Privacy Policy — FitCart

Overview

FitCart is built on a simple principle: your health data belongs to you. We collect only what we need to provide the service, we never sell your data, and you can delete everything at any time.

This Privacy Policy explains how FitCart ("we", "us", or "our") collects, uses, and protects information when you use the FitCart iOS application and website (collectively, the "Service"). By using FitCart, you agree to the practices described here.

Information We Collect

Account information — When you create an account, we collect your email address and a hashed password. You may optionally add a display name.

Health & body data — During onboarding you provide details such as age, weight, height, gender, activity level, and health goals. This data is used solely to generate your personalized meal plan.

Dietary preferences — Food preferences, allergies, dietary restrictions (e.g., vegan, keto, gluten-free), and foods to avoid.

Meal plan & pantry data — The meals you accept or reject, pantry items you log, and grocery lists generated from your plan.

Apple Health data — If you grant permission, we read weight, activity, and nutrition data from Apple HealthKit to improve your calorie and macro targets. This data is never transmitted off your device without your consent.

Usage data — Anonymized, aggregated usage metrics (screens viewed, feature interactions) to improve the app. No personally identifiable information is included.

Device information — iOS version, device model, and app version for crash reporting and compatibility purposes.

How We Use Your Data

Generate personalized weekly meal plans using AI
Calculate your daily calorie and macro targets
Build and update your grocery lists automatically
Sync your pantry inventory to avoid duplicate purchases
Connect with grocery delivery partners (Instacart, Kroger) to fulfil orders
Send you in-app notifications about your meal plan (push notifications require your permission)
Improve app performance and fix bugs via crash reports
Respond to your support requests

We do not use your data to serve you third-party advertisements.

Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Grocery delivery partners — When you place a grocery order, your grocery list (not your health data) is shared with the selected delivery service (e.g., Instacart or Kroger) to fulfil the order.
Service providers — Trusted vendors who help us operate the app (cloud hosting, crash analytics, email delivery). They are contractually bound to process your data only as instructed.
Legal requirements — If required by law, court order, or to protect the rights and safety of FitCart or its users.
Business transfers — In the event of a merger or acquisition, your data may be transferred. We will notify you before any transfer and your data will remain subject to this policy.

Third-Party Services

FitCart integrates with the following third-party services. Each has its own privacy policy:

Supabase — Database and authentication infrastructure. Data is stored on servers in the United States.
OpenAI / AI providers — Meal plan generation. Only anonymized dietary preferences and macro targets are sent; no name, email, or identifying information is included in AI requests.
Instacart — Grocery ordering. Governed by Instacart's Privacy Policy.
Kroger — Grocery ordering. Governed by Kroger's Privacy Policy.
Apple HealthKit — Optional health data sync. Governed by Apple's Privacy Policy.

Health & Nutrition Data

We treat health and nutrition data with extra care:

Health data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Health data is never shared with advertisers or data brokers.
Apple HealthKit data is used only to improve your in-app experience and is never used for advertising or sold to third parties, in compliance with Apple's HealthKit guidelines.
You can revoke Apple Health access at any time via iOS Settings → Privacy & Security → Health → FitCart.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we permanently delete your personal data within 30 days, except where we are legally required to retain it longer (e.g., billing records for up to 7 years in some jurisdictions).

Anonymized, aggregated analytics data that cannot be linked back to you may be retained indefinitely.

Your Rights

Depending on where you live, you may have the right to:

Access — Request a copy of the personal data we hold about you.
Correction — Ask us to correct inaccurate or incomplete data.
Deletion — Request deletion of your account and all associated data.
Portability — Receive your data in a portable format (JSON or CSV).
Restriction — Ask us to stop processing your data in certain ways.
Objection — Object to processing based on legitimate interests.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You can also delete your account directly from the app: Profile → Settings → Delete Account.

Children's Privacy

FitCart is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

Security

We implement industry-standard safeguards to protect your data:

All data in transit is encrypted using TLS 1.3.
All data at rest is encrypted using AES-256.
Passwords are hashed and salted — we never store plaintext passwords.
Access to production systems is restricted to authorised personnel with multi-factor authentication.

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision.

Continued use of FitCart after changes take effect constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out:

Email: [email protected]
Website: fitcart.app