Fitless is your AI personal trainer. It provides personalized workouts with no complications. Get AI-powered body analysis, custom workout plans based on your body type, and a personal trainer that learns from your training data. Show off your progress with customizable social cards.

How does the AI personal trainer work?

Fitless uses AI to analyze your body and create personalized workout plans. The AI personal trainer has access to your training data and acts as your personal trainer, providing guidance and adapting to your progress.

What are social progress cards?

Social progress cards are customizable profile cards that you can personalize with skins you earn as you train. Show off your progress and achievements to other users in the Fitless community.

Privacy Policy

Effective date: January 11, 2025

Last updated: January 20, 2026

Introduction

Fitless ("Fitless", "we", "us", or "our") is an AI-powered personal fitness training platform that delivers personalized workouts through body analysis and computer vision. This Privacy Policy explains how OPALLOO INOVACOES LTDA (CNPJ: 53.284.020/0001-06) collects, uses, shares, and protects your personal information when you use our website at fitless.ai and the Fitless mobile application (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Services.

Information We Collect
How We Use Your Information
Body Scan Images and AI Analysis
How We Share Your Information
Third-Party Services
Data Retention
Data Security
Your Rights and Choices
International Data Transfers
Children's Privacy
Changes to This Policy
Contact Us

1. Information We Collect

Sensitive Health Data Notice

IMPORTANT: Our Services collect and process sensitive personal data related to your health, including body measurements, health conditions, injuries, medications, and body scan images. Under data protection laws such as GDPR and LGPD, this type of information is classified as "special category data" or "sensitive personal data" and requires your explicit consent for processing.

By creating an account and using our Services, you explicitly consent to the collection, processing, and use of your sensitive health data as described in this Privacy Policy for the purpose of providing you with personalized fitness recommendations.

You have the right to withdraw this consent at any time by deleting your account or contacting us at privacy@fitless.ai. However, withdrawing consent may affect our ability to provide the Services to you.

Information You Provide

Account Information: Email address, name, username, and password when you create an account.
Health Profile (Sensitive Data): Height, weight, body fat percentage, fitness goals, fitness level, workout preferences, available equipment, health conditions, injuries, and medications. This is considered sensitive health data and is processed with your explicit consent.
Body Scan Images (Sensitive Data): Front and side photographs you upload for AI-powered body composition analysis. These images are processed with your explicit consent and are deleted immediately after analysis.
Workout Data: Exercise history, completed workouts, personal records, sets, reps, and performance metrics.
Social Features: Friends list, friend requests, and any progress you choose to share.
Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store your full credit card number.
Communications: Messages you send to our support team, feedback, and survey responses.

Information Collected Automatically

Device Information: Device type, operating system, browser type, and unique device identifiers.
Usage Data: Pages visited, features used, workout completion rates, app interactions, and session duration.
Log Data: IP address, access times, referring URLs, and error logs.
Location Data: General location based on IP address (we do not collect precise GPS location).
Cookies and Tracking: We use cookies, pixels, and similar technologies for analytics and advertising purposes.

2. How We Use Your Information

We use your information to:

Provide and personalize our Services: Generate custom workout plans based on your body analysis, fitness level, goals, and available equipment.
Process body scans: Analyze your uploaded images using AI to assess body composition and create tailored fitness recommendations.
Track your progress: Record workout history, streaks, and personal records to help you monitor your fitness journey.
Process payments: Handle subscription billing, refunds, and payment verification.
Enable social features: Allow you to connect with friends and share progress.
Communicate with you: Send transactional emails, workout reminders, and respond to support inquiries.
Improve our Services: Analyze usage patterns to enhance features, fix bugs, and develop new functionality.
Marketing (with consent): Send promotional content about our Services. You can opt-out at any time by clicking "Unsubscribe" in any marketing email or contacting us at support@fitless.ai.
Legal compliance: Comply with applicable laws, regulations, and legal requests.

3. Body Scan Images and AI Analysis

Your privacy regarding body scan images is extremely important to us. Here is exactly how we handle them:

Image Processing

Upload: You upload front and side photographs through our secure, encrypted connection.
Storage: Images are stored temporarily in a private, encrypted storage bucket accessible only to you and our analysis system.
Analysis: Images are sent to our AI service provider (Google Gemini, accessed via OpenRouter) for body composition analysis. Google processes these images solely for this analysis and does not retain them.
Immediate Deletion: Images are automatically deleted immediately after analysis is complete.
Backup Cleanup: As an additional safeguard, we run an automated cleanup process that permanently deletes any body scan images older than 24 hours, ensuring no images remain even if the primary deletion fails.

What We Keep

We store only the numerical results of your body analysis (e.g., estimated body fat percentage, muscle mass distribution, and fitness recommendations).
We do not retain your actual photographs after analysis.
Analysis results are associated with your account and used to personalize your workout plans.

Your Control

You can request deletion of your analysis results at any time by contacting support@fitless.ai.
Deleting your account permanently removes all associated body analysis data.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

Service Providers

We work with trusted third-party companies that help us operate our Services:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Stripe | Payment processing | Billing information, transaction details | | Supabase | Database hosting, authentication, file storage | Account data, health profiles, workout data | | Google Gemini (via OpenRouter) | AI-powered body analysis and workout generation | Body scan images (deleted immediately after processing), health profile data, fitness preferences | | Google Gemini | Workout import processing | Uploaded files (videos, images, PDFs) for exercise extraction — deleted after processing | | Google Analytics | Usage analytics | Anonymized usage data, device information | | Meta (Facebook Pixel) | Advertising and conversion tracking | Anonymized event data, device identifiers | | Resend | Transactional emails | Email address, name |

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Fitless, our users, or others.

Business Transfers

If Fitless is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

With Your Consent

We may share your information for other purposes with your explicit consent.

Health Data Protections

We commit to the following protections regarding your health data:

No Insurance Sharing: We will NEVER share, sell, or provide your health data, body scan results, or fitness information to health insurance companies, life insurance companies, or any insurance-related entities.
No Employment Decisions: We will NEVER share your health data with employers or use it for employment-related decisions.
No Discrimination: Your health data will never be used to discriminate against you in any way.
No Third-Party Health Profiling: We will not sell or license your health data to third parties for profiling, targeting, or any purpose other than providing our Services.
Aggregated Data Only: When we use data to improve our AI models, we use only fully anonymized, aggregated data that cannot be traced back to you individually.

5. Third-Party Services

Our Services integrate with third-party platforms. These providers have their own privacy policies:

Stripe: stripe.com/privacy
Supabase: supabase.com/privacy
OpenRouter: openrouter.ai/privacy
Google AI (Gemini): ai.google.dev/terms
Google Analytics: policies.google.com/privacy
Meta/Facebook: facebook.com/privacy

We encourage you to review these policies to understand how they handle your data.

6. Data Retention

We retain your data for as long as necessary to provide our Services and fulfill the purposes described in this policy:

| Data Type | Retention Period | |-----------|------------------| | Body scan images | Deleted immediately after analysis (maximum 24 hours) | | Account information | Until you delete your account | | Health profile | Until you delete your account | | Workout history | Until you delete your account | | Payment records | 7 years (legal/tax requirements) | | Support communications | 3 years | | Analytics data | 26 months (anonymized) |

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

7. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data is encrypted in transit (TLS/SSL) and at rest.
Access controls: Strict access controls limit who can access your data.
Secure infrastructure: We use trusted cloud providers with SOC 2 compliance.
Regular audits: We regularly review and update our security practices.
Row-Level Security: Database access is restricted so users can only access their own data.

However, no method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it immediately to support@fitless.ai.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

For All Users

Access: Request a copy of your personal data.
Correction: Update or correct inaccurate information.
Deletion: Request deletion of your account and personal data.
Opt-out of marketing: Unsubscribe from promotional emails.
Data portability: Request your data in a portable format.

For EU/EEA Residents (GDPR)

Right to object to processing based on legitimate interests.
Right to restrict processing in certain circumstances.
Right to lodge a complaint with a supervisory authority.
Right to withdraw consent at any time.

For Brazilian Residents (LGPD)

Right to confirmation of data processing.
Right to anonymization, blocking, or deletion of unnecessary data.
Right to information about shared data with third parties.
Right to revoke consent.

For California Residents (CCPA)

Right to know what personal information is collected and disclosed.
Right to delete personal information.
Right to opt-out of sale of personal information (we do not sell your data).
Right to non-discrimination for exercising privacy rights.

How to Exercise Your Rights

You can exercise many of these rights through your account settings. For other requests, contact us at privacy@fitless.ai. We will respond within 30 days (or sooner if required by law). We may need to verify your identity before processing your request.

9. International Data Transfers

Fitless operates globally. Your information may be transferred to and processed in countries other than your own, including Brazil, the United States, and countries within the European Economic Area.

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Compliance with applicable data protection laws in each jurisdiction.

10. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@fitless.ai. We will promptly delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website with a new "Last updated" date.
Sending you an email notification (for significant changes).

Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

OPALLOO INOVACOES LTDA

Avenida Brigadeiro Faria Lima, 1811 - Cj 115 Jardim America - CEP 01452-001 Sao Paulo - SP, Brazil

CNPJ: 53.284.020/0001-06

Email: support@fitless.ai

Data Protection Officer (DPO): privacy@fitless.ai

For EU/EEA residents, you have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

This Privacy Policy is available in multiple languages. In case of any discrepancy, the English version shall prevail.