Privacy Policy

TotalFit Connect Inc.  ·  Effective Date: March 12, 2026  ·  Last Updated: July 13, 2026  ·  Governing Law: Ontario, Canada (PIPEDA)

Privacy & data requests: privacy@totalfitconnect.comLegal notices: legal@totalfitconnect.comSecurity disclosures: security@totalfitconnect.com

1. Who We Are

TotalFit Connect is operated by TotalFit Connect Inc., a company incorporated in Ontario, Canada. This Privacy Policy applies to our mobile app, website (totalfitconnect.com), and any related services (the “Services”). By using TotalFit Connect, you agree to this policy. If you do not agree, please stop using the Services.

2. Data We Collect

We collect data you give us directly, data generated by your use of the app, and limited data from third-party services you connect.

Account & Profile

Name, email address, username, and password (stored as a hashed value — never plain text). Optional profile details include profile photo, bio, date of birth, height, weight, fitness goals, and the energy-equation basis you choose for a calculated nutrition plan.

Workout & Fitness Data

Training information you log — workouts, exercises, body measurements, and performance data — as well as nutrition and body metric data you choose to track. This is your data. We consider it sensitive and treat it accordingly.

Connected Health Sources

If you choose to connect Apple Health, we request permission before reading approved health data such as steps, distance, workouts, sleep, heart metrics, weight, and active energy. We use that data to power your health timeline, recovery context, and progress insights. You can disconnect Apple Health in the app, and iOS Health permissions remain controlled by you in the Apple Health app.

Social & Community Content

Posts, comments, likes, follows, direct messages, shared workouts, and any other content you publish to your profile or feed.

Product Feedback

Ideas, improvement suggestions, and bug reports you choose to submit through the app, together with limited technical context such as your platform and app version. Product feedback is sent privately to our team and is not published to the community.

Subscription & Payment

Subscription status and entitlement data via RevenueCat. Billing is handled entirely by Apple — we never see or store your payment details.

AI Inputs & Outputs

When you turn on AI nutrition guidance or deliberately use an AI feature, we process the prompt, image, or voice transcript you submit, the response generated for you, and only the relevant account context needed for that feature. Depending on the feature and your choices, that context can include nutrition goals, dietary preferences, allergies or intolerances, food and workout logs, body metrics, connected-health summaries, and prior coach messages.

Device & Usage

Device model, OS version, and a Vendor Identifier (IDFV) for internal analytics only. App usage data including screens viewed, session length, crash reports, performance diagnostics, and a masked replay of sessions associated with errors — used only to operate and improve the app through Sentry. Replay masks all on-screen text and images, default identifying data is disabled, and user-authored workout names are excluded from diagnostic breadcrumbs. Push notification tokens are used only to deliver alerts you have opted into.

What We Do Not Collect

We do not collect precise location (GPS) data, access your contacts or address book, use advertising identifiers (IDFA), use cross-app tracking, or use advertising or tracking cookies. Apple Health data is used only when you explicitly connect it and approve the requested categories.

3. How We Use Your Data

We use your data to run the app, improve it, and keep it safe. We do not use your health or fitness data for advertising, and we do not build advertising profiles. Specifically, we use your data to:

  • Provide and operate the Services, including fitness tracking and social features
  • Personalize your experience — suggesting workouts and content based on your in-app activity, not for advertising
  • Provide optional AI coaching and nutrition guidance when you enable it or start an AI tool
  • Process subscriptions and verify entitlements via RevenueCat and Apple
  • Send push notifications and reminders — only with your permission, and you can disable them in device settings at any time
  • Respond to support requests and communicate service updates
  • Review product feedback and prioritize fixes and improvements
  • Detect and prevent fraud, abuse, and violations of our Terms of Service
  • Analyze anonymized, aggregated usage trends to improve the Services
  • Comply with applicable laws and legal obligations

AI Nutrition Personalization

AI nutrition personalization is opt-in. When it is on, relevant nutrition goals, preferences, recent logs, body metrics, and health context may be included in an AI Coach request so the response can be tailored to you. Turning it off in Nutrition Plan → AI & Review stops that nutrition context from being included in future Coach requests. One-off tools such as meal-photo analysis, label scanning, voice logging, or cardio-machine parsing send data only when you start that tool.

AI responses are suggestions and can be inaccurate. They do not silently change an active calorie or macro target: you must review and confirm any proposed goal change. Do not rely on an AI response for diagnosis, treatment, allergy safety, or other medical decisions.

4. How We Share Your Data

We do not sell, rent, or share your personal information for advertising. We share data only in the following limited ways.

Service Providers

We disclose data to the vendors listed in Section 5 only as needed for them to provide services to us. Their handling of that data is governed by the applicable service terms, privacy materials, and data-processing commitments.

Public Profile & Social Features

Your username, profile photo, bio, and posts you mark as public are visible to other users. Posts set to “followers only” are visible only to approved followers. Direct messages are visible only to the sender and recipient. You control all content visibility in your privacy settings.

Legal & Safety

We may disclose data if required by law, court order, or to protect the safety of our users or the public.

Business Transfers

If TotalFit Connect is acquired or merged, your data may transfer as part of that transaction. We will give you at least 30 days’ notice before your data becomes subject to a materially different privacy policy.

5. Third-Party Processors

The following vendors may process data on our behalf for the stated purpose. A vendor receives only the categories needed for the feature or infrastructure service it provides.

VendorPurposeCountryPrivacy Policy
RevenueCatSubscription managementUnited StatesView ↑
Expo / EASPush notificationsUnited StatesView ↑
Amazon Web ServicesCloud infrastructure, authentication, database, file storage & email deliveryUnited StatesView ↑
AnthropicOptional AI coaching, nutrition analysis & user-initiated AI toolsUnited StatesView ↑
VercelHosting & edge functionsUnited StatesView ↑
SentryCrash reporting, performance diagnostics & masked error-session replayUnited StatesView ↑
AppleAuthentication & billingUnited StatesView ↑

For commercial API requests, Anthropic states that it acts as a processor, does not use inputs or outputs to train its generative models by default, and normally deletes API inputs and outputs within 30 days, subject to its documented legal, safety, and separately agreed exceptions. Review Anthropic’s linked Privacy Center for current details.

6. Health & Fitness Data

Workout, body measurement, and nutrition data is sensitive personal information. We treat it with heightened care and do not share it with insurers, employers, or advertisers.

At your request, the app may calculate or suggest fitness and nutrition targets from information you provide. These recommendations are advisory, are shown for your review, and do not become active without your confirmation. We do not use solely automated processing to make legal or similarly significant decisions about you.

Under GDPR, processing this data is based on your explicit consent, which you provide when you enter it into the app. You can withdraw consent by deleting the data from your profile or deleting your account. Withdrawal does not affect past processing.

Profile fields such as height, weight, and energy-equation basis are optional for the core app, but a complete profile and your explicit review are required before the app can activate a calculated nutrition target.

TotalFit Connect is not a medical service. Nothing in the app constitutes medical advice. Always consult a qualified professional before starting a new exercise or nutrition program.

7. App Permissions

TotalFit Connect requests only the permissions it needs. All optional permissions can be denied without losing core functionality.

  • Notifications (Optional) — workout reminders and social alerts. Revoke at any time in Device Settings → TotalFit Connect → Notifications.
  • Camera & Photos (Optional) — uploading a profile photo or attaching images to posts. Revoke at any time in Device Settings → TotalFit Connect → Photos / Camera.
  • Apple Health (Optional) — approved health categories used for the connected timeline, recovery context, nutrition activity policy, and progress insights. Revoke categories in the Apple Health app or disconnect the source in TotalFit Connect.
  • Location & Tracking (Not Requested) — we do not request location access, advertising identifiers (IDFA), or App Tracking Transparency (ATT) permission.

8. Data Retention & Deletion

You can delete your account at any time from Settings → Account → Delete Account. Your personal data is deleted or anonymized within 30 days. Backup copies are purged within 90 days. Comments you left on other users’ posts are anonymized (shown as “Deleted User”) to preserve conversation integrity. Anonymized, aggregate analytics data may be retained indefinitely. We may retain specific data longer where required by law or for fraud-prevention purposes.

To request deletion by email, contact privacy@totalfitconnect.com from your registered address. We respond within 30 days and may ask you to verify your identity.

9. Security

We use industry-standard security measures including TLS encryption in transit, bcrypt password hashing, network-level access controls, and limited production data access. We perform regular security reviews. We will never ask for your password via support email or in-app message. To report a vulnerability, email security@totalfitconnect.com.

No system is 100% secure. If a breach occurs that affects your rights, we will notify you as required by law.

10. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or export your data, and to withdraw consent or object to certain processing. To exercise any right, email privacy@totalfitconnect.com from your registered address. We respond within 30 days.

Canada (PIPEDA / Quebec Law 25)

Contact the Office of the Privacy Commissioner at www.priv.gc.ca. Quebec residents also have rights under Law 25, including portability and automated decision-making disclosure.

EU / UK (GDPR / UK GDPR)

Legal bases for processing: consent (health/body data), contract performance (account services), and legitimate interests (security, fraud prevention). You may lodge a complaint with your local supervisory authority (e.g., the ICO in the UK). As a Canadian-based company, we are monitoring our GDPR Article 27 representative obligations and will appoint one if required.

California (CCPA / CPRA)

We do not sell or share personal information for cross-context behavioral advertising. Rights requests may be submitted directly or through an authorized agent with written authorization.

Australia (Privacy Act 1988)

Contact the OAIC at www.oaic.gov.au.

11. Children’s Privacy

TotalFit Connect is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children under these ages. If you believe a child has created an account, contact privacy@totalfitconnect.com and we will delete it promptly.

12. International Transfers

TotalFit Connect is based in Ontario, Canada, which has been recognized by the EU as providing adequate data protection. Some service providers listed in Section 5 process data in the United States or other countries. Where required, we use recognized transfer safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful mechanism.

13. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by in-app notification or email at least 14 days before the change takes effect. Continued use after that date means you accept the updated policy.

Questions? Contact us at privacy@totalfitconnect.com or security@totalfitconnect.com.

TotalFit Connect Inc. · Ontario, Canada · © 2026 All rights reserved.