Privacy Policy

Zerofit Effective Date: June 22, 2026 Last Updated: June 22, 2026

This Privacy Policy explains how Zerofit collects, uses, stores, and shares your personal information when you use our fitness and wellness application. Please read it carefully.

1. Who We Are

Zerofit ("Zerofit," "we," "us," or "our") operates a fitness and wellness application that provides personalised workout recommendations, exercise programs, micro-workouts, mood-based activity suggestions, fitness challenges, and wellness content.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, Zerofit acts as the data controller responsible for your personal data under the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Contact: Email: support@thezerofit.com Data Protection enquiries: support@thezerofit.com Address: [Company Address to be inserted]

2. Scope of This Policy

This Privacy Policy applies to:

• The Zerofit mobile application (iOS and Android)
• The Zerofit website
• All related services, features, and integrations

It does not apply to third-party services that Zerofit may link to or integrate with. Those services have their own privacy policies that govern their data practices.

3. Information We Collect

We collect the following categories of information:

3.1 Account and Identity Information

When you create a Zerofit account, we collect:

• Full name
• Email address
• Password (stored in encrypted/hashed form — never in plain text)
• Country or region
• Date of birth or age range (to verify eligibility)
• Profile photograph (optional, if provided)
• Authentication method (email/password, Google OAuth, Apple Sign-In)

3.2 Fitness Profile and Preference Data

During onboarding and use, we collect information that helps us personalise your experience:

• Fitness goals (e.g., weight loss, muscle building, endurance, general fitness)
• Current fitness level (e.g., beginner, intermediate, advanced)
• Preferred workout types and exercise categories
• Available workout time preferences
• Physical characteristics voluntarily provided (e.g., height, weight, if you choose to share them)
• Symptoms, physical limitations, or injuries voluntarily disclosed during onboarding or in-app
• Equipment availability
• Dietary preferences (if provided for future features)

Important note on special category data: Under GDPR, certain fitness data — particularly information about physical health conditions, injuries, disabilities, or medically relevant limitations — may constitute "special category" health data under Article 9 GDPR. Where we process such data, we rely on your explicit consent as the legal basis (Art. 9(2)(a) GDPR). You may withdraw this consent at any time (see Section 11).

3.3 Mood and Wellbeing Data

Where you use mood-based features, we collect:

• Self-reported mood inputs (e.g., energised, tired, stressed, relaxed)
• Self-reported energy levels
• Subjective wellbeing indicators voluntarily provided

Mood data may constitute health-adjacent data in some jurisdictions and is handled with heightened care consistent with our obligations under applicable data protection law.

3.4 Activity and Workout Data

As you use Zerofit, we collect:

• Workout history (workouts completed, dates, duration)
• Exercise performance data (repetitions, sets, weights if logged)
• Workout ratings and feedback
• Challenge participation and progress
• Streak and habit-tracking data
• Badges earned and milestones reached
• In-app interactions with exercises, videos, and programs

3.5 Device and Technical Information

We automatically collect certain technical information when you use the App:

• Device type and model
• Operating system and version
• App version
• Unique device identifiers (where permitted by platform policy)
• IP address
• Time zone and locale settings
• Crash reports and error logs
• App performance data

3.6 Usage and Behavioural Analytics

We collect data about how you interact with the App:

• Screens and features accessed
• Session frequency, duration, and timing
• Navigation patterns within the App
• Search queries within the exercise library
• Engagement with recommendations and challenges
• Push notification interactions

3.7 Communications

If you contact us directly, we collect:

• Your name and email address
• Content of your communication
• Records of our correspondence

3.8 Third-Party Integration Data (Future)

If you connect Zerofit to third-party health platforms or wearable devices (such as Apple Health, Google Fit, or fitness wearables), we may receive:

• Activity data (steps, distance, active minutes)
• Heart rate data
• Sleep data
• Other health metrics shared through the platform

Apple HealthKit commitment: Data obtained through Apple HealthKit will not be used for advertising, sold to third parties, or disclosed to third parties for purposes unrelated to the core functionality of the App. This is both our policy commitment and a requirement of Apple's Developer Programme Licence Agreement.

4. Legal Bases for Processing (GDPR)

For users in the EEA, UK, and Switzerland, we process your personal data on the following legal bases under GDPR:

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms and determined that our interests do not override yours. You have the right to object to processing based on legitimate interests (see Section 11).

5. How We Use Your Information

We use the information we collect to:

5.1 Provide and Personalise the Service

• Create and manage your account
• Generate personalised workout recommendations matched to your fitness level, goals, preferences, and available time
• Provide mood-based workout suggestions
• Deliver micro-workout notifications at times you choose
• Track your progress and award badges and achievements
• Enable fitness challenges and habit-tracking features

5.2 Improve the Service

• Analyse usage patterns to understand which features are most valuable
• Identify and fix bugs, errors, and performance issues
• Develop new features and improvements
• Train and improve AI recommendation algorithms using anonymised and aggregated data

5.3 Communicate with You

• Send transactional messages (account creation, password reset, billing notifications)
• Notify you about updates, new features, or changes to the Service
• Respond to your support enquiries
• Send marketing communications where you have opted in (you can opt out at any time)

5.4 Safety, Security, and Legal Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms and Conditions
• Comply with applicable legal obligations
• Respond to lawful requests from courts and regulatory authorities

6. Cookies and Analytics Technologies

6.1 App Analytics

We use analytics tools to understand how users interact with the App. We may use services such as:

• PostHog — product analytics and session tracking
• Mixpanel — event-based analytics
• Google Analytics for Firebase — app analytics
• Sentry — error monitoring and crash reporting

These tools collect anonymised or pseudonymised data about feature usage, session behaviour, and technical performance. We do not use analytics tools to serve targeted advertising.

6.2 Website Cookies

If you visit the Zerofit website, we may use cookies and similar technologies for:

• Essential cookies: Necessary for the website to function (no consent required)
• Analytics cookies: To understand website traffic and behaviour (consent required)
• Preference cookies: To remember your settings and preferences (consent required)

You can manage cookie preferences through your browser settings or through our cookie consent tool.

6.3 Opt-Out

You can opt out of analytics data collection by:

• Adjusting your device privacy settings (iOS: Settings → Privacy → Tracking; Android: Settings → Privacy → Ads)
• Contacting us at support@thezerofit.com

7. How We Share Your Information

7.1 We Do Not Sell Your Data

Zerofit does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes.

7.2 Service Providers

We share data with trusted third-party service providers who process data on our behalf and in accordance with our instructions, including:

All service providers are contractually required to use your data only for the purposes of providing services to Zerofit, to maintain appropriate security standards, and (where applicable) to comply with GDPR data processing requirements.

7.3 Legal Requirements

We may disclose your information to:

• Law enforcement, courts, regulatory authorities, or other government bodies, where required by applicable law or valid legal process
• Third parties where necessary to prevent fraud, protect our legal rights, or ensure the safety of users

7.4 Business Transfers

If Zerofit is involved in a merger, acquisition, financing, restructuring, or sale of all or part of its assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a materially different privacy policy.

7.5 Aggregated and De-Identified Data

We may share aggregated, anonymised, or de-identified data (which cannot reasonably identify you as an individual) for research, benchmarking, industry reporting, or product development purposes.

8. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter, as follows:

You may request early deletion of your data at any time (see Section 11). Some data may be retained for longer where required by applicable law or for the establishment, exercise, or defence of legal claims.

9. Data Security

Zerofit implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:

• Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS/HTTPS
• Encryption at rest: Sensitive data stored on our servers is encrypted at rest
• Password hashing: Passwords are stored using strong cryptographic hashing functions (e.g., bcrypt)
• Access controls: Personal data is accessible only to employees and contractors who need it to perform their duties, subject to contractual confidentiality obligations
• Security monitoring: We monitor our systems for suspicious activity and security incidents
• Regular security reviews: We periodically review and update our security practices

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

10. International Data Transfers

Zerofit and some of our service providers operate globally, which means your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

For transfers from the EEA, UK, or Switzerland to countries not recognised as providing adequate protection:

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
• We ensure that receiving parties maintain security standards equivalent to those required by GDPR
• We conduct Transfer Impact Assessments where required

By using Zerofit, you acknowledge that your data may be processed in countries including the United States, where our infrastructure providers may be based.

11. Your Rights

11.1 Rights for All Users

Regardless of your location, you have the right to:

• Access your data: Request a copy of the personal data we hold about you
• Correct your data: Update inaccurate or incomplete data through the App settings
• Delete your account and data: Request deletion of your account and personal data
• Withdraw consent: Withdraw consent for processing based on consent (including health data), without affecting the lawfulness of prior processing
• Opt out of marketing: Unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us

11.2 Additional Rights for EEA/UK/Swiss Users (GDPR)

If you are in the EEA, UK, or Switzerland, you additionally have the right to:

• Data portability (Art. 20): Receive your data in a structured, machine-readable format and transfer it to another controller
• Restriction of processing (Art. 18): Request that we restrict processing of your data in certain circumstances
• Object to processing (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Object to automated decision-making (Art. 22): Object to decisions made solely by automated means that significantly affect you
• Lodge a complaint: File a complaint with your local data protection supervisory authority (e.g., the ICO in the UK, the Data Protection Commissioner in Ireland, or any EU national DPA)

11.3 How to Exercise Your Rights

To exercise any of the above rights, contact us at:

• Email: support@thezerofit.com
• In-app: Settings → Privacy → Manage My Data

We will respond to verified requests within 30 days (GDPR standard). We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

12. India — Digital Personal Data Protection Act (DPDPA) 2023

For users located in India, we process your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA):

• Consent: We obtain your informed and specific consent before processing your personal data. Consent is sought in clear, plain language.
• Purpose limitation: We process your data only for the purposes described in this Privacy Policy and communicated to you at the time of collection.
• Data principal rights: You have the right to access, correct, and erase your personal data; to nominate a representative; and to withdraw consent at any time.
• Grievance redressal: We appoint a Grievance Officer for India. If you have concerns about how your data is handled, please contact: support@thezerofit.com — we will respond within the timeframes specified by applicable law.
• Cross-border transfers: We transfer data outside India only to countries or territories as may be notified by the Indian Government. We take appropriate safeguards for all international transfers.

13. Children's Privacy

13.1 Minimum Age

Zerofit is not directed to children under the age of 13 years. We do not knowingly collect personal data from children under 13.

13.2 Users Under 18

Users between 13 and 17 years of age may only use Zerofit with verified parental or guardian consent. A parent or guardian must agree to this Privacy Policy and our Terms and Conditions on their behalf.

13.3 Discovery of Child Accounts

If we discover that we have collected personal data from a child under 13 without verifiable parental consent, we will promptly delete that data. If you are a parent or guardian and believe your child under 13 has created a Zerofit account, please contact us immediately at support@thezerofit.com.

13.4 COPPA (United States)

For users in the United States, Zerofit complies with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.

14. US State Privacy Rights

If you are a resident of California or other US states with applicable privacy laws:

California (CCPA/CPRA)

• Right to know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
• Right to delete: You have the right to request deletion of your personal information
• Right to opt out of sale: We do not sell your personal information, so this right is not applicable
• Right to non-discrimination: We will not discriminate against you for exercising your rights
• "Shine the Light": California residents may request information about disclosures of personal information to third parties for direct marketing purposes (we do not make such disclosures)

To exercise California rights, contact us at support@thezerofit.com or through the in-app privacy settings.

Other States

We endeavour to honour similar rights for users in Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), and other states with applicable privacy legislation as those laws come into effect.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Notify you via email or in-app notification
• Update the "Last Updated" date at the top of this page
• Where required by law, seek your consent for material changes

Continued use of Zerofit after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not accept the changes, you must stop using the Service and may delete your account.

16. Contact Us and Data Protection Officer

For privacy-related questions, data subject requests, or concerns:

Privacy Team Email: support@thezerofit.com

Data Protection Enquiries (GDPR) Email: support@thezerofit.com

India Grievance Officer Email: support@thezerofit.com

Zerofit Support Email: support@thezerofit.com Website: www.thezerofit.com

This Privacy Policy was last reviewed on June 22, 2026. Zerofit recommends periodic review of this Privacy Policy with qualified legal counsel before commercial launch, particularly regarding GDPR compliance, DPDPA compliance, and applicable US state privacy law obligations.