Privacy Policy

Health and Fitness Data: We collect health and fitness data through Apple HealthKit (iOS) and Google Health Connect (Android), including:

• Steps and Distance: Daily step counts and distance traveled
• Active Minutes: Time spent in physical activity
• Sleep Data: Sleep duration and quality metrics
• Heart Rate: Heart rate measurements (if available)
• Workouts: Exercise sessions and workout data

This data is used solely to provide you with fitness challenges, track your progress, and enable competition with friends in fantasy-style leagues.

Account Information:

• Email address (for account creation and communication)
• Display name and profile picture
• Authentication tokens from Google Sign-In or Apple Sign-In

Device Information:

• Device type and operating system
• App version
• Timezone and locale settings

Location Data (Optional):

• Gym location for automatic gym visit tracking (only if you enable this feature)
• Location data is processed locally and not stored on our servers

• Provide and maintain the Fantasy Fit service
• Calculate scores and rankings for fantasy fitness leagues
• Send notifications about challenges, achievements, and league activity
• Improve our app and develop new features
• Communicate important updates about the service

Your health data is treated with the highest level of protection:

• Health data is stored securely using industry-standard encryption
• We never sell your health data to third parties
• Health data is only shared with other users in aggregated form (scores/points)
• Raw health metrics (actual step counts, sleep hours) are only visible to you
• You can delete your health data at any time from within the app

We do not sell your personal information. We may share data only in these cases:

• With your consent: When you choose to share with league members
• Service providers: Companies that help us operate the app (cloud hosting, analytics)
• Legal requirements: When required by law or to protect our rights

Fantasy Fit integrates with:

• Apple HealthKit / Google Health Connect: For health data access
• Google Sign-In / Apple Sign-In: For authentication
• Supabase: For secure data storage

Each service has its own privacy policy governing data use.

• Account data is retained while your account is active
• Health data is retained for up to 2 years to show historical progress
• You can request deletion of all your data at any time
• Upon account deletion, all associated data is permanently removed within 30 days

You have the right to:

• Access: Request a copy of your personal data
• Correct: Update inaccurate information
• Delete: Request deletion of your account and data
• Withdraw Consent: Revoke health data permissions at any time
• Data Portability: Export your data in a standard format

To exercise these rights, contact us at support@fyt.team

Fantasy Fit is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/SSL)
• Encryption at rest (AES-256)
• Regular security audits
• Access controls and authentication

We may update this Privacy Policy from time to time. We will notify you of changes by:

• Posting the new policy in the app
• Updating the "Last Updated" date
• Sending a notification for significant changes

If you have questions about this Privacy Policy, please contact us:

Email: support@fyt.team

Website: https://fantasyfit.io

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

For users in the European Economic Area:

• Legal basis for processing: Consent and legitimate interests
• Data transfers: Data may be transferred to the US with appropriate safeguards
• Supervisory authority: You may lodge a complaint with your local data protection authority