Privacy Policy — Fit Ops Pro

1. Introduction

Revolution Fitness LLC ("Company," "we," "us," or "our") operates the Fit Ops Pro platform ("Platform," "Service"), a software-as-a-service (SaaS) coaching management platform accessible via web application and mobile application. This Privacy Policy describes how we collect, use, disclose, retain, and protect the personal information of users who access or use our Service, including fitness coaches ("Coaches") and their clients ("Clients").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must not access or use the Platform.

This Privacy Policy applies to all information collected through our Platform, our mobile applications, and any related services, sales, marketing, or events (collectively, the "Services").

2. Information We Collect

2.1 Coach Account Information

When a Coach registers for and uses the Platform, we collect:

Full name, email address, phone number
Business name and business address
Employer Identification Number (EIN) or Tax Identification Number
Login credentials (password stored in hashed form)
Profile and branding information (logo, colors, business description)
Subscription and billing information (processed by Stripe; see Section 5)
Communication preferences and settings

2.2 Client Information

Coaches add their Clients to the Platform. Client information may include:

Full name, email address, phone number
Health and fitness data, including but not limited to: body weight, body measurements, body fat percentage, progress photos, fitness goals, workout logs, exercise performance data, and check-in responses
Health device data, including step counts, sleep duration, and sleep quality data synced from Apple HealthKit or Google Health Connect
Nutritional information and dietary data
Communication records (messages, voice messages, call logs)
Payment information (processed by Stripe; card details are never stored on our servers)
Mobile device information when using the Fit Ops Pro mobile application

2.3 Device and Usage Information

We automatically collect certain information when you access the Platform:

Device type, operating system, and version
Browser type and version (for web application)
IP address and approximate geographic location
Pages viewed, features used, and actions taken within the Platform
Date, time, and duration of visits
Referring URL and search terms used to find our Platform
Crash reports and performance diagnostics
Push notification tokens (for mobile application)

2.4 Communication Data

When Coaches and Clients communicate through the Platform, we collect:

SMS and text message content, timestamps, and delivery status
Voice call records, including duration and timestamps
In-app chat messages, including text, voice messages, and media
Email communications sent through the Platform
Communication opt-in and opt-out records

2.5 AI-Processed Data

Certain data is processed using artificial intelligence services:

Audio recordings submitted via the Platform may be transcribed using AI-powered transcription services
Check-in responses and health data may be analyzed to generate AI-powered summaries and action items
Transcription and summary outputs are stored within the Platform

2.6 Health and Fitness Device Data

With your explicit permission, the Fit Ops Pro mobile application may access:

Apple HealthKit data: Step count and sleep analysis data. We read this data only with your explicit authorization through the iOS Health permissions prompt. We do not write data to HealthKit. HealthKit data is not used for advertising or marketing purposes and is not sold to third parties or data brokers.
Google Health Connect data: Step count and sleep session data. We access this data only with your explicit permission through the Health Connect permissions prompt. We do not write data to Health Connect.

You may revoke access to HealthKit or Health Connect data at any time through your device settings. Revoking access will prevent the Platform from syncing new health data but will not delete previously synced data from the Platform.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery and Operations

To create, maintain, and manage your account
To provide, operate, and improve the Platform and its features
To process payments and manage subscriptions
To facilitate communications between Coaches and Clients
To deliver workout programs, track progress, and manage coaching relationships
To sync and display health and fitness data from connected devices

3.2 Communications

To send transactional messages (account verification, password resets, payment confirmations, billing notifications)
To deliver Coach-to-Client communications via SMS, voice, email, and in-app messaging
To send service-related announcements and updates
To provide customer support and respond to inquiries

3.3 AI Processing

To transcribe audio and video submissions for Coach review
To generate summaries and action items from check-in data
To provide data-driven insights to Coaches about Client progress

3.4 Analytics and Improvement

To analyze usage patterns and improve the Platform
To diagnose technical issues and improve performance
To develop new features and services

3.5 Legal and Compliance

To comply with legal obligations and regulatory requirements
To enforce our Terms and Conditions
To protect against fraud, abuse, and unauthorized access
To respond to legal processes (subpoenas, court orders, government requests)

4. SMS, Voice, and Email Communications

4.1 Coach Communications Consent

By registering for the Platform, Coaches consent to receive transactional SMS messages, voice calls, and emails from Fit Ops Pro related to their account and service operations. These communications may include:

Account verification and security notifications
Billing alerts, payment confirmations, and payment failure notifications
Service updates and platform announcements
Client activity notifications

Message frequency varies based on account activity. Message and data rates may apply. Coaches may opt out of non-essential communications at any time by contacting [email protected].

4.2 Coach-to-Client Communications

The Platform enables Coaches to communicate with their Clients via SMS, voice calls, and email using dedicated communication channels provisioned through our third-party providers (Twilio for SMS and voice; SendGrid for email). Coaches are assigned dedicated phone numbers and may authenticate custom email domains for their business communications.

Coach Responsibility for Client Consent: Coaches are solely responsible for obtaining proper consent from their Clients before initiating SMS, voice, or email communications through the Platform. This includes:

Obtaining express written consent from Clients before sending SMS messages, as required by the Telephone Consumer Protection Act (TCPA) and applicable state laws
Clearly informing Clients of the types of messages they will receive, message frequency, and that message and data rates may apply
Providing Clients with clear opt-out instructions (e.g., reply STOP to any SMS message)
Honoring all opt-out requests promptly and maintaining opt-out records
Complying with all applicable federal, state, and local laws governing electronic communications

4.3 Client Opt-Out Rights

Clients may opt out of SMS communications at any time by:

Replying STOP to any SMS message received through the Platform
Contacting their Coach directly to request removal from messaging
Contacting us at [email protected]

After opting out, Clients will receive a single confirmation message. Opting out of SMS does not affect the Client's account status or access to other Platform features.

4.4 Supported Carriers

SMS services are supported on all major U.S. carriers. Carriers are not liable for delayed or undelivered messages.

4.5 Message Data Sharing

We do not sell, rent, or share SMS opt-in data or consent records with third parties for marketing or promotional purposes. SMS opt-in data and consent information is used exclusively to deliver the messaging services described in this Privacy Policy and to comply with applicable law.

5. Third-Party Service Providers

We use the following third-party service providers to operate the Platform. Each provider processes data in accordance with their own privacy policies:

5.1 Stripe

Purpose: Payment processing for Coach subscriptions and Coach-to-Client billing.

Stripe collects and processes payment card information directly. We do not store credit card numbers, CVVs, or full card details on our servers. Stripe is a PCI-DSS Level 1 certified service provider. For more information, see Stripe's Privacy Policy.

5.2 Twilio

Purpose: SMS messaging and voice call services.

Twilio processes phone numbers, message content, call recordings (if applicable), and delivery/call metadata. Each Coach is assigned a dedicated phone number provisioned through Twilio. For more information, see Twilio's Privacy Policy.

5.3 SendGrid (Twilio)

Purpose: Transactional and Coach-to-Client email delivery.

SendGrid processes email addresses, email content, and delivery metadata. Coaches may authenticate custom domains for branded email delivery. For more information, see Twilio/SendGrid's Privacy Policy.

5.4 Supabase

Purpose: Database hosting, authentication, and file storage.

Supabase hosts our database infrastructure and stores all Platform data, including user accounts, fitness data, communications, and uploaded files. Data is encrypted at rest and in transit. For more information, see Supabase's Privacy Policy.

5.5 OpenAI

Purpose: AI-powered transcription and content summarization.

Audio and text data may be sent to OpenAI's API for transcription and summary generation. We use OpenAI's API services, which means data sent to OpenAI is not used to train their models. For more information, see OpenAI's Privacy Policy.

5.6 Apple HealthKit

Purpose: Reading step count and sleep data from iOS devices.

HealthKit data is accessed only with explicit user permission and is used solely for displaying health metrics within the Platform. HealthKit data is not used for advertising, is not sold to data brokers, and is not shared with third parties except as needed to provide the Service. Our use of HealthKit data complies with Apple's HealthKit guidelines.

5.7 Google Health Connect

Purpose: Reading step count and sleep data from Android devices.

Health Connect data is accessed only with explicit user permission and is used solely for displaying health metrics within the Platform. Health Connect data is handled in accordance with Google's Health Connect developer requirements.

5.8 Expo / React Native

Purpose: Mobile application framework.

Our mobile application is built using Expo and React Native. Expo may collect anonymized crash reports and performance diagnostics to help us improve application stability. For more information, see Expo's Privacy Policy.

5.9 Netlify

Purpose: Web application hosting.

Netlify hosts our web application and may process IP addresses and request metadata for content delivery and security purposes. For more information, see Netlify's Privacy Policy.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Platform:

6.1 Essential Cookies

Required for authentication, security, and core Platform functionality. These cannot be disabled without impairing Platform functionality.

6.2 Analytics Cookies

Used to understand how users interact with the Platform, identify performance issues, and improve the user experience. These cookies collect aggregated, anonymized data.

6.3 Preference Cookies

Used to remember your settings and preferences (e.g., theme, display options) across sessions.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality. Our Platform does not respond to "Do Not Track" browser signals at this time.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Coach-Client Relationship: Client data entered into the Platform is accessible to the Coach who manages that Client's account. Coaches control the collection and use of their Clients' data within the Platform.
Service Providers: We share data with the third-party providers described in Section 5, solely for the purpose of operating and improving the Platform.
Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
Protection of Rights: We may disclose information when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice on the Platform.

8. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements:

Active Accounts: Data is retained for the duration of your active account.
Closed Coach Accounts: Upon account termination, we retain account data for up to 90 days to allow for account recovery or dispute resolution, after which data is permanently deleted or anonymized.
Client Data: Client data is retained as long as the Coach's account is active. When a Coach deletes a Client or terminates their account, Client data is deleted in accordance with our retention schedule.
Communication Records: SMS, voice, and email records are retained for a minimum of 5 years to comply with telecommunications regulations and for dispute resolution purposes.
Payment Records: Transaction records are retained as required by applicable tax and financial regulations.
Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics and service improvement purposes. This data cannot be used to identify any individual.

9. Data Security

We implement reasonable and appropriate technical, administrative, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication with hashed passwords
Role-based access controls limiting data access to authorized personnel
Regular security assessments and monitoring
Secure hosting infrastructure with SOC 2 compliant providers
Payment data handled by PCI-DSS Level 1 certified processors

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

10. Your Privacy Rights

10.1 General Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information, subject to legal retention requirements.
Portability: Request your data in a structured, commonly used, machine-readable format.
Objection: Object to certain types of data processing.
Withdraw Consent: Withdraw previously given consent for data processing.

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within 45 days.

10.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we collected.
Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
Right to Correct: You may request that we correct inaccurate personal information.
Right to Opt Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Information: You may limit our use of sensitive personal information to purposes necessary to provide the Services.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at [email protected]. We may need to verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

10.3 Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with consumer privacy laws may have similar rights. We will honor verified requests in accordance with applicable law. Contact us at [email protected] for more information.

11. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. Coaches must not add Clients under the age of 18 to the Platform without proper parental or guardian consent and compliance with all applicable laws, including the Children's Online Privacy Protection Act (COPPA).

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected information from a child under 18, please contact us at [email protected].

12. International Data Transfers

The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the Platform, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

13. Data Processing Roles

For the purposes of applicable data protection laws:

Revolution Fitness LLC acts as a data processor with respect to Client data that Coaches enter into the Platform. Coaches act as data controllers for their Clients' personal information and are responsible for having a lawful basis for collecting and processing that data.
Revolution Fitness LLC acts as a data controller with respect to Coach account information and Platform usage data.

Coaches are responsible for providing their own privacy notices to their Clients and ensuring their use of the Platform complies with all applicable data protection laws.

14. Links to Third-Party Websites

The Platform may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party website you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Effective Date" and "Last Updated" date at the top of this page
Notify registered users via email or prominent notice on the Platform
Where required by law, obtain your consent before implementing material changes

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Revolution Fitness LLC
Doing business as Fit Ops Pro
Email: [email protected]
Address: [Business Address]

For data subject access requests or privacy complaints, please email [email protected] with the subject line "Privacy Request."