Afitpilot®

Privacy Policy

Learn how we protect your privacy and handle your personal data with transparency and care.

Privacy Policy

Data Collection and Processing

Afitpilot Lite collects and processes the following personal and health-related data:

  • Basic Details: Name, email, phone number, age, gender, height, weight
  • Training Information: Goals, training frequency, preferred training times, equipment available
  • Health Data: Injury history, medical notes, fitness level
  • Training Logs: Workout sessions, performance data, feedback
  • Behavioral Signals: Patterns derived from your interactions with the app (see Psychological Profiling section below)

Purpose of Processing

Your data is processed exclusively for:

  • Generating personalized training plans through AI systems
  • Creating adaptive training programs based on your progress
  • Providing coaching services and recommendations
  • Improving the quality of training plans (without using your data to train AI models)
  • Personalizing coaching communication style based on your preferences (see Psychological Profiling section)

Data Processing Details

  • AI Processing: Your training plans are generated using various AI models via OpenRouter, our API routing provider. Before processing, your data is anonymized - personal identifiers like names are removed and replaced with anonymous IDs
  • Data Location: Your data is stored in Firebase (Google Cloud) within the European Union
  • Data Security: All data is encrypted in transit and at rest
  • AI Training: Your data is NOT used to train AI models. Our AI providers do not use API data for model training
  • Zero Data Retention (ZDR): Since February 2026, we route all AI requests through providers with Zero Data Retention policies. This means your data is processed in memory only and never stored by the AI provider

Third-Party Services

We use the following third-party services to provide our app:

  • Google Firebase: Database storage and authentication (EU region)
  • OpenRouter: API routing service that connects us to various AI providers. OpenRouter acts as a data processor under GDPR and maintains Data Processing Agreements (DPAs) with both us and their upstream AI providers. OpenRouter supports Zero Data Retention routing to ensure your data is not stored after processing.
  • AI Providers (via OpenRouter): We use multiple AI models for training plan generation, including models from OpenAI (via Azure), Google, Anthropic, and others. All requests are routed through Zero Data Retention endpoints where available.
  • Stripe: Secure payment processing (PCI-DSS compliant)
  • Mailgun: Transactional email delivery (workout notifications, EU servers)

All third-party services comply with GDPR requirements and have appropriate data processing agreements in place.

International Data Transfers

When you use Afitpilot Lite, your anonymized training data may be processed by AI services via OpenRouter that operate servers outside the European Union. We take the following measures to protect your data:

  • Anonymization: Before any data is sent for AI processing, personal identifiers (names, emails, etc.) are removed and replaced with anonymous IDs
  • Data Minimization: Only the minimum data necessary for generating training plans is transmitted
  • Zero Data Retention (ZDR): We preferentially route requests to AI providers that offer Zero Data Retention endpoints. This means your data is processed in real-time and immediately discarded - it is never stored on the AI provider's servers
  • Contractual Safeguards: We maintain data processing agreements with OpenRouter, who in turn maintains DPAs with upstream AI providers

By using Afitpilot Lite, you acknowledge that anonymized data may be processed outside the EU for the purpose of AI-powered training plan generation. Your identifiable personal data (name, email, etc.) remains stored exclusively within the EU.

Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of all data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Consent Withdrawal: Withdraw your consent at any time
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object to Processing: Object to certain types of data processing
  • Lodge a Complaint: File a complaint with your local data protection authority

Psychological Profiling for Coaching Personalization

To provide you with a better coaching experience, we analyze your interactions with the app to understand your preferences and communication style. This is done in good faith to improve your training experience.

What We Analyze

We derive behavioral signals from:

  • Session Feedback: Your comments and ratings after workouts
  • RPE (Rate of Perceived Exertion): How you rate workout difficulty compared to prescribed targets
  • Adaptation Requests: When and why you request changes to your training plan
  • Communication Patterns: Length and style of your feedback messages

What We Derive

From this analysis, we create a coaching profile that may include:

  • Coaching Preferences: Preferred level of detail, encouragement style, explanation depth
  • Behavioral Patterns: Adherence tendencies, feedback frequency, workout completion rates
  • Communication Style: Preferred tone and detail level for coaching messages

How This Data Is Used

  • Your profile is used solely to personalize coaching messages and adapt training plans
  • This data is NOT used for marketing, advertising, or shared with third parties
  • This data is NOT used to train AI models

Your Rights Regarding Profiling

  • Transparency: You can view your psychological profile in the app settings
  • Opt-Out: You can disable psychological profiling without affecting core app functionality
  • Deletion: You can request deletion of your psychological profile at any time

Data Minimization

We store processed insights (scores and preferences), not your raw feedback text. Only brief excerpts (up to 100 characters) may be retained for context.

Data Retention

  • Your data is retained only as long as necessary to provide our services
  • Upon consent withdrawal, your data will be deleted within 30 days
  • Some data may be retained longer for legal compliance purposes

Contact Information

For any privacy-related questions or requests:

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated through the App or via email at least 14 days before taking effect. Continued use of the App after the effective date constitutes acceptance of the updated policy. If you do not agree with any changes, you may contact us to discuss alternatives or request account deletion before the changes take effect.

Last updated: February 1, 2026