Privacy Policy

Introduction

BioTrac LLC ("BioFit," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the BioFit mobile application and related services (collectively, the "Service"). By accessing or using our Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect several types of information to provide and improve our Service:

1.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Encrypted password
• Account creation date
• Subscription status and billing information (processed by Polar)

1.2 Fitness and Health Information

You may voluntarily provide fitness-related information to personalize your experience, including:

• Height, weight, age, and gender
• Fitness goals and experience level
• Available workout equipment
• Workout frequency preferences
• Workout history, exercise logs, and performance data
• RPE (Rate of Perceived Exertion) ratings and feedback

1.3 Usage Data

We automatically collect information about how you interact with our Service:

• Device information (device type, operating system, app version)
• Log data (IP address, access times, pages viewed)
• App usage patterns and feature interactions
• Crash reports and error logs
• Performance metrics

2. How We Use Your Information

We use your information for the following purposes:

• Provide and Personalize the Service: To create and manage your account, generate personalized workout plans, and track your fitness progress
• Process Payments: To manage subscriptions and billing through our payment processor, Polar
• Improve Our Service: To analyze usage patterns, fix bugs, and develop new features
• Communicate with You: To send service updates, respond to support requests, and deliver important account notifications
• Ensure Security: To protect against fraud, unauthorized access, and other security issues
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. Information Sharing and Third Parties

BioFit does not sell your personal information. We only share your data in the following circumstances:

3.1 Service Providers

We work with trusted third-party providers who help us operate and improve our Service. These include:

• Polar (polar.sh): Payment processing and subscription management. Your payment information is processed directly by Polar and is subject to their Privacy Policy and Terms of Service. We do not store your full payment card details.
• DigitalOcean: Cloud hosting and data storage
• Expo: Mobile application infrastructure and over-the-air updates
• PostHog: Product analytics and usage tracking
• Google Analytics: Website traffic analysis and usage statistics. Google Analytics uses cookies to collect anonymized data about how visitors interact with our website. This data helps us understand website performance and improve the user experience. For more information, see Google's Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Sentry: Error tracking and performance monitoring
• Resend: Email delivery and transactional communications
• Cloudflare: CDN, security, and DNS services
• OpenRouter: Intelligent workout plan generation and exercise personalization

All third-party providers are contractually obligated to safeguard your information and may only use it for the specific purposes for which we engage them.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

3.3 Business Transfers

If BioFit is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication using industry-standard practices
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements for our systems
• Monitoring for suspicious activities and potential breaches

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention and Deletion

Account Data: We retain your personal information for as long as your account is active or as needed to provide you with the Service.

Account Deletion: When you delete your account, your personal data is permanently deleted from our active systems within 30 days. Some information may remain in our automated database backups for up to 7 days, after which it is automatically and permanently deleted. Backup data is stored securely and is not accessible or used for any purpose during the retention period.

Backup Retention: Our automated backup system retains database backups for 7 days. This means that if you request account deletion, your data will be removed from all active systems within 30 days, but may remain in encrypted backups for up to 7 days until the next backup cycle purges the old data. This backup retention exists solely for disaster recovery purposes and does not extend the availability of your data for retrieval.

Legal Obligations: We may retain certain information for longer periods if required by law, such as for tax or accounting purposes.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to certain processing of your data
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at support@biotrac.org. We will respond to your request within 30 days.

7. Children's Privacy

BioFit is not intended for children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@biotrac.org, and we will promptly delete such information from our records.

8. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. By using our Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

9. Cookies and Tracking Technologies

Our mobile application does not use traditional cookies. However, we and our third-party providers may use similar tracking technologies for analytics and performance monitoring. You can manage these preferences through your device settings or by contacting us.

Our website (biofit.biotrac.org) uses Google Analytics, which places cookies on your browser to collect anonymized usage data such as pages visited, time spent on the site, referring sources, and general geographic location. This information is used solely to analyze website traffic and improve our online experience. Google Analytics does not collect your name, email address, or other personally identifiable information through these cookies.

You can control or disable cookies through your browser settings. You may also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. Please note that disabling cookies may affect the functionality of certain parts of our website.

10. Dispute Resolution and Arbitration

Any dispute, claim, or controversy arising out of or relating to this Privacy Policy or our data practices shall be resolved through binding individual arbitration in accordance with the Dispute Resolution and Arbitration provisions set forth in our Terms of Service (Section 14), which are incorporated herein by reference.

Arbitration shall be administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules, conducted by a single arbitrator, and seated in Hamilton County, Tennessee. Tennessee law shall govern.

You agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action. You waive any right to a jury trial for any claims not subject to arbitration.

Before initiating arbitration, you agree to first contact us at support@biotrac.org and attempt to resolve the dispute informally for at least thirty (30) days.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page with an updated "Last Updated" date and, where appropriate, via email or in-app notification. Your continued use of the Service after any changes indicates your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BioTrac LLC
Email: support@biotrac.org