At FitWithAI, we value your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data.
This policy has been prepared in accordance with the Turkish Personal Data Protection Law No. 6698 (KVKK) and the European Union General Data Protection Regulation (GDPR).
By using the application, you agree to this Privacy Policy.
1. Data Controller
The data controller for personal data collected by the FitWithAI application:
Application Owner: FitWithAI
Email: [email protected]
2. Data We Collect
We collect the following personal data when you use the application:
Account Information
- Email address
- Password (stored in encrypted form)
- First and last name (optional)
- Profile photo (optional)
- Account creation date
Profile and Health Data
To provide personalized recommendations:
- Date of birth / Age
- Gender
- Height and weight
- Activity level
- Nutritional goals (weight loss, maintenance, gain)
- Dietary preferences (vegetarian, vegan, etc.)
- Allergies and intolerances
- Health conditions (diabetes, blood pressure, etc. — optional)
Usage Data
- Meal logs and photos
- Nutritional value tracking history
- Water intake records
- App usage statistics
- Conversations with the AI assistant
- Search history
Technical Data
- Device type and model
- Operating system and version
- App version
- IP address
- Device identifiers
- Crash reports and error logs
- Language and region preferences
Photos and Media
- Meal photos
- Barcode images
- Nutrition label photos
- Photo metadata (EXIF — may include location)
Camera Access (android.permission.CAMERA)
Our application requests access to your device's camera. This permission is used for the following purposes:
- Taking meal photos: Capturing food photos for AI-powered nutritional analysis
- Barcode scanning: Scanning barcodes on food products to automatically retrieve nutritional information
- Nutrition label reading: Photographing and analyzing nutrition facts tables on product packaging
Camera data is used solely for the purposes described above. Camera images are not shared with third parties without your explicit consent. You can revoke camera access at any time through your device settings.
3. Purposes of Data Processing
We process your personal data for the following purposes:
Core Service Delivery
- Creating and managing your account
- Analyzing meal photos
- Calculating nutritional values
- Providing daily calorie and macro tracking
- Offering personalized recommendations
Service Improvement
- Training and improving our AI models
- Enhancing user experience
- Developing new features
- Detecting and fixing bugs
- Conducting performance analyses
Communication
- Sending account notifications
- Informing about important updates
- Responding to your support requests
- Marketing communications (with your consent)
Security and Compliance
- Preventing fraud and misuse
- Fulfilling legal obligations
- Enforcing terms of use
- Ensuring data security
4. Legal Basis for Data Processing
We process your personal data based on the following legal grounds (KVKK Article 5 and GDPR Article 6):
- Explicit consent: Health data, marketing communications
- Performance of a contract: Account creation, service delivery
- Legitimate interest: Service improvement, security, analytics
- Legal obligation: Tax, audit, and legal requirements
5. Special Categories of Personal Data
Health data (height, weight, health conditions, allergy information) falls under the special categories of personal data.
Processing of Health Data
- This data is collected only with your explicit consent
- It is used for personalized nutrition recommendations
- It is not shared with third parties
- It is protected with additional security measures
- You can request its deletion at any time
6. Artificial Intelligence and Automated Decision-Making
Our application uses artificial intelligence technologies:
AI Operations
- Automatic analysis of meal photos
- Nutritional value estimation
- Portion size calculation
- Personalized recommendation algorithms
- AI assistant responses
AI Data Usage
- Your photos may be used to train AI models
- Data is used in anonymized form
- You have the right to object (Settings > Privacy)
- Automated decisions are not binding
7. Data Sharing
We may share your personal data with the following parties:
Service Providers
- Cloud storage services (AWS, Google Cloud)
- Payment processors (App Store, Google Play)
- Analytics providers (anonymous data)
- Email service providers
- Customer support platforms
Legal Requirements
We may share data with authorities when legally required:
- Court order or legal request
- Criminal investigation
- To protect user safety
What We Do Not Share
- We do not sell your personal data for advertising
- We do not share your health data with third parties
- We do not use your data for unauthorized marketing
8. International Data Transfers
Your data may be processed on servers outside of Turkey:
- Our servers are located in the European Union and the United States
- GDPR and KVKK-compliant data transfer agreements are used
- Standard Contractual Clauses (SCCs) are applied
- Adequate protective measures are in place
9. Data Retention Period
We retain your data only for as long as necessary:
- Account data: As long as the account is active + 2 years
- Meal records: As long as the account is active
- Photos: 30 days after processing (originals), analysis results are permanent
- Payment records: 10 years as required by law
- Support requests: 3 years
- Analytics data: Permanently in anonymized form
After Account Deletion
When you delete your account:
- Your personal data is deleted within 30 days
- It is completely removed from backups within 90 days
- Except for data required by legal obligations
- Anonymized data may be retained
10. Your Rights
Under KVKK and GDPR, you have the following rights:
- Right to information: Learn what data we process about you
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restriction of processing: Restrict processing in certain circumstances
- Right to data portability: Receive your data in a structured format
- Right to object: Object to processing based on legitimate interest
- Right to object to automated decisions: Request human intervention for AI decisions
- Right to withdraw consent: Withdraw your consent at any time
Exercising Your Rights
- In-app Settings > Privacy > My Data Requests
- Email: [email protected]
- Identity verification may be required
- Your request will be responded to within 30 days
- Free of charge (except for excessive requests)
11. Children's Privacy
FitWithAI is not intended for users under the age of 18.
- We do not knowingly collect data from individuals under 18
- Users aged 13–18 may register with parental consent
- If an underage user is identified, the account will be suspended
- Parents can request the deletion of their children's data
12. Security Measures
We implement comprehensive security measures to protect your data:
Technical Measures
- Encrypted data transfer with TLS 1.3
- Database encryption with AES-256
- Password hashing with bcrypt
- Regular security audits and penetration testing
- Firewalls and DDoS protection
- Access control and authorization
Organizational Measures
- Employee privacy training
- Principle of least privilege
- Data access logs
- Incident response plans
- Regular backups
In Case of a Security Breach
If a data breach is detected:
- Authorities are notified within 72 hours
- Affected users are informed immediately
- The scope of the breach and measures taken are disclosed
- Necessary corrective actions are implemented
13. Cookies and Tracking
We do not use cookies in our mobile application. However:
- Device identifiers may be used
- Third-party SDKs may use their own tracking methods
- Anonymous data is collected for app analytics
- You can disable tracking in Settings > Privacy > Analytics
14. Third-Party Links
Our application may contain links to third-party services. We are not responsible for the privacy practices of these services. Please review the privacy policies of the respective services.
15. Policy Changes
We may update this Privacy Policy. For significant changes:
- We will send an in-app notification
- We will inform you via email
- The "Last Updated" date will change
- Changes take effect after 30 days
- We may request re-consent for significant changes
16. Right to Complain
If you have concerns about our data processing practices:
- Contact us first: [email protected]
- You may file a complaint with the Turkish Personal Data Protection Authority (KVKK)
- EU citizens may contact their local Data Protection Authority