TotalFit Connect Inc. · Effective Date: March 12, 2026 · Last Updated: July 13, 2026 · Governing Law: Ontario, Canada (PIPEDA)
TotalFit Connect is operated by TotalFit Connect Inc., a company incorporated in Ontario, Canada. This Privacy Policy applies to our mobile app, website (totalfitconnect.com), and any related services (the “Services”). By using TotalFit Connect, you agree to this policy. If you do not agree, please stop using the Services.
We collect data you give us directly, data generated by your use of the app, and limited data from third-party services you connect.
Name, email address, username, and password (stored as a hashed value — never plain text). Optional profile details include profile photo, bio, date of birth, height, weight, fitness goals, and the energy-equation basis you choose for a calculated nutrition plan.
Training information you log — workouts, exercises, body measurements, and performance data — as well as nutrition and body metric data you choose to track. This is your data. We consider it sensitive and treat it accordingly.
If you choose to connect Apple Health, we request permission before reading approved health data such as steps, distance, workouts, sleep, heart metrics, weight, and active energy. We use that data to power your health timeline, recovery context, and progress insights. You can disconnect Apple Health in the app, and iOS Health permissions remain controlled by you in the Apple Health app.
Posts, comments, likes, follows, direct messages, shared workouts, and any other content you publish to your profile or feed.
Ideas, improvement suggestions, and bug reports you choose to submit through the app, together with limited technical context such as your platform and app version. Product feedback is sent privately to our team and is not published to the community.
Subscription status and entitlement data via RevenueCat. Billing is handled entirely by Apple — we never see or store your payment details.
When you turn on AI nutrition guidance or deliberately use an AI feature, we process the prompt, image, or voice transcript you submit, the response generated for you, and only the relevant account context needed for that feature. Depending on the feature and your choices, that context can include nutrition goals, dietary preferences, allergies or intolerances, food and workout logs, body metrics, connected-health summaries, and prior coach messages.
Device model, OS version, and a Vendor Identifier (IDFV) for internal analytics only. App usage data including screens viewed, session length, crash reports, performance diagnostics, and a masked replay of sessions associated with errors — used only to operate and improve the app through Sentry. Replay masks all on-screen text and images, default identifying data is disabled, and user-authored workout names are excluded from diagnostic breadcrumbs. Push notification tokens are used only to deliver alerts you have opted into.
We do not collect precise location (GPS) data, access your contacts or address book, use advertising identifiers (IDFA), use cross-app tracking, or use advertising or tracking cookies. Apple Health data is used only when you explicitly connect it and approve the requested categories.
We use your data to run the app, improve it, and keep it safe. We do not use your health or fitness data for advertising, and we do not build advertising profiles. Specifically, we use your data to:
AI nutrition personalization is opt-in. When it is on, relevant nutrition goals, preferences, recent logs, body metrics, and health context may be included in an AI Coach request so the response can be tailored to you. Turning it off in Nutrition Plan → AI & Review stops that nutrition context from being included in future Coach requests. One-off tools such as meal-photo analysis, label scanning, voice logging, or cardio-machine parsing send data only when you start that tool.
AI responses are suggestions and can be inaccurate. They do not silently change an active calorie or macro target: you must review and confirm any proposed goal change. Do not rely on an AI response for diagnosis, treatment, allergy safety, or other medical decisions.
The following vendors may process data on our behalf for the stated purpose. A vendor receives only the categories needed for the feature or infrastructure service it provides.
| Vendor | Purpose | Country | Privacy Policy |
|---|---|---|---|
| RevenueCat | Subscription management | United States | View ↑ |
| Expo / EAS | Push notifications | United States | View ↑ |
| Amazon Web Services | Cloud infrastructure, authentication, database, file storage & email delivery | United States | View ↑ |
| Anthropic | Optional AI coaching, nutrition analysis & user-initiated AI tools | United States | View ↑ |
| Vercel | Hosting & edge functions | United States | View ↑ |
| Sentry | Crash reporting, performance diagnostics & masked error-session replay | United States | View ↑ |
| Apple | Authentication & billing | United States | View ↑ |
For commercial API requests, Anthropic states that it acts as a processor, does not use inputs or outputs to train its generative models by default, and normally deletes API inputs and outputs within 30 days, subject to its documented legal, safety, and separately agreed exceptions. Review Anthropic’s linked Privacy Center for current details.
Workout, body measurement, and nutrition data is sensitive personal information. We treat it with heightened care and do not share it with insurers, employers, or advertisers.
At your request, the app may calculate or suggest fitness and nutrition targets from information you provide. These recommendations are advisory, are shown for your review, and do not become active without your confirmation. We do not use solely automated processing to make legal or similarly significant decisions about you.
Under GDPR, processing this data is based on your explicit consent, which you provide when you enter it into the app. You can withdraw consent by deleting the data from your profile or deleting your account. Withdrawal does not affect past processing.
Profile fields such as height, weight, and energy-equation basis are optional for the core app, but a complete profile and your explicit review are required before the app can activate a calculated nutrition target.
TotalFit Connect is not a medical service. Nothing in the app constitutes medical advice. Always consult a qualified professional before starting a new exercise or nutrition program.
TotalFit Connect requests only the permissions it needs. All optional permissions can be denied without losing core functionality.
You can delete your account at any time from Settings → Account → Delete Account. Your personal data is deleted or anonymized within 30 days. Backup copies are purged within 90 days. Comments you left on other users’ posts are anonymized (shown as “Deleted User”) to preserve conversation integrity. Anonymized, aggregate analytics data may be retained indefinitely. We may retain specific data longer where required by law or for fraud-prevention purposes.
To request deletion by email, contact privacy@totalfitconnect.com from your registered address. We respond within 30 days and may ask you to verify your identity.
We use industry-standard security measures including TLS encryption in transit, bcrypt password hashing, network-level access controls, and limited production data access. We perform regular security reviews. We will never ask for your password via support email or in-app message. To report a vulnerability, email security@totalfitconnect.com.
No system is 100% secure. If a breach occurs that affects your rights, we will notify you as required by law.
Depending on where you live, you may have rights to access, correct, delete, or export your data, and to withdraw consent or object to certain processing. To exercise any right, email privacy@totalfitconnect.com from your registered address. We respond within 30 days.
Contact the Office of the Privacy Commissioner at www.priv.gc.ca. Quebec residents also have rights under Law 25, including portability and automated decision-making disclosure.
Legal bases for processing: consent (health/body data), contract performance (account services), and legitimate interests (security, fraud prevention). You may lodge a complaint with your local supervisory authority (e.g., the ICO in the UK). As a Canadian-based company, we are monitoring our GDPR Article 27 representative obligations and will appoint one if required.
We do not sell or share personal information for cross-context behavioral advertising. Rights requests may be submitted directly or through an authorized agent with written authorization.
Contact the OAIC at www.oaic.gov.au.
TotalFit Connect is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children under these ages. If you believe a child has created an account, contact privacy@totalfitconnect.com and we will delete it promptly.
TotalFit Connect is based in Ontario, Canada, which has been recognized by the EU as providing adequate data protection. Some service providers listed in Section 5 process data in the United States or other countries. Where required, we use recognized transfer safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful mechanism.
We may update this policy from time to time. For material changes, we will notify you by in-app notification or email at least 14 days before the change takes effect. Continued use after that date means you accept the updated policy.
Questions? Contact us at privacy@totalfitconnect.com or security@totalfitconnect.com.
TotalFit Connect Inc. · Ontario, Canada · © 2026 All rights reserved.