← BACK TO HOME

PRIVACY POLICY

Last updated: March 25, 2026

1. INTRODUCTION

Foundation Fitness (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our web application at foundationfitness.app (“the Service”).

2. INFORMATION WE COLLECT

We collect the following types of information:

Account Information

Email address, name, and display name provided during account creation.

Workout Data

Exercise logs, workout history, completed sessions, and program preferences you enter while using the Service.

Progress Photos

Photos you voluntarily upload to track your physical progress. These are stored in a private, encrypted storage bucket.

Body Metrics

Weight, body fat percentage, body measurements, and other health markers you choose to log manually.

Wearable & Device Data

If you connect a wearable device or fitness platform, we receive health and activity data including: heart rate, heart rate variability (HRV), resting heart rate, sleep duration and stages, respiratory rate, skin temperature, VO2 max estimates, steps, active calories, total calories burned, floors climbed, activity data (sport type, duration, distance, pace, heart rate zones), recovery and readiness scores, and menstruation cycle data. This data is transmitted through Terra API, our wearable data integration partner.

Payment Information

If you subscribe, your payment is processed by Stripe, Inc. We store your Stripe customer identifier and subscription status, but we never store your credit card number, expiration date, or security code. Stripe is PCI DSS Level 1 certified.

Usage Data

Basic technical information such as browser type, device type, and pages visited, collected automatically to improve the Service.

3. HOW WE USE YOUR INFORMATION

We use your information solely to:

  • Provide, maintain, and improve the Service
  • Authenticate your account and keep it secure
  • Store and display your workout data, photos, and metrics
  • Process and display health data from connected wearable devices
  • Process subscription payments and manage your billing
  • Communicate with you about the Service (updates, changes, support)
  • Analyze usage patterns to improve user experience

4. WHAT WE DO NOT DO

We take your privacy seriously. We will never:

  • Sell, rent, or trade your personal information to third parties
  • Share your progress photos, body metrics, or health data with anyone
  • Display your data on any public profile or social feed
  • Use your data for targeted advertising
  • Share your information with data brokers or marketing companies
  • Use your health or biometric data for any purpose other than providing the Service

5. DATA STORAGE & SECURITY

Your data is stored securely using Supabase, which provides enterprise-grade PostgreSQL databases with row-level security policies and encryption at rest. Progress photos are stored in private storage buckets accessible only through time-limited signed URLs. All data is transmitted over HTTPS encryption. While we implement reasonable security measures, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. DATA RETENTION

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data, workout logs, progress photos, health data from connected devices, and body metrics within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.

7. THIRD-PARTY SERVICES

We use the following third-party services to operate the Service:

  • Supabase — Database, authentication, and file storage
  • Vercel — Web hosting and content delivery
  • Stripe — Payment processing and subscription management
  • Terra API — Wearable device data aggregation and transmission
  • Inngest — Background task processing

When you connect a wearable device, data may flow through Terra API from your device provider (such as Garmin, Fitbit, Oura, WHOOP, Google, Peloton, and others). Each provider has their own privacy policy governing how they handle your data. These third-party providers are bound by their own data protection obligations.

8. HEALTH & BIOMETRIC DATA

We collect health-related data including heart rate, heart rate variability, sleep patterns, body composition, activity metrics, recovery scores, and menstruation cycle data. This data is:

  • Used solely to provide the Service and display your health trends
  • Never sold, shared with advertisers, or used for purposes unrelated to your fitness tracking
  • Not medical data and should not be used for medical diagnosis or treatment
  • Stored with the same encryption and access controls as all other user data

You may request deletion of all health data at any time by contacting us or by disconnecting your wearable devices and deleting your account.

9. COOKIES & LOCAL STORAGE

We use essential cookies for authentication and session management. We also use browser local storage to save your workout preferences and program selections for a faster experience. We do not use third-party tracking cookies or advertising cookies.

10. YOUR RIGHTS

You have the right to:

  • Access your personal data stored in the Service
  • Correct inaccurate personal information
  • Request deletion of your account and all associated data, including health data
  • Export your workout data
  • Disconnect wearable devices and stop health data collection at any time
  • Opt out of non-essential communications

To exercise any of these rights, contact us at hello@foundationfitness.app.

11. CHILDREN'S PRIVACY

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that information promptly.

12. CHANGES TO THIS POLICY

We reserve the right to modify, amend, or replace this Privacy Policy at any time and at our sole discretion. Changes may reflect updates to our data practices, new features, or changes in applicable law. We will notify users of material changes through the Service. Your continued use of the Service following notification constitutes binding acceptance of the revised policy. If you do not agree to the modified policy, you must stop using the Service immediately.

13. CONTACT

If you have questions or concerns about this Privacy Policy or your data, please contact us at hello@foundationfitness.app.

← BACK TO HOME