Effective date: November 15, 2025
Company: FitnessIQ Limited
Registered address: 58, Marco Polo, London E16 2AL, United Kingdom
Company number: 16070207
Contact: team@thefitnessiq.com
This Privacy Policy explains how FitnessIQ Limited ("FitnessIQ", "we", "us", or "our") collects, uses, shares, and protects personal data when you use our website, mobile applications, and related services (the "Service"). This Policy is written for users in the United Kingdom and reflects the UK GDPR and the Data Protection Act 2018.
Account data: name, email address, password (hashed), country or region, and age declaration.
Profile and preferences: dietary choices, allergies, disliked ingredients, goals, lifestyle inputs, and other preferences you choose to provide.
Uploads and logs: meal photos, notes, ratings, streaks, progress indicators, and similar activity data.
Support and feedback: messages to customer support, survey responses, and testimonials (only where you have given consent).
Device and usage data: app version, device type, operating system, performance metrics, crash logs, IP-derived general location, and analytics events relating to feature usage.
Website cookies and similar technologies: used for essential site operation, analytics, and (where you opt in) marketing. See Section 4 for details.
Some information you provide (such as nutrition logs, goals, or lifestyle inputs) may constitute special category personal data relating to health under the UK GDPR.
We process such data only where a valid UK GDPR condition applies, typically your explicit consent, and apply additional safeguards to protect it.
At present, health-related data is limited to information you manually provide (for example, meal logs or goals). Any future collection of additional health signals or platform integrations will be optional and subject to clear in-app permissions.
| Purpose | Examples | Lawful basis |
|---|---|---|
| Provide and operate the Service | Account creation, core features, troubleshooting | Contract |
| Personalise content | Recipe recommendations, tips | Legitimate interests; explicit consent for special category data |
| Process health-related entries | Displaying and storing your logs for your use | Explicit consent (UK GDPR Article 9) |
| Improve the Service | Analytics, diagnostics | Legitimate interests; consent for non-essential cookies |
| Customer support | Responding to queries, identity verification | Legitimate interests; contract |
| Security and fraud prevention | Abuse detection, access control | Legitimate interests; legal obligation |
| Marketing communications | Email or push notifications (if enabled) | Consent |
We apply the UK GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.
The Service is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If we become aware that a user under 16 has provided personal data without appropriate consent, we will delete that data.
Essential cookies are required for site functionality, security, and consent management.
Analytics and marketing cookies are used only where you have provided consent. You can manage your cookie preferences at any time via our cookie banner or settings page.
We collect data:
We do not sell personal data.
We may share data with:
All processors are contractually required to protect your data and act only on our instructions.
Where personal data is transferred outside the UK, we apply appropriate safeguards such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and conduct transfer risk assessments.
We retain personal data only for as long as necessary for the purposes described in this Policy, including legal and accounting obligations, after which it is deleted or anonymised.
Indicative retention periods:
We use technical and organisational measures including encryption in transit, access controls, role-based permissions, secure development practices, and supplier due diligence. No system is completely secure, and users acknowledge this risk.
If you choose to connect Apple HealthKit in the future, FitnessIQ will access or write only the data types you explicitly permit. HealthKit data will never be used for advertising, marketing, or sold to third parties, and will be used solely to provide or improve health-related features in accordance with Apple’s requirements.
If you connect Google Fit, we will comply with Google’s User Data policies and clearly disclose how such data is collected, used, stored, and deleted.
You have rights under the UK GDPR, including rights of access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.
You may exercise these rights by contacting us at team@thefitnessiq.com. We will respond within one month, subject to lawful extensions.
You may withdraw consent at any time. Withdrawal does not affect processing carried out before consent was withdrawn.
You may delete specific entries within the app. You may request full account deletion via app settings or by emailing us. We will delete or anonymise data unless retention is required by law.
If you have concerns about our data practices, please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk, telephone 0303 123 1113.
We may update this Policy from time to time. We will post the updated version with a new effective date and provide prominent notice for material changes.
