FitPlanAI Privacy Policy

Last updated: January 15, 2026

§1. About this Privacy Policy

Your privacy is very important to us. This privacy policy explains what data we collect, how we use it, who we share it with, and what rights you have regarding its processing. This document fulfills the information obligation arising from Articles 13 and 14 of the GDPR.

§2. Data Controller

The controller of your personal data is:

FitPlanAI

Mateusz Janiszewski

41-711 Ruda Śląska, Poland

Tax ID (NIP): 7381969226

E-mail: kontakt@fitplanai.app

Website: https://fitplanai.app

Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Polish Act of 10 May 2018 on personal data protection.

§3. Scope of Data Collected

Account Data (required)

  • • Email address
  • • Display name
  • • Login method (email/Google)

Providing this data is necessary to create an account and use the App. Without it, we cannot provide the service.

Personal Data (optional)

  • • Date of birth
  • • Gender
  • • Height
  • • Weight

Providing this data is optional but enables AI-generated personalized training plans.

Training Data

  • • Workout plans
  • • Training session history
  • • Body measurements
  • • Custom exercises

Technical Data

  • • System logs and session data
  • • IP address (anonymized)
  • • Anonymous analytics data (Google Analytics 4)

Payment Data

Payment data (card number, BLIK data) is processed exclusively by the payment operator PayU and is not stored in our systems. We only receive transaction confirmation with a payment identifier.

§4. Data Source

We receive all personal data directly from you – during registration, profile completion, App usage, and making payments. We do not obtain data from other sources.

§5. Legal Basis for Processing

We process your data on the following legal grounds:

  • • Art. 6(1)(a) GDPR – consent: analytics cookies, marketing (if you give consent)
  • • Art. 6(1)(b) GDPR – contract performance: providing App services, account management, payment processing
  • • Art. 6(1)(c) GDPR – legal obligation: storing accounting documentation, invoices
  • • Art. 6(1)(f) GDPR – legitimate interest: system security, fraud prevention, service improvement

§6. Purposes of Data Processing

  • • Providing training app services
  • • Managing user accounts
  • • Generating personalized training plans using AI
  • • Processing payments for Premium services
  • • Anonymous usage analysis to improve the App
  • • Handling inquiries and technical support
  • • Ensuring security and preventing abuse

§7. Use of Artificial Intelligence

The App uses artificial intelligence systems to generate personalized training plans. This section fulfills the information obligation arising from EU Regulation 2024/1689 (AI Act).

AI systems used in the App:

  • • Training Plan Generator – uses Google Gemini model to create personalized exercise plans
  • • Diagnostic Quiz – scoring algorithm (not AI/ML) used for user segmentation

Data processed by AI: Training goal, experience level, available equipment, injuries/health limitations, age, gender, weight, height, priority muscle groups

AI service provider: Google (Vertex AI / Gemini). Data is processed in the europe-central2 region (Warsaw, EU).

Nature of decisions: Generated plans are purely supportive and advisory. They do not produce legal effects or significantly affect your rights. The user always makes the final decision about implementing the plan.

Processing logic: AI analyzes your data and goals to select appropriate exercises from our database. The system filters out exercises that are dangerous for reported injuries and adjusts intensity to experience level.

Safety mechanisms:

  • • Automatic exclusion of exercises dangerous for reported injuries
  • • Validation of generated plans before displaying to user
  • • Continuous monitoring of recommendation quality and safety

AI system limitations: AI may not account for all individual health factors. We always recommend consulting a doctor or personal trainer before starting a new training program, especially if you have health issues.

Your rights regarding AI:

  • • Right to information – we inform you when you use AI-powered features
  • • Right to explanation – you can request an explanation of how AI generated a specific plan
  • • Right to object – you can opt out of AI features and create plans manually
  • • Right to human intervention – you can contest generated plans by contacting us
  • • Right to deletion – your AI data is deleted along with your account

Contact regarding AI: If you have questions about AI operation or wish to contest a generated plan, contact us at kontakt@fitplanai.app.

§8. Data Retention Period

  • • Account and training data: for the entire period of account usage, then deleted within 30 days of account deletion
  • • System logs: maximum 90 days
  • • Analytics data (Google Analytics): 14 months
  • • Accounting documentation (invoices): 5 years from the end of the tax year, as required by law
  • • Data for defense against claims: up to 3 years from the end of service provision

§9. Data Recipients (Processors)

Your data may be transferred to the following categories of recipients:

  • • Google Ireland Limited (Firebase – hosting, database, authentication; Google Analytics 4 – analytics with IP anonymization)
  • • PayU S.A. (ul. Grunwaldzka 186, 60-166 Poznań, Poland) – electronic payment processing
  • • AI service providers – to the extent necessary for generating training plans (data is anonymized before transfer)

All processors operate under data processing agreements compliant with Art. 28 GDPR.

§10. International Data Transfer

Due to the use of Google services, your data may be transferred to the United States. The transfer is based on the European Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 establishing an adequate level of protection for personal data under the EU-US Data Privacy Framework. Google LLC is certified under this program, ensuring an adequate level of protection for your data.

§11. Data Security

We use advanced technical and organizational measures to protect your data:

  • • Encryption of sensitive personal data (age, gender, height, weight, body measurements) before storage in the database
  • • HTTPS/TLS connection encryption
  • • Request rate limiting (attack protection)

§12. Your Rights (GDPR)

You have the following rights regarding the processing of personal data:

Right of Access (Art. 15)

You can obtain information about the processing of your data and download a copy in JSON/CSV format in account settings.

Right to Rectification (Art. 16)

You can correct inaccurate data directly in account settings.

Right to Erasure (Art. 17)

You can delete your account and all data in the App settings.

Right to Restriction of Processing (Art. 18)

You can request restriction of processing in certain cases (e.g., when you contest the accuracy of data).

Right to Data Portability (Art. 20)

You can export your data in a structured format (JSON/CSV) and transfer it to another service.

Right to Object (Art. 21)

You can object to processing based on the controller's legitimate interest.

Right to Withdraw Consent

If processing is based on consent, you can withdraw it at any time (this does not affect the lawfulness of processing before withdrawal).

Right to Lodge a Complaint (Art. 77)

You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl) or your local supervisory authority.

How to exercise your rights:

Most rights can be exercised independently in account settings. In other cases, contact us at kontakt@fitplanai.app. We will respond to your request within 14 days.

§13. Cookies

We use cookies for the following purposes:

Essential Cookies (no consent required)

Used to maintain login sessions and remember preferences. Without them, the App cannot function properly.

NamePurposeExpiry
__sessionUser session tokenSession
firebase-authFirebase authenticationPersistent

Analytics Cookies (require consent)

Used for anonymous analysis of App usage. They help us understand how users use features, allowing us to improve the service.

NamePurposeExpiry
_gaGoogle Analytics identifier14 months
_ga_*GA4 session state14 months

You can manage cookie preferences via the banner displayed on first visit or in browser settings. Disabling analytics cookies does not affect App functionality.

§14. Privacy Policy Changes

We may update this privacy policy in case of legal or technical changes. We will notify you of significant changes by email or in the App with 14 days notice. The current version is always available at: https://fitplanai.app/en/privacy

§15. Contact for Data Protection Matters

If you have questions about personal data processing or exercising your rights, contact us: