Privacy Policy

Last updated: August 28, 2025

Introduction

This privacy policy explains how MITOLOGIC SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (referred to as "we", "us", or "Company") collects, uses, and protects your personal data when you use the Fitly mobile application (referred to as "App" or "Application").

We are committed to protecting your privacy and ensuring transparency about how we handle your personal information. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

Company Name:
MITOLOGIC SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Legal Form:
Spółka z ograniczoną odpowiedzialnością

Registration Date:
May 13, 2025

Share Capital:
5,000 PLN

KRS Number:
0001172492

NIP:
5833537382

REGON:
541708303

Registered Address:
Wały Piastowskie 1 / 1508
80-855 Gdańsk, Poland

Data We Collect

1. Registration and Profile Data

  • Email address (required for login)
  • Password (hashed and securely stored)
  • First and last name
  • Age, height, weight, gender
  • Date of birth
  • Profile photo (optional)
  • Registration date

2. Health and Fitness Data

  • Fitness goals (muscle building, weight loss, etc.)
  • Dietary preferences and restrictions
  • Allergies and food intolerances
  • Health conditions and injuries
  • Physical activity level
  • Target weight and timelines
  • Workout history (exercises, weights, repetitions)
  • Training progress and achievements
  • Progress photos

3. Nutrition Data

  • Food diary (meals, calories, macronutrients)
  • Photos of meals and nutrition labels
  • Caloric and nutritional goals
  • Consumption history
  • Shopping lists

4. App Preferences and Settings

  • App language
  • Dark/light mode preference
  • Notification settings
  • Daily goals (steps, water, calories)
  • Workout frequency preferences
  • Session duration settings

5. Technical Data

  • Device information (model, operating system)
  • IP address
  • App usage patterns and analytics
  • Push notification tokens
  • JWT authentication tokens

Device Permissions

The App requires the following permissions to function properly:

  • Camera: To take photos of your progress and meals
  • Gallery/Media Library: To save and access comparison photos
  • Push Notifications: For workout and meal reminders
  • Internet Access: For communication with our servers
  • Local Storage: For offline data caching

How We Use Your Data

  • Service Provision: To provide personalized fitness and nutrition recommendations
  • AI Training Services: To generate custom workout plans and analyze meal photos
  • Progress Tracking: To monitor your fitness journey and achievements
  • App Functionality: To maintain your account and preferences
  • Communication: To send you notifications, updates, and support messages
  • Improvement: To analyze app usage and improve our services
  • Security: To protect against fraud and unauthorized access

Legal Basis for Processing

  • Contract Performance (GDPR Art. 6(1)(b)): Processing necessary to provide the fitness and nutrition services you've requested
  • Explicit Consent (GDPR Art. 6(1)(a) & Art. 9(2)(a)): For health data processing and AI analysis of your photos and personal information
  • Legitimate Interest (GDPR Art. 6(1)(f)): For app improvement, security, and analytics
  • Legal Obligation (GDPR Art. 6(1)(c)): To comply with applicable laws and regulations

⚠️ Important Note on Health Data

Health and fitness data are considered special categories of personal data under GDPR Article 9. We only process this data with your explicit consent, which you can withdraw at any time through the app settings or by contacting us.

Third-Party Services and Data Sharing

1. OpenRouter AI (United States)

  • Purpose: AI-powered fitness coaching and meal analysis
  • Data transferred: Text queries, meal photos, nutrition label images, profile data for personalization
  • Legal basis: Necessary for service provision and explicit consent for AI analysis
  • Safeguards: Standard Contractual Clauses and service provider commitments

2. Expo Push Notifications

  • Purpose: Sending workout and meal reminders
  • Data transferred: Device tokens, notification preferences
  • Location: Various global servers

3. Backend API Services

  • Purpose: Data synchronization and app functionality
  • Data transferred: All user data for backup and synchronization
  • Security: JWT authentication with refresh tokens, HTTPS encryption

For third-party service privacy policies:

International Data Transfers

Some of your data is transferred to and processed in the United States, specifically:

  • OpenRouter AI: For AI-powered fitness coaching and image analysis
  • Cloud Infrastructure: For data backup and processing

We ensure adequate protection for these transfers through:

  • Standard Contractual Clauses approved by the European Commission
  • Additional technical and organizational security measures
  • Regular assessment of transfer adequacy

Data Storage and Security

Local Storage (Your Device)

  • Authentication tokens
  • Cached user data
  • Offline workout and nutrition data
  • App preferences
  • Scheduled notifications

Security Measures

  • Password hashing using industry-standard algorithms
  • JWT tokens with expiration times
  • HTTPS encryption for all API communications
  • Optional two-factor authentication (2FA)
  • Automatic logout when tokens expire
  • Regular security audits and updates

Data Retention

  • Account Data: Retained while your account is active and for 30 days after deletion to enable account recovery
  • Health and Fitness Data: Retained while your account is active and deleted within 30 days of account deletion
  • Progress Photos: Retained until you delete them or close your account
  • Analytics Data: Anonymized and retained for up to 2 years for service improvement
  • Legal Requirements: Some data may be retained longer if required by law

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent for health data processing at any time

To exercise these rights, contact us at admin@mitologic.net or through the app's settings.

Children's Privacy

Our App is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Sending a notification through the App
  • Emailing you at your registered email address
  • Posting a notice on our website

Changes become effective 30 days after notification. Continued use of the App after this period constitutes acceptance of the updated policy.

Contact Information

For any questions about this Privacy Policy or your personal data, please contact us:

MITOLOGIC SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Wały Piastowskie 1 / 1508

80-855 Gdańsk, Poland

Email: admin@mitologic.net

Data Protection: privacy@mitologic.net

KRS: 0001172492 | NIP: 5833537382 | REGON: 541708303

Supervisory Authority: You have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) at ul. Stawki 2, 00-193 Warsaw, Poland.