Privacy Policy

1. Who We Are

FitRot ("we", "us", or "our") is a screen time management app available on iOS that requires users to complete physical fitness movements to unlock device screen time. FitRot is operated by FitRot, Inc.

If you have any questions about this Privacy Policy, please contact us at:

📧 privacy@fitrot.app
🌐 www.fitrot.app

2. Information We Collect

2.1 Information You Provide Directly

Account information – Name, email address, and password when you create an account.
Profile information – Optional details such as age, height, and weight used to personalize your fitness experience.
Subscription & payment information – Managed entirely through Apple's App Store and Superwall. FitRot does not store or have access to your raw credit card or payment details.

2.2 Health & Biometric Data

To deliver core app functionality, FitRot may collect and process the following:

Movement & motion data – Captured via your device's camera and/or accelerometer to verify that a fitness movement has been completed.
Body weight – If you voluntarily enter this to personalize exercise requirements.
Heart rate – If you grant access via Apple HealthKit.
Exercise completion records – Logs of which movements were completed and when.

2.3 Device & Technical Data

We automatically collect certain technical data when you use the App:

Device type, model, and operating system version
App version
Unique device identifiers (e.g., IDFV)
IP address (used for general geolocation, not precise location tracking)
Crash reports and performance logs
App usage events and session data

2.4 Advertising Identifiers

With your explicit consent under Apple's App Tracking Transparency (ATT) framework, we may collect your IDFA (Identifier for Advertisers) to measure the effectiveness of our marketing campaigns via AppsFlyer. You will always be asked for permission before this data is collected.

3. How We Use Your Information

We use the data we collect to:

Purpose	Data Used
Verify fitness movements to unlock screen time	Camera/motion data, exercise records
Personalize exercise requirements	Weight, health profile
Manage your subscription	Subscription status via Apple/Superwall
Improve app performance and fix bugs	Crash logs, device data
Analyze feature usage to improve the product	Anonymized analytics via Mixpanel
Measure marketing effectiveness	Attribution data via AppsFlyer (with consent)
Prevent fraud and enforce Terms of Service	Device identifiers, usage patterns
Respond to support requests	Account info, usage data

We do not use your data to:

Sell advertising space within the App
Build advertising profiles for third-party ad networks
Share HealthKit data with any third party for analytics or advertising purposes

4. Third-Party Services

FitRot integrates the following third-party services. Each operates under its own privacy policy, and we encourage you to review them.

4.1 Mixpanel (Analytics)

Purpose: To understand how users interact with FitRot so we can improve the product.

What they collect: Anonymized usage events, feature interactions, session duration, and device metadata.

What they do NOT receive: Health data, biometric data, or HealthKit information.

Your opt-out options:

Adjust your privacy settings in the FitRot app.
Visit mixpanel.com/optout.

📄 Mixpanel Privacy Policy

4.2 AppsFlyer (Mobile Attribution & Marketing Analytics)

Purpose: To measure which marketing channels and campaigns drive app installs and user actions, helping us spend marketing budgets responsibly.

What they collect (with your ATT consent): IDFA, IP address, app install source, and in-app events (e.g., subscription started).

What they do NOT receive: Health data, biometric data, camera footage, or HealthKit information.

Your opt-out options:

Deny ATT permission when prompted at app launch — this prevents IDFA collection.
Change your choice at any time: Settings → Privacy & Security → Tracking.
Visit AppsFlyer's Privacy Center.

📄 AppsFlyer Privacy Policy

4.3 Superwall (Subscription Paywall Management)

Purpose: To display and manage subscription paywalls and in-app purchase flows.

What they collect: Anonymized data about how users interact with subscription prompts (e.g., which paywall was shown, whether a purchase was made), device type, and app version.

What they do NOT receive: Health data, biometric data, or payment card details.

📄 Superwall Privacy Policy

4.4 Apple (App Store, HealthKit, StoreKit, ATT)

Apple processes subscription payments and manages HealthKit data access under its own frameworks and privacy policies.

Apple does not share your payment information with FitRot beyond subscription status.
HealthKit access is governed by Apple's HealthKit terms.
ATT permission prompts are managed by Apple's operating system.

📄 Apple Privacy Policy

5. Apple HealthKit

FitRot may request access to Apple HealthKit to read health data such as heart rate. We take HealthKit access seriously and adhere to strict Apple guidelines:

HealthKit data is used only to provide core app functionality.
HealthKit data is never shared with third-party analytics platforms, advertisers, or data brokers — including Mixpanel and AppsFlyer.
HealthKit data is never sold under any circumstances.
You can revoke HealthKit access at any time via Settings → Health → Data Access & Devices → FitRot.

6. Children's Privacy (COPPA)

FitRot is available to users of all ages. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA).

We do not knowingly collect personal information from children under 13 without verifiable parental consent.
If a parent or guardian becomes aware that their child under 13 has provided personal information without their consent, please contact us at privacy@fitrot.app and we will promptly delete the data.
Children under 13 should only use FitRot with parental supervision and consent.
We do not direct marketing or advertising at users we know to be under 13.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide our services.

Data Type	Retention Period
Account & profile data	Until account deletion
Exercise completion records	Up to 2 years, or until account deletion
Health & biometric data	Not stored beyond session unless explicitly saved
Analytics data (Mixpanel)	Per Mixpanel's retention settings (typically 5 years)
Attribution data (AppsFlyer)	Per AppsFlyer's data retention policy
Subscription records	As required by Apple / legal compliance

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

8. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal data:

8.1 All Users

Access – Request a copy of the personal data we hold about you.
Correction – Request that we correct inaccurate data.
Deletion – Request that we delete your data ("right to be forgotten").
Opt-out of analytics – Opt out of Mixpanel analytics data collection.
Opt-out of tracking – Deny or revoke ATT consent to stop IDFA-based attribution.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

The right to know what personal information we collect, use, disclose, and sell.
The right to opt out of the sale of personal information. (FitRot does not sell personal information.)
The right to non-discrimination for exercising your privacy rights.
The right to limit use of sensitive personal information (including health data).

To exercise your California rights, contact us at privacy@fitrot.app.

8.3 European / UK Users (GDPR)

If you are located in the European Economic Area (EEA) or UK, you have the right to:

Object to processing based on legitimate interests.
Restrict processing of your data in certain circumstances.
Data portability – Receive your data in a structured, machine-readable format.
Lodge a complaint with your local data protection authority.

Our legal bases for processing your data are: contract performance (providing the App), legitimate interests (analytics and fraud prevention), and consent (HealthKit access, ATT tracking).

To exercise your GDPR rights, contact us at privacy@fitrot.app.

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

Encryption of data in transit (TLS/HTTPS)
Encryption of data at rest
Access controls limiting who can access personal data internally
Regular security reviews of our third-party integrations

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Data Transfers

FitRot is operated from the United States. If you are accessing the App from outside the US, your data may be transferred to and processed in the United States, where privacy laws may differ from your country.

For users in the EEA or UK, we rely on appropriate safeguards (such as Standard Contractual Clauses) when transferring data internationally.

11. Links to Third-Party Sites

The App may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Notify you via an in-app notification or email (if you have provided one).

Your continued use of FitRot after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your data, please reach out:

FitRot, Inc.
📧 privacy@fitrot.app (for all privacy-related requests)
📧 legal@fitrot.app (for legal inquiries)
🌐 www.fitrot.app

We aim to respond to all privacy requests within 30 days.

This Privacy Policy was last updated on April 12, 2026.