How we handle your data.
1.Who we are
This Privacy Policy describes how PHITER.ai ("PHITER," "we," "us," or "our") collects, uses, and shares personal information when you use our website at phiter.ai, our application at test.phiter.ai, and any related services (collectively, the "Service").
For privacy questions or to exercise your rights, contact us at privacy@phiter.ai.
2.What we collect
Account information
When you sign up, we collect your email address and a password (stored as a salted hash — we never see your plaintext password). You may optionally provide a display name.
Profile and health data
To deliver personalized coaching, you may provide:
- Date of birth, sex, height, body weight, body fat estimate
- Training experience level, fitness goals, available equipment
- Dietary preferences (e.g., vegetarian, kosher, allergies)
- Injuries or medical conditions you choose to disclose
This data is sensitive. You provide it voluntarily and can delete it any time.
Training and nutrition data
- Workout logs, sets, reps, weights, personal records
- Daily readiness check-ins, sleep ratings
- Calorie and macro logs, food entries, photos you submit for food scanning
- Videos you submit for form analysis
Conversations with Phit
Your chat messages with Phit are stored to provide continuity (Phit remembers your training history). We extract short factual snippets (e.g., "user's bench PR is 225lb," "user has knee injury") into a structured memory store to improve coaching over time.
Payment information
We use Stripe to process subscriptions. We never see or store your credit card number. We retain limited metadata (subscription status, plan, billing dates).
Technical data
- IP address, browser type, device type, operating system
- Pages visited, actions taken in the app
- Crash reports and error logs
3.How we use it
- Provide the Service. Generate training plans, nutrition recommendations, chat coaching, food/form analysis.
- Personalize your experience. Adapt programs to your data, fatigue, recovery, and progress.
- Communicate with you. Send service-related emails (billing, security, important updates). We do not send marketing email unless you opt in.
- Improve the Service. Analyze aggregated, de-identified usage patterns to improve our coaching engine.
- Security and fraud prevention. Detect abuse, fraud, and unauthorized access.
- Legal compliance. Respond to lawful requests and enforce our Terms of Service.
We do not sell your personal information. We do not use your conversations to train third-party AI models.
4.Who we share with
We share data only with vendors that help us run the Service. Each is bound by contractual confidentiality and security obligations.
| Vendor | Purpose | Data shared |
|---|---|---|
| Anthropic | Powers Phit AI coach | Your chat messages (per request) |
| Google (Gemini) | Food & video form analysis | Photos / videos you submit |
| Supabase | Database, authentication | All account & training data |
| Stripe | Subscription billing | Email, payment metadata |
| Vercel | Web hosting, edge compute | Technical request data |
We may also share information when legally required (subpoena, court order), to protect rights or safety, or in connection with a corporate transaction (merger, acquisition) — with notice to affected users.
5.International transfers
PHITER's primary infrastructure is located in the United States. If you access the Service from the European Union, United Kingdom, or other jurisdictions outside the U.S., your data is transferred to and processed in the U.S.
For EU/UK transfers we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for transfer.
6.How long we keep it
- Account data: retained while your account is active.
- Training and nutrition data: retained while your account is active so Phit can provide continuous coaching.
- Chat messages: retained while your account is active.
- Photos / videos: processed for analysis and not retained beyond the analysis result, unless you choose to keep them in your log.
- After account deletion: we permanently delete your data within 30 days. Backups containing residual data are purged within 90 days.
- Legal/compliance records: we may retain limited records (billing history, account closure logs) for up to 7 years to comply with tax, accounting, and legal obligations.
7.Security
We protect your data using:
- TLS encryption for all data in transit
- Encryption at rest in our database
- Row-level security (RLS) — your data is isolated to your account
- Hashed passwords (bcrypt/argon2)
- Limited internal access on a need-to-know basis
No system is perfectly secure. If we detect a breach affecting your data, we will notify you and the appropriate regulators within the timeframes required by applicable law.
8.Your rights
Regardless of where you live, you can:
- Access the personal data we hold about you
- Correct inaccurate data via the in-app profile
- Delete your account and all associated data
- Export your data in a portable format
- Object or restrict certain processing
- Withdraw consent where processing is based on consent
Most rights can be exercised directly in the app (Settings → Privacy → Delete account / Export data). For anything else, email privacy@phiter.ai. We will respond within 30 days.
9.California residents (CCPA / CPRA)
If you are a California resident, you have the additional rights under the California Consumer Privacy Act:
- The right to know what personal information we collect, use, and disclose
- The right to delete personal information (subject to legal exceptions)
- The right to correct inaccurate personal information
- The right to opt out of the sale or sharing of personal information — we do not sell or share your personal information
- The right to limit use of sensitive personal information
- The right to non-discrimination for exercising your rights
To exercise these rights, email privacy@phiter.ai with subject line "California Privacy Request."
10.EU / UK residents (GDPR)
The legal bases on which we process your personal data:
- Performance of a contract — to deliver the Service you signed up for
- Legitimate interests — to improve the Service, prevent fraud, ensure security
- Consent — for optional features such as analytics or marketing email (where applicable)
- Legal obligation — to comply with tax, accounting, and other legal requirements
You have the right to lodge a complaint with your local data protection authority. We do not have an EU representative at this time; for now, please contact privacy@phiter.ai directly.
11.Children
The Service is not directed at children under 16, and we do not knowingly collect personal information from anyone under 16. If we discover that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, contact privacy@phiter.ai.
12.Cookies
We use cookies and similar technologies for:
- Authentication — to keep you signed in (essential, cannot be disabled)
- Preferences — to remember your settings (e.g., dark mode, language)
- Basic analytics — to understand aggregate usage and detect issues
We do not use third-party advertising cookies. You can disable non-essential cookies via your browser settings.
13.Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by a prominent notice in the app at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
14.Contact
For privacy questions, requests, or complaints:
- Email: privacy@phiter.ai
- Web form: phiter.ai/#contact