Privacy Policy

1. Introduction

Fitpid ("we", "our", or "platform") is committed to protecting the privacy and security of our users' personal data. This Privacy Policy describes how we collect, use, store, and protect your information, in compliance with applicable data protection laws, including Brazil's General Data Protection Law (LGPD - Law No. 13.709/2018) and international standards.

By using our platform, you agree to the terms described in this policy.

2. Information We Collect

2.1. Information You Provide

• Registration data: Full name, CPF/Tax ID, email, phone, date of birth
• Professional data: Professional licenses (CREF, CRM, CRN, CREFITO, CRP)
• Health data: Medical history, injury records, medical conditions, physical assessments
• Banking data: Payment and withdrawal information (when applicable)
• Training data: Training plans, workout executions, performance metrics

2.2. Automatically Collected Data

• Browsing data: IP address, browser type, pages visited, access time
• Device data: Operating system, device identifier
• Cookies: We use cookies to improve your experience (see section 7)

2.3. Third-Party Data (APIs)

We may collect sports activity data through integrations with:

• Garmin Connect: Workouts, heart rate, distance, pace, VO2 max
• Strava: Running, cycling, and other sports activities
• Other fitness platforms (with your explicit authorization)

3. How We Use Your Data

We use your information exclusively for the following purposes:

• Service delivery: Manage your account, connect you with professionals, deliver platform features
• Performance analysis: Calculate metrics, generate progress reports, suggest improvements
• Communication: Send notifications about workouts, health alerts, platform updates
• Security: Prevent fraud, protect against unauthorized access
• Platform improvement: Aggregated and anonymous analyses to enhance our services
• Legal compliance: Fulfill legal and regulatory obligations

4. Data Sharing

Your data may be shared only in the following situations:

4.1. With Authorized Professionals

When you explicitly authorize a professional (coach, nutritionist, physiotherapist) to access your data, they can view only the information necessary to provide the contracted service.

4.2. Service Providers

We share data with essential service providers:

• Supabase: Hosting and database (with encryption)
• Vercel: Web application hosting
• Payment gateways: Financial transaction processing

4.3. Legal Obligations

We may disclose data when required by law, court order, or competent authority.

5. Your Rights

You have the following rights regarding your personal data:

• Confirmation and Access: Know if we process your data and access it
• Correction: Correct incomplete, inaccurate, or outdated data
• Anonymization, Blocking, or Deletion: Request anonymization or deletion of unnecessary data
• Portability: Receive your data in a structured and readable format
• Consent Withdrawal: Withdraw your consent at any time
• Sharing Information: Know with whom we share your data
• Opposition: Object to data processing in specific situations

6. Data Security

We implement technical and organizational measures to protect your data:

• Encryption: Sensitive data is encrypted in transit (SSL/TLS) and at rest
• Row Level Security (RLS): Granular access control in the database
• Secure authentication: Passwords protected with hashing (bcrypt)
• Regular backups: Automatic security copies
• Monitoring: Detection of unauthorized access

7. Cookies and Similar Technologies

We use cookies for:

• Essential: Keep your session active, authentication
• Functional: Remember your preferences (language, theme)
• Analytics: Understand how you use the platform (anonymous data)

You can manage cookies in your browser settings.

8. Data Retention

We retain your data for as long as necessary to fulfill the purposes described in this policy, except when the law requires a longer period. After the relationship ends, your data may be:

• Anonymized for aggregate statistics
• Permanently deleted (upon request)
• Retained only for legal compliance purposes

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or through a notice on the platform. Continued use after changes constitutes acceptance of the new terms.

10. Contact

For questions, requests, or complaints about privacy: