PRIVACY POLICY
Last Updated: February 2, 2026
1. Introduction
Welcome to ULTRA+ ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and our website (the "Site").
IMPORTANT:
Your use of our services involves the processing of sensitive data. We rely on your explicit consent for the processing of health and biometric data, which you provide upon account creation. You may withdraw this consent at any time (via Account Settings), but doing so will prevent access to core fitness and nutrition tracking features. Basic account management will remain accessible.
2. Information We Collect
We collect information that helps us provide our fitness and nutrition tracking services. Our legal basis for collecting this data is either contractual necessity (to provide the service you signed up for) or explicit consent (for health/AI features).
A. Personal Information
- Identity Data: Your name, email address, and authentication credentials (via Supabase).
- Profile Data: Your username, profile preferences, and subscription status (Pro/Free).
B. Health & Biometric Data (Special Category Data)
To function as a fitness tracker, we collect and store the following data based on your explicit consent:
- Biometrics: Height, weight, age, biological sex, and activity levels.
- Fitness Data: Workout logs (exercises, sets, reps, weight lifted), workout duration, and history.
- Nutrition Data: Food logs, calorie intake, macro-nutrient breakdowns (protein, carbs, fats), and dietary goals.
- Recovery Data: Sleep quality status (binary: Good/Poor) and self-reported recovery metrics.
C. AI Interaction Data
- Contextual Data: When you use AI features (e.g., "AI Coach" or "Smart Food Log"), we process the text you input and relevant context (recent workouts) to generate a response. This processing is optional and initiated by you.
D. Device & Technical Data
- Device Information: Device model, operating system version, and unique device identifiers.
- Usage Data: Interaction logs, feature usage (via PostHog analytics), and app performance data.
- Push Notifications:
- Service Notifications: Workout reminders and account alerts (Contractual Necessity).
- Marketing: Promotional offers (Requires Opt-in). You can manage these preferences in your device settings.
3. How We Use Your Information
We use your data for the following legitimate business purposes:
- Service Delivery: To track your workouts, calculate calories, and visualize your progress (Basis: Contract).
- AI Coaching (Google Gemini): We process your workout history and profile goals through Google Gemini to generate personalized advice.
- No Training: We do NOT allow Google to use your personal data to train their foundation models.
- No Automated Legal Decisions: The AI provides recommendations only; it does not make decisions that produce legal effects.
- Human-in-the-Loop: You always have the final say on whether to follow a workout or nutrition plan.
- Food Processing: When you use the AI Food Log, your text input is processed to extract nutritional values. (Basis: Consent).
- Payments: To process subscriptions via RevenueCat. We do not store financial data. (Basis: Contract).
- Barcodes: To scan food products. Processed locally on-device. (Basis: Contractual Necessity).
Medical Disclaimer (Crucial)
This App does not provide medical advice. The services, including AI coaching and nutritional feedback, are for informational and educational purposes only. They are not a substitute for professional medical advice, diagnosis, or treatment. Always consult with your physician before starting any new fitness or nutrition program.
4. Third-Party Service Providers
We share data with specific third-party vendors who assist us in operating the App. These partners are bound by confidentiality agreements and data protection laws:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Backend Database & Auth | User identity, health data, logs. |
| Google (Gemini) | AI & LLM Processing | Pseudonymized context (workouts, diet logs) for generating advice. |
| RevenueCat | Subscription Management | User ID, purchase history. |
| PostHog | Analytics & Usage | Anonymized usage events, device info. |
| Meta (Facebook) | Marketing (Website Only) | Visitor data via Pixel (if visiting the website). |
5. Data Retention & Security
- Security: We implement industry-standard encryption (SSL/TLS) for data in transit and encryption at rest.
- Retention: We retain your data only as long as your account is active.
- Upon Deletion: If you delete your account, your data is removed from our live databases immediately.
- Backups: Encrypted backups may retain data for up to 30 days before being legally purged.
- Legal: We may retain basic transaction records for tax compliance where required by law.
6. Your Rights (EEA, UK, & California)
Depending on your location (e.g., GDPR for EEA/UK, CCPA/CPRA for California), you may have the following rights:
A. General Rights
- Right to Access / Know: Request details about the categories of personal information we collect, use, and share.
- Right to Correction: Update incorrect information via the App profile settings or by contacting us.
- Right to Deletion: Request complete deletion of your account and associated data ("Right to be Forgotten").
- Right to Portability: Request your data in a structured, machine-readable format.
- Right to Withdraw Consent: Where we rely on consent (e.g., for biometric data), you may withdraw it at any time.
B. California Residents (CCPA/CPRA)
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do use third-party analytics (PostHog) and marketing pixels (Meta) which may be considered "sharing" under California law. You may opt-out by enabling the "Global Privacy Control" (GPC) signal on your browser or contacting us.
- Sensitive Personal Information: You have the right to limit the use of your sensitive personal information (biometrics) to only what is necessary to perform the services (i.e., tracking your fitness). We do not use your sensitive health data for marketing.
- Non-Discrimination: We will not discriminate against you (e.g., deny services, charge different prices) for exercising your privacy rights.
To exercise these rights, please contact us at: contact@ultra.fit or use the "Delete Account" function in the Profile section.
7. International Data Transfers
Please note that we may transfer, store, and process your personal information outside the country you live in (e.g., servers in the United States). Your personal information is also processed by third-party service providers (like Supabase and Google) in these countries.
If we transfer your personal information out of the EEA/UK, we rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses (SCCs) or equivalent adequacy decisions to ensure your data remains protected.
8. Children's Privacy
The App is not intended for children under 13 (or 16 in certain jurisdictions). We do not knowingly collect data from children. If we become aware that we have collected such data, we will delete it immediately.
9. Updates to This Policy
We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last Updated" date and will be effective as soon as it is accessible.
10. Contact Us
If you have questions about this Privacy Policy, please contact us at:
ULTRA+ Legal Team
[Insert Company Address or Email]