0. Legal definitions
The following expressions have the meanings assigned to them in this document.
- "Fitenome", "we", "us", or "the Service"
- The Fitenome mobile app (iOS and Android), the website
fitenome.com, the associated cloud services, and any interface that provides access to them. - "User" or "you"
- The natural person who downloads, installs or uses Fitenome, whether in guest mode, with a personal account, or as part of a Premium subscription.
- "Personal data"
- Any information relating to an identified or identifiable natural person, as defined in Article 4(1) GDPR.
- "Processing"
- Any operation performed on personal data: collection, recording, organisation, storage, consultation, disclosure, erasure, etc.
- "GDPR"
- Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.
- "Periodization model"
- Mathematical and pedagogical structure that organises your training season into macrocycles, mesocycles and microcycles. Fitenome uses four models: linear, daily undulating (DUP), ATR and maintenance.
- "Anthropometry"
- Body measurements such as weight, height, perimeters, estimated body fat and self-declared body composition.
1. Introduction and scope
This Policy describes how Fitenome processes personal data you provide or that the Service collects during use. It forms part — together with the Terms & Conditions and the End-User License Agreement (EULA) — of the contractual framework governing your relationship with us.
This Policy applies to:
- The Fitenome mobile app for iOS and Android, distributed via App Store and Google Play.
- The website
https://fitenome.comand its subdomains. - The cloud services (Cloud Functions, Firestore) backing plan generation, sync and purchase verification.
It does not apply to third-party sites or services we link to. Each of those has its own policy that we recommend you read.
europe-west1).
2. Data controller
| Owner | Iván Rojas Manzano (Fitenome project) |
|---|---|
| Fiscal address | Spain. Available on reasonable request via private channels. |
| General privacy email | support@meetagape.com |
| Data Protection Officer | support@meetagape.com |
| Supervisory authority | Spanish Data Protection Agency (AEPD) — aepd.es |
3. Categories of data collected
3.1 Account and authentication
- Email (or Apple Private Relay alias like
xxxx@privaterelay.appleid.com). - Display name and, if provided to your identity provider, profile photo.
- Identity provider: Google, Apple, or email + password.
- Unique identifier (UID) issued by Firebase Authentication.
- Creation date, last sign-in, email verification status.
- Device language (ISO code like
en,es).
3.2 Sport profile and anthropometry
- Sex, age, height, weight, estimated body-fat percentage (optional).
- Activity level and declared goal (hypertrophy, strength, recomp, health, maintenance).
- Computed macro targets (calories, protein, carbs, fats, fiber).
- Historical changes of goal with their effective date.
3.3 Training data
- Plan structure: macrocycle, mesocycles, microcycles and planned sessions.
- Periodization model picked by the system (linear, undulating, ATR or maintenance) and the textual rationale.
- Completed sessions: date, title, type, duration, total volume, RPE, subjective fatigue, pain notes, anatomical pain areas, planned exercises, actual per-set logs (reps, weight, RIR).
- Readiness check-ins: sleep, soreness, mood, pain areas, adjusted load proposed for the day.
- PRs, exercise swaps requested, deloads applied.
3.4 Nutrition data
- Food entries by meal (breakfast, pre-workout, lunch, post-workout, snacks, dinner): name, brand, grams, computed macros, source.
- Dietary preferences: pantry items, likes, allergies, restrictions (vegan, gluten-free, etc.), free-form notes.
- Meal suggestions generated for you and which ones you accepted or dismissed.
3.5 Usage-derived data
- Weekly adherence, consecutive-day streak, % of completed sessions per microcycle.
- Estimated internal load (Foster sRPE), tonnage, distribution per muscle group.
- Coach state: last readiness date, pending deload proposal, request for next mesocycle.
3.6 Technical data
- Guest identifier (no-account mode): truncated SHA-256 hash of the inbound IP + the first 120 chars of the User-Agent, prefixed with
guest:. Used only to enforce monthly quotas and deduplicate the plan cache; does not identify you directly and is never cross-referenced with a real identity. - UID issued by Firebase Authentication for registered users (28-char opaque alphanumeric).
- Quota counters in the server-only collection
usage/{uid}, with per-window fields likegeneratePlan_2026_05,parseFoodFromImage_2026_05_13,regenerateMicrocycle_2026_W19. - IP address and User-Agent received transiently by Cloud Functions during a request — Google Cloud retains these in its operational logs per its default policy (typically 30 days for Cloud Logging) and they are not stored attached to your account in our collections.
- App and OS version when you report a bug.
- Camera permission (iOS): requested only when you tap the barcode scanner; the system prompt reads "Fitenome uses the camera to scan food barcodes". Barcode recognition is performed on the device with Google ML Kit (no image is sent to any server).
3.7 What we do NOT collect
android.permission.INTERNET; on iOS, only NSCameraUsageDescription for the scanner. If we ever add any of the above, we will request informed consent and update this Policy.
4. Legal bases for processing (GDPR)
| Processing | Legal basis |
|---|---|
| Create and maintain your account, cloud sync, training plan and macros generation. | Performance of a contract (Art. 6(1)(b) GDPR). |
| Premium purchase verification on App Store and Google Play and subscription attribution. | Performance of a contract (Art. 6(1)(b)). |
| Operational logs, abuse prevention, quota enforcement, subscription fraud prevention. | Legitimate interest (Art. 6(1)(f)). |
| Handling your rights requests and security communications. | Legal obligation (Art. 6(1)(c)). |
| Processing of sensitive health-related data (weight, declared pain, body fat). | Explicit consent (Art. 9(2)(a)), given when you voluntarily enter those data in the anthropometry / readiness flow. Withdrawable any time. |
| Service communications (password reset, email verification). | Performance of a contract. |
We do not profile for advertising. We do not process your data to take decisions with legal effects on you.
5. Purposes and automated decisions
- Generate your training plan based on your anthropometry, experience, goal and weekly availability.
- Adapt the plan to weekly fatigue: readiness check-ins modify the day's proposed load.
- Compute macros and meal plans: from weight, height, age, sex, activity and goal (Mifflin-St Jeor model with body-composition corrections).
- Show progress: adherence rings, streak, historical anthropometry, PRs.
- Comply with contractual and legal obligations.
Some decisions are automated (Article 22 GDPR):
- The periodization model selection is automatic, based on initial assessment answers (level, goal, days available, peak schedule). You may request human review by writing to support@meetagape.com.
- The automatic load adjustment after a readiness with high pain or fatigue is a deterministic calculation, not AI (Foster sRPE, RIR/RPE autoregulation).
- The meal proposals and exercise swaps (Premium) are generated by language models (see §6). You can always ignore or replace any proposal without penalty.
The server functions materialising these decisions are: generatePlan, regenerateMicrocycle, suggestSubstitute, parseFood, parseFoodFromImage, suggestMeals, verifyPremiumPurchase and deleteAccount. All run in Google Cloud's europe-west1 region and are invoked only by the authenticated app or by guest-mode app over Firebase-signed channels.
6. Coaching technologies and generative models
To build your plan, swap an exercise, or suggest meals, Fitenome sends a reduced and anonymised context of your sport profile to a language-model API provided by Google LLC (Google Gemini). Specifically:
- Model used:
gemini-2.5-profor Premium subscriptions andgemini-2.5-flash-litefor the free plan. The tier is selected server-side based on verified entitlement. - What we send: your level, goal, weekly availability, declared anthropometry and — for meals — your dietary preferences. The userContext is truncated to a maximum of 4,000 characters before being forwarded to the model.
- Opaque account identifier (UID or guest id
guest:<hash>) — used only for deterministic cache and quota attribution.
What is not sent: your email, your name, your profile picture, your IP address in clear, or any device identifier.
The API key (GEMINI_API_KEY) lives exclusively in Google Cloud Secret Manager and is never bundled with the app. Calls are made from Cloud Functions in europe-west1. Responses are deterministically cached in planCache/{key}, with key = sha256(SCHEMA_VERSION | tier | model | normalized_userContext) and an automatic TTL of 90 days; this cache is only accessible to our server functions and never exposed to the client.
Google Cloud and Google AI Studio act as processors. See the Google Cloud DPA.
7. Recipients and international transfers
| Recipient | Purpose | Location |
|---|---|---|
| Google Ireland Ltd (Firebase / Cloud) | Hosting, authentication, Firestore database, Cloud Functions, Cloud Logging. | EU (region europe-west1) with global replicas per Google policy. |
| Google LLC (Gemini API) | Plan generation, exercise swap, meal suggestions, food-label parsing. | Processed by Google under Google Cloud DPA and applicable SCCs. |
| RevenueCat Inc. | Server-to-server validation of App Store and Google Play receipts and issuance of the Premium entitlement (lookup_key = "pro"). Receives the opaque account id and the purchased product id. | RevenueCat Inc., 1100 Alma St, Suite 100, Menlo Park, CA 94025, USA — under SCCs and DPF. |
| Apple Distribution International Ltd | iOS payment processing, JWS-signed receipt and subscription customer service. | Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland; Apple Inc. (USA) under SCCs and DPF. |
| Google Commerce Ltd | Android payment processing and purchaseToken on Google Play. | Google LLC (USA) under SCCs and DPF. |
Whenever data travels outside the EEA we rely on the EU Standard Contractual Clauses (Commission Decision 2021/914) and, where applicable, the EU-US Data Privacy Framework (Apple, Google and RevenueCat are listed as active DPF organisations). None of these recipients receive data for advertising purposes.
8. Processors and sub-processors
- Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) — Firebase Authentication, Cloud Firestore, Cloud Functions for Firebase, Cloud Logging, Cloud Secret Manager and Cloud Storage.
- Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) — Google Gemini API (
gemini-2.5-proandgemini-2.5-flash-lite) and Google ML Kit on-device (barcode scanner). - RevenueCat Inc. (1100 Alma St, Suite 100, Menlo Park, CA 94025, USA) — subscription verification, entitlement management, purchase event webhooks (renewal, refund, expiration, plan change). Project ID:
proj0d5182cb. RevenueCat acts as an intermediary between Fitenome and the Apple App Store Server / Google Play Developer APIs so Fitenome never directly handles store-signed tokens. - Apple Distribution International Ltd (Hollyhill, Cork, Ireland) — App Store distribution and iOS payment processing.
- Google Commerce Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) — Google Play payment processing.
9. Retention periods
| Category | Period |
|---|---|
| Account and profile | While the account is active. Deleted 30 days after closure request. |
| Completed sessions and readiness | Deleted along with the account or when the user removes them individually. |
| Sensitive anthropometric data | Kept only while explicit consent is in force; withdrawable any time. |
| Generated-plan cache | 30 days from last read; auto-purged. |
| Security and abuse logs | 90 days default, up to 1 year if an incident is open. |
| Premium receipts | 6 years (Spanish accounting obligation, Art. 30 Commercial Code). |
10. Your GDPR rights
- Access (Art. 15): receive a copy of the personal data we process about you.
- Rectification (Art. 16): correct inaccurate or incomplete data.
- Erasure / "right to be forgotten" (Art. 17): you can self-serve from Profile → Delete my account or write to us.
- Restriction (Art. 18): pause processing of specific data.
- Portability (Art. 20): receive your data in structured (JSON) format and transmit it to another controller.
- Objection (Art. 21): object to processing based on legitimate interest.
- Not to be subject to automated decisions (Art. 22).
- Withdraw consent at any time without retroactive effect.
- Lodge a complaint with the AEPD (Art. 77).
Write to support@meetagape.com with reasonable proof of identity. We reply within 30 days, extendable by two months on complex requests (we will inform you). Free of charge.
11. Multi-jurisdictional compliance
- UK GDPR and Data Protection Act 2018 for UK users. ICO as supervisory authority: ico.org.uk.
- CCPA / CPRA (California): residents may exercise rights to know, delete, correct and opt-out of sale. Fitenome does not sell or share your personal data as defined in CPRA.
- LGPD (Brazil), PIPEDA (Canada), Privacy Act 1988 (Australia), APPI (Japan) where applicable.
12. Children
Fitenome targets people 16 and older with prior training experience. We do not knowingly collect personal data from children under 14. If you believe a child has shared data with us, please email support@meetagape.com and we will delete it.
13. Security measures
- In transit: TLS 1.2+ on all client↔server and server↔processor communications.
- At rest: Google Cloud encrypts Firestore and Cloud Storage by default with managed keys (AES-256).
- Per-user isolation: Firestore rules (
firestore.rules) prevent any user from reading or modifying another user's data (request.auth.uid == uid). The system collectionsusage/{uid},planCache/{key}andsubstituteCache/{key}are not client-accessible (explicit ruleallow read, write: if false;). - Secrets:
GEMINI_API_KEYandREVENUECAT_SECRET_KEYlive in Google Cloud Secret Manager and are injected at runtime only into the Cloud Functions that need them. Never bundled with the app. - Quotas: per-user limits (daily, weekly, monthly or lifetime, depending on the function) atomically enforced within a Firestore transaction before any model call. Example: 2 plan generations/month on free tier, 5 on Premium.
- Deterministic cache: model responses are cached in
planCachewith a 90-day TTL to avoid redundant LLM calls; expired entries are auto-purged by Firestore TTL policy. - Minimisation: we only send a reduced (≤ 4,000 chars) and anonymised context to the LLM.
- Server-side purchase verification: the Premium entitlement is never granted client-side. The
verifyPremiumPurchasefunction queries RevenueCat V2 API with a secret key and mirrors the state intousers/{uid}.premium, capturing refunds, billing issues and voluntary cancellations. - App Check / Play Integrity (when applicable): optional binary attestation limiting abuse of callable functions.
- Cascade deletion:
deleteAccountwalks the sub-collectionssessions,readiness,meals,eventsin batches of 400 docs, deletes the rootusers/{uid}document, then executesadmin.auth().deleteUser(uid). The process is idempotent: if it is interrupted, it resumes cleanly from where it stopped.
14. Cookies and tracking
The website fitenome.com uses only technical cookies (selected language, session state). No analytics or advertising third-party cookies. The mobile app does not use advertising identifiers (IDFA, GAID) or tracking SDKs.
15. App Store and Google Play specifics
- App Store Connect "App Privacy": contact info (email), identifiers (UID), product interaction, health and fitness, all linked to your account, none used for tracking across apps.
- Google Play "Data Safety": account info, user content (workouts, meals), app activity. Encrypted in transit; deletable on request.
16. Payments and subscriptions
Premium subscriptions are processed exclusively via App Store (iOS) or Google Play (Android). Fitenome does not receive the card number, the last 4 digits of the PAN, or any billing data. The verification chain is:
- The store (Apple or Google) charges the user and issues a signed receipt (JWS on iOS, purchaseToken on Android).
- RevenueCat receives that receipt from the app SDK and validates it against Apple App Store Server API or Google Play Developer API. It is responsible for detecting refunds, billing issues, cancellations and plan changes.
- The Fitenome function
verifyPremiumPurchasequeries RevenueCat atGET /v2/projects/proj0d5182cb/customers/{uid}/active_entitlementswith the server secret key and checks whether the entitlement"pro"is active. - The canonical state is mirrored into
users/{uid}.premiumwith fieldsisPro,expiresAt,storeandproductIdso Firestore rules can gate Premium features without round-tripping RevenueCat on every read.
Active product identifiers include, among others, fitenome_pro_yearly (annual subscription). The full list is available on App Store Connect and Google Play Console.
RevenueCat only processes the opaque account id (UID), the purchased product id, start and expiration dates, the country code of purchase, and the entitlement state. It does not receive your email, name or anthropometry.
17. Health data and medical disclaimer
Fitenome is not a medical device and does not replace healthcare advice. Health data you enter (weight, pain, fatigue, estimated body fat) are used only to adapt a general training and nutrition plan.
18. Complaints and supervisory authority
If you believe the processing of your data violates applicable law, you may lodge a complaint with the Spanish Data Protection Agency. We ask that you first try to resolve it by writing to support@meetagape.com; we reply within 30 days.
19. Changes to this policy
We may modify this Policy to reflect legal, technical or Service changes. For material changes, we will notify you by email (when we have a verified email) and via a prominent in-app banner at least 14 calendar days before the effective date. The current version is always available at fitenome.com/privacy-en.html.
20. Contact and Data Protection Officer
- General privacy: support@meetagape.com
- Data Protection Officer: support@meetagape.com
- Rights center: fitenome.com/gdpr-en.html
Last revision: May 20, 2026.