weight. Fitycal will not share any of the user’s identifying information (e.g., name, address, phone) with Prism. Prism’s back-end is designed not to require any personal information other than photos uploaded from the camera, height, and weight. The back-end (Prism technologies) uses only the video uploaded from the camera, gender, height, and weight to provide the scanning service, including:

To build 3D body scans of you from head to toe (including some basic face geometry).
To calculate insights such as your body composition (like body fat percentage and lean body mass); and to improve Prism’s technology.


Because the scans include rough measurements of face geometry, some data in the scans may be considered “biometric identifiers” under laws such as the Illinois Biometric Information Privacy Act (BIPA), even though Fitycal and Prism do not use the scans for reidentification purposes.

Section 4: Data Usage

Fitycal uses the personal data you provide solely to deliver the services you expect from us. This includes generating your 3D avatar, calculating body measurements, providing progress reports, and displaying your results within the app.

Your data is used to:

  • Create and manage your personal profile

  • Generate accurate body measurement reports

  • Visualize your progress over time through scans

  • Provide access to your results at any time through your account

  • Support your assigned coach, if applicable, in guiding your fitness journey
     

Fitycal does not use your personal data for advertising, marketing, or profiling purposes. We are committed to keeping your data confidential and only use it to support your experience within the Fitycal platform.

We do not share your identifying information (such as your name or email address) with third parties, except in the following limited situations:

  1. When it is necessary to provide our services:
    Some third-party service providers (e.g., cloud storage providers, secure servers) may process your data on our behalf. These providers are contractually obligated to follow strict data protection requirements and are not allowed to use your data for their own purposes.
     

  2. When required by law or legal process:
    We may disclose your personal information if legally required to do so. For example, in response to a court order, government request, or to comply with applicable laws.
     

In cases where Fitycal is used by a wellness center, gym, or other organization to manage client data (B2B use), your data may also be shared with that organization, who is responsible for how it is used and must also follow privacy regulations.

Section 5: Data Sharing with Third Parties

Fitycal allows users to share their personal body measurement data, 3D scan results, and progress reports with third parties of their choosing. This feature is designed to support collaboration with coaches, trainers, medical professionals, or anyone else you wish to involve in your fitness journey.

 

However, it’s important to understand the implications of sharing your personal data outside the Fitycal platform.

When you choose to share your information, whether by sending a file, screenshot, report, or allowing someone direct access to your data, you are taking personal responsibility for that action. Once the data leaves the secure environment of the Fitycal app, it is no longer under our protection or control.

You should be aware that:

  • The individuals or organizations you share data with may store, copy, or forward your information without your knowledge.
     

  • Fitycal cannot monitor, restrict, or influence how third parties handle, use, or protect the data you choose to share with them.
     

  • Fitycal is not responsible for any unauthorized use, data breaches, or privacy violations that occur as a result of sharing your data externally.
     

For example, if you send your scan report to a coach via email or a messaging app, or grant access to your account data through a shared screen, that third party becomes the custodian of your data, and you accept the associated risks.

We recommend:

  • Only sharing your personal data with trusted individuals or professionals.

  • Asking those parties how they intend to use and protect your data.

  • Reviewing the privacy practices of any third party before sharing sensitive information with them.
     

By using the sharing features in Fitycal, you acknowledge and accept that any data you voluntarily share with others is outside of Fitycal’s control, and Fitycal will not be liable for any misuse, data loss, or harm that may result from such actions.

Section 6: User Rights

At Fitycal, we believe in empowering our users with control over their personal data. We are committed to maintaining transparency, respecting your privacy, and enabling you to exercise your rights under applicable data protection laws, including (where applicable) the General Data Protection Regulation (GDPR).

As a user of the Fitycal platform, whether directly (as an individual) or through a wellness center or fitness professional (as a client), you are entitled to the following rights:

 

A. Right to Access and Use

You have the right to access and use the Fitycal app and its features at any time, provided that you comply with our Terms of Use. This includes:

  • Viewing your account and profile information

  • Accessing your 3D body scan, historical measurements, and progress reports

  • Reviewing and managing your scan history and data
     

This access is available through your personal login credentials. We maintain account protection standards to ensure that only you, or those you explicitly authorize, may access your data.

 

B. Right to Privacy and Control Over Visibility

All personal data collected through the Fitycal app, including body measurements, scan results, and 3D avatars, is private by default and stored securely. You are the sole individual with access to this information unless you intentionally choose to share it with a third party, such as a coach or healthcare professional.

Fitycal will never make your data publicly available or accessible to unauthorized users. We do not disclose your data to anyone without your explicit consent, and we encourage you to share only with trusted recipients.

 

C. Right to Access, Correction, Deletion, and Portability

Fitycal empowers users, whether individuals or clients of a business, with full control over their personal data. The platform offers tools for managing, correcting, and removing personal information in a secure and transparent way.

 

For Individual Users:

  • Access Your Data
    You can view all your personal data, including body measurements, scan history, and 3D avatars, directly through your Fitycal account at any time.
     

  • Correct Your Information
    If any part of your account information is incorrect or needs to be updated, you can request correction through the app or by contacting our support team.
     

  • Delete a Specific Avatar and Its Data
    Within the app, you can delete any individual avatar using the “Delete Avatar” feature. This will permanently remove the selected scan and all related measurement and body value data from your profile.
     

  • Delete Your Entire Account
    If you choose to stop using Fitycal, you have the option to permanently delete your account. Once deleted, all your personal data — including avatars, scans, and progress history — will be immediately and irreversibly erased from our system.
     

  • Request Data Portability
    You may request a copy of your personal data in a portable format, allowing you to transfer it to another service or provider.
     

 

For Users Managed by a Business Client:

In some cases, your Fitycal account may be created and managed by a wellness center, gym, or fitness coach using our B2B platform. In such cases:

  • The business acts as the data controller, and Fitycal acts as the data processor.

  • The business manager (e.g., a coach or administrator) may create your profile and manage your scan data on your behalf.

  • If you wish to delete a specific scan or your entire account, you can make that request directly to the business managing your account.
     

  • The business manager can:
     

    • Delete a specific avatar and its associated data if you request it, or if the data was incorrect (for example, due to an input error such as the wrong body weight).

    • Delete your entire account if requested by you or as part of the business’s data management responsibilities.
       

  • Any such deletions performed by the business will follow the same process as individual deletions: all selected data will be permanently and irreversibly removed from Fitycal’s system.
     

We encourage businesses using Fitycal to clearly inform their clients about how their data is managed and how to make deletion or correction requests through them.
 

 

D. How to Exercise Your Rights

To exercise any of your rights, you may contact Fitycal through the app or by emailing our support team at info@fitycal.com. We will respond to your request in a timely manner and in accordance with applicable data protection regulations.

In cases where Fitycal is used as part of a B2B service (e.g., through a wellness center or gym), we may need to coordinate with the data controller (the organization managing your account) to fulfill your request.

7. Data Retention

Fitycal retains personal data only for as long as necessary to provide our services, fulfill our contractual and legal obligations, or as requested by you or your business provider.

Fitycal stores user data on secure servers hosted by Amazon Web Services (AWS). AWS is a globally recognized cloud service provider that complies with GDPR and other international privacy standards. We rely on AWS for its robust infrastructure, security certifications, and reliability in supporting key parts of our platform.

In addition, Fitycal uses DigitalOcean to store and manage user data on servers located in Amsterdam, within the European Union. DigitalOcean is also fully GDPR-compliant, and hosting within the EU ensures that user data remains under the jurisdiction of European data protection laws. This setup allows us to maintain strong security and privacy standards while meeting the expectations of our European users.

 

For Individual Users (B2C):

  • Your data — including 3D avatars, scan results, and measurement history — remains stored in your account for as long as your account is active.
     

  • You can delete any avatar (and its related data) at any time using the "Delete Avatar" feature in the app.
     

  • If you choose to delete your account entirely, all personal data associated with your account will be permanently and immediately deleted from our system.
     

  • Inactive accounts are not deleted automatically without notice. You will be contacted before any action is taken regarding prolonged inactivity.
     

For Business-Managed Accounts (B2B):

  • If your account was created by a wellness center, gym, or coach using Fitycal's B2B platform, the business is responsible for managing your data and determining its retention period.
     

  • Business managers may delete individual scans or full user accounts based on internal policies, client requests, or in cases where data needs to be corrected or replaced (e.g., due to incorrect input).
     

Technology Partner – Prism Labs

Fitycal uses advanced scanning technology supplied by Prism Labs, which also processes and stores certain scan data on our behalf as a trusted data processor.

Prism Labs adheres to strict data retention guidelines, including:

  • For known residents of Illinois, USA (subject to the Biometric Information Privacy Act, BIPA):
    Scans containing facial geometry will be permanently destroyed either when the purpose for collection has been fulfilled, or within three (3) years of the individual’s last interaction with Prism Labs, whichever occurs first.

8. Modifications to Terms

Fitycal reserves the right to update or modify this Privacy Policy at any time in order to reflect changes in our services, legal requirements, or data handling practices. When updates are made, the revised version will be published on our website with the “Last Updated” date clearly indicated at the top of the page.

We encourage users to review this policy periodically to stay informed about how we protect your personal data. If we make significant changes that affect your rights or the way we use your data, we will notify you through appropriate channels, such as an in-app message, email notification, or website banner, before the changes take effect.

By continuing to use Fitycal after such updates, you acknowledge and agree to the revised terms. If you do not agree with the changes, you have the right to stop using the service and delete your data at any time.

9. Business Use and Responsibilities

Fitycal provides a business-facing platform that allows wellness centers, gyms, fitness professionals, and other organizations to scan, track, and manage data on behalf of their clients. In these cases, Fitycal acts as a data processor, and the business is the data controller under applicable data protection laws.

Business Responsibilities

As a business client using Fitycal, you are responsible for:

  • Obtaining valid consent from your clients before collecting, scanning, or processing their personal data using the Fitycal platform.

  • Managing access and security of your Fitycal business account, including authorized personnel and devices.

  • Responding to user requests regarding access, correction, deletion, or transfer of their data. Fitycal will assist you in fulfilling these requests when needed.

  • Deleting or updating scan data at the request of the client, or in cases where the scan is incorrect or no longer needed.
     

You also agree to use the Fitycal platform only for legitimate wellness, fitness, or health monitoring purposes in line with your own privacy obligations.

Fitycal’s Role as Data Processor

When acting as a data processor, Fitycal:

  • Processes data solely under your instructions and only for the purpose of delivering the services you've subscribed to.

  • Implements industry-standard technical and organizational security measures to protect client data.

  • Does not use or access the data you upload for independent purposes outside the scope of service delivery and system support.
     

If your organization discontinues use of Fitycal or requests account termination, all associated client data will be permanently deleted from our systems in accordance with this Privacy Policy.






 

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:
📧 info@fitycal.com

bottom of page