Logo

Privacy Policy

Last Update: December 2025

We respect your privacy and are committed to protecting your personal data. This Privacy Policy governs your use of our website and our app (collectively referred to as the “FitX / Product / App / Services”). It outlines the types of data we collect, how we store it, how it may be used, with whom it may be shared, and your choices regarding these uses and disclosures.

By accessing or using FitX, you agree to the collection and use of information and personal data in accordance with this Policy, and that you have reviewed and understood the processing of your information and personal data, including your rights. If you do not agree with the Terms or Privacy Policy, please do not use the App, Website, and/or the Services offered by FitX.

1. Definitions

“Anonymization” means modifying personal data so individuals can no longer be identified.

“Applicable Data Protection Laws” means all relevant privacy laws, including the GDPR, UK GDPR, and CCPA/CPRA.

“CCPA” means the California Consumer Privacy Act of 2018, which grants privacy rights to California residents.

“Consent” means a freely given, informed, and unambiguous agreement by the user to process their personal data.

“Cookies” means small data files stored on a device to remember user preferences and behavior.

“Data Controller” means the person or organization that determines how and why personal data is used.

“Data Processor” means the person or organization that processes personal data on behalf of a Data Controller.

“Data Subject” means FitX users whose personal data is collected or processed.

“EEA” means the European Economic Area, which includes all EU countries and certain others (Iceland, Liechtenstein, and Norway).

“GDPR” means the General Data Protection Regulation (EU) 2016/679, which governs the processing of personal data in the EEA.

“Personal Data” means any information that identifies or can be used to identify a natural person.

“Third Party” means any person or entity other than the data subject or controller.

“UK GDPR” means the UK's version of the GDPR, applicable in the United Kingdom post-Brexit.

2. Personal Data Controller

As the owner of FitX, HubX Yazılım Hizmetleri Anonim Şirketi (“HubX / Company”) resident in Çınarlı Mah Ankara Cad No:15-411 Konak-İzmir will be the controller of your personal data.

3. Categories of Personal Data and Processing

Personal and Contact Information

Data Types: Google or Apple account name (whichever you logged-in with), username, name and surname, email address.

Purpose: To communicate with you, manage your account, provide customer support, create personalized workout plans and exercises, and respond to inquiries.

Legal Basis: Performance of a contract.

Technical and Security Data

Data Types: IP address, device name, password, browser type and version, operating system, access times, pages viewed, referring URLs, configuration data.

Purpose: To ensure the security and operation of our services, fraud prevention, debugging, diagnostics, and system analytics.

Legal Basis: Legitimate interest, legal obligation (for logs)

Usage and Log Data

Data Types: App usage logs, session information, page interaction, crash reports, download errors.

Purpose: Service improvement, debugging, performance monitoring, internal analytics.

Legal Basis: Legitimate interest, legal obligation (for logs)

Transaction and Order Information

Data Types: Purchase history, subscription and order details, in-app transaction data.

Purpose: To process transactions and subscriptions, manage billing and payment history.

Legal Basis: Performance of a contract, legal obligation (billing)

Health Data

Data Types: Gender, Age Group, Age, Exercising, Dietary and Sleeping Habits, Height, Current and Target Weight

Purpose: To estimate metabolic rate and BMI index and to create personalized workouts, exercises, personal plans and difficulty levels accordingly.

Legal Basis: Performance of a contract, Core function of the app

Please note that this app may use Apple Health app and Apple HealthKit upon your consent for Apple App Store users. You may withdraw your consent anytime by using “Your Choices” section.

Marketing and Analytics Data

Data Types: Cookies, analytics data, user preferences, Apple Identifier for Advertising (IDFA) or Google Advertising ID (AAID) (depending on the operating system of your device), interaction with marketing emails or ads.

Purpose: Personalized advertising, performance tracking of campaigns, categorization of workout and fitness plans.

Legal Basis: Legitimate interest, Consent (for IDFA, IDFV, cookies other than strictly necessary ones)

The Information Disclosed by Users

Within the scope of the data minimization principle adopted in accordance with the GDPR, FitX takes care not to process any data other than the above and is unnecessary for the app. Data that is not included in the app but shared through contact or other means is deemed to be disclosed by users. These are also protected within the scope of relevant legislation and adequate data protection measures.

Cookies and Similar Technologies

FitX uses cookies to understand how you interact with our website and to improve its performance and functionality. Cookies are small data files stored on your device by your web browser, and you can always control cookies through your browser settings as further described in our Cookie Policy.

4. Purposes of Data Processing

We use your personal information for the purposes outlined in this Privacy Policy and in any additional privacy notices provided for specific Services. These purposes are:

  • Providing and personalizing our Services, including access to tailored content, plans, classes, and ads;
  • Sharing information with business partners who support our operations by delivering essential services such as hosting, billing, security, and analytics;
  • Verifying your identity where necessary for security and access control;
  • Responding to requests, or inquiries submitted through our website, app or email;
  • Conducting audits, research, and analysis to maintain, protect, and enhance our Services;
  • Ensuring the technical functionality and security of our app; and
  • Developing and improving new features, products, and services.

We process your personal data only for specific, explicit, and legitimate purposes as described in this Privacy Policy. We do not further process your data in a manner that is incompatible with those purposes.

5. With Whom We Share Your Personal Data

We may share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service, in particular, for purposes indicated in Section 4 of this Privacy Policy. The types of third parties we share information with are listed below:

5.1. Service Providers

We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We may share your personal information with the following types of service providers:

  • Cloud storage providers (Google Cloud, Cloudflare);
  • Data and ad analytics providers (Facebook, Google, Appsflyer, Firebase);
  • App stores (Apple App Store, Google Play Store)
  • Marketing partners (CookieScript, Microsoft Clarity);
  • Payment processing services (Primer, Stripe, Paddle).

5.2. Law Enforcement Agencies and Public Authorities

We may use and disclose personal data to enforce the Terms, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.

5.3. Third Parties as Part of a Merger or Acquisition

As we develop our business, we may buy or sell assets or business offerings. Customers' information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy by taking adequate data protection measures.

5.4. Apple Health Kit

We may use health data that we obtain through the Apple Health app or Apple HealthKit to provide feedback on your activity or health condition and to improve the Service by creating a more personalized experience for you (ie, by providing content related to your activity) or health, but in no case for advertising or marketing purposes. We will not disclose such data to any third parties without your consent, and then we will not disclose it solely to enable the third party to provide health, movement or fitness services.

We do not use automated decision making or engage in profiling that produces legal or similarly significant effects. Please note that we may share anonymized technical or personal information without limitation (in such a way that it can no longer be attributed to a specific individual, ensuring your privacy is maintained).

6. User Data Deletion

Users have the right to delete their Personal Data from the Service. If you wish to delete your account and associated data, you can do so by selecting the “Delete Account” option in the app's settings or contact our support team. Upon confirmation, your account and personal data will be permanently removed from our servers, except for any data we are legally required to retain, which will be securely deleted once the applicable retention period expires. Please note that once your data is deleted, it cannot be recovered. If you wish to use FitX again in the future, you will need to create a new account from scratch.

7. International Data Transfer

We may transfer personal data to countries other than the one in which it was originally collected, in order to deliver the Product as described in the Terms and for the purposes outlined in this Privacy Policy. Where such countries do not provide the same level of data protection as your country of residence, we implement appropriate safeguards to ensure your data is adequately protected.

Specifically, for transfers of personal data originating from the EEA to countries lacking an adequate level of data protection, we rely on one or more of the following legal mechanisms: (i) Standard Contractual Clauses approved by the European Commission; (ii) the EU-U.S. Data Privacy Framework; or (iii) adequacy decisions issued by the European Commission for certain countries.

8. Storage and Destruction of Personal Data

We are committed to storing your personal data securely and in compliance with applicable laws. Personal information may be retained for as long as you use our Services or as necessary to fulfill the purposes for which it was collected, including providing our Services, resolving disputes, enforcing our agreements, meeting legal obligations, and supporting legitimate business operations. Once personal data is no longer needed or the legal retention period has expired, we will securely delete or destroy it to prevent unauthorized access, or anonymize it. Anonymization involves irreversibly altering the data so it can no longer be linked to you and may be used for analytical or research purposes without compromising your privacy.

9. Data Security

We take the security of your personal data very seriously and implement appropriate technical and organizational measures to protect it, in accordance with applicable laws, including the General Data Protection Regulation (“GDPR”). These measures are designed to safeguard against unauthorized access, alteration, disclosure, or destruction of personal data.

Key security practices include:

  • Access Controls: Personal data is accessible only to authorized FitX employees, contractors, or agents who need it to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may face disciplinary measures, including termination or legal consequences, for any breach.
  • Data Minimization: We collect and retain only the personal data necessary for specified purposes.
  • Internal Reviews & Physical Security: We regularly review our data handling practices and apply physical safeguards to secure systems where personal data is stored.
  • Security Audits: Routine audits and security assessments help identify and address vulnerabilities.
  • Special Data Handling: If special categories of personal data are processed, we apply additional safeguards, including verification steps and specific confidentiality declarations.
  • Incident Response Plan: We maintain a plan to promptly address and mitigate any security incidents or data breaches. Users are encouraged to notify us immediately in the event of suspected unauthorized access or breach.

Despite our efforts to create a secure environment, please note that no method of data transmission or storage over the Internet is entirely secure. While we strive to protect your data, we also recommend that you take precautions when using our services, such as installing antivirus software, using secure internet connections, and keeping your devices updated.

Your privacy and data security are our top priorities, and we are committed to maintaining high standards of protection as required by law.

10. Users Under 18

FitX's content is not intended for users under the age of eighteen (18), and if you provide information about yourself as a FitX user, you represent that you are at least eighteen (18) years old. We do not knowingly collect personal information from anyone under this age, but if we become aware that we have collected personal information from a user under the age of eighteen (18), we will remove such information from our files.

As a kind note for parents, if you want to exercise with your kids, please supervise your children and make sure that they are doing the moves correctly and safely. Since all trainings are planned for adults, FitX bears no responsibility in this regard.

11. Rights Under GDPR

The General Data Protection Regulation No. 2016/679 (GDPR) establishes a comprehensive framework for the protection of personal data within the European Union and the European Economic Area. Under GDPR, users have the following rights regarding their personal data as data subjects:

  • Right to Access: Obtain confirmation and access to personal data being processed.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data under certain conditions.
  • Right to Restrict Processing: Request limitation of data processing in specific situations.
  • Right to Data Portability: Receive personal data in a machine-readable format and transfer it to another controller.
  • Right to Object: Object to the processing of personal data, especially for direct marketing.
  • Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing, unless certain conditions apply.

To exercise these rights, users must send an email or petition clearly stating the right they wish to enforce, along with their name and accurate contact details. A response will be provided within the legal time period.

12. California Residents

If applicable, California Consumer Privacy Act (CCPA/CPRA) requires us to disclose categories of personal information we collect and how we use and share it as we have explained above. We are also required to communicate information about rights California residents have under California law. You may exercise the following rights:

  • Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information we collect, use, or share; (2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you.
  • Right to Equal Service. We will not discriminate against you if you exercise your privacy rights.
  • Right to Delete. You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
  • Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us. Please note that we do not sell the personal information of our users. For more information about these rights, please contact us.

13. Updates to Privacy Policy

We reserve the right to update this privacy policy at any time to reflect changes in our practices, legal obligations, or operational needs. Users are encouraged to review this policy regularly to stay informed about how we protect their personal data and to understand their rights and responsibilities. The revision date is stated in the introduction of the policy. Any updates will take effect immediately upon posting. If users do not agree with the amendments, they should discontinue using the app. Continued use of the website after such updates constitutes acceptance of the revised policy.

14. Communication

If you have any questions or concerns about this Privacy Policy or our collection, use, or storage of your data, please do not hesitate to contact us at: [email protected]