Privacy Policy
Effective Date: March 1, 2025 Last Updated: March 1, 2025
1. Introduction
FitPulse Corp. ("FitPulse," "we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our FitPulse fitness tracking application and related services (collectively, the "Service").
This policy applies to our mobile application, website at fitpulse.jp, and all associated services. By using our Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.
2. Data Controller Information
The FitPulse developer acts as the data controller for personal information collected through our Service.
Developer: FitPulse Individual Developer
Location: Japan
Data Protection Contact: Chief Information Officer
Contact: privacy@fitpulse.jp
3. Definitions
For the purposes of this Privacy Policy:
- "Personal Information" means any information relating to an identified or identifiable natural person.
- "Sensitive Personal Information" means personal information that reveals health, fitness, or biometric data, or other categories considered sensitive under applicable law.
- "Processing" means any operation performed on personal information, including collection, storage, use, disclosure, or deletion.
- "Service" means the FitPulse application and all related services provided by us.
- "User" means any individual who uses our Service.
4. Information We Collect
4.1 Information You Provide Directly
We collect personal information that you voluntarily provide to us, including:
- Account Information: Name, email address, password, and account preferences
- Profile Information: Age, gender, height, weight, fitness goals, and profile picture
- Health and Fitness Data (Sensitive): Workout records, exercise routines, body measurements, health metrics, and fitness progress
- Payment Information: Billing details and payment method information (for premium features)
- Communication Data: Messages, support inquiries, and feedback you send to us
4.2 Information Collected Automatically
When you use our Service, we automatically collect certain information:
- Device Information: Device identifiers, operating system, app version, and hardware specifications
- Usage Information: App features used, session duration, interaction patterns, and performance metrics
- Location Data: GPS coordinates and location information (with your explicit consent)
- Technical Data: IP addresses, log files, crash reports, and analytics data
- Cookies and Tracking: Browser cookies, local storage, and similar tracking technologies
4.3 Information from Third-Party Sources
With your permission, we may receive information from:
- Health and fitness apps (Apple Health, Google Fit, etc.)
- Wearable devices (smartwatches, fitness trackers)
- Social media platforms (when you choose to connect accounts)
- Business partners and service providers
5. Legal Basis for Processing
We process your personal information based on the following legal grounds:
- Consent: Where you have given clear consent for specific processing activities
- Contract Performance: To provide services under our Terms of Service
- Legitimate Interests: For service improvement, security, and business operations
- Legal Compliance: To meet legal obligations and regulatory requirements
- Vital Interests: To protect health and safety in emergency situations
6. Purposes of Processing
We process your personal information for the following purposes:
- Providing and maintaining the FitPulse Service
- User authentication and account management
- Fitness tracking, analysis, and personalized recommendations
- Processing payments and managing subscriptions
- Customer support and communication
- Service improvement and feature development
- Security monitoring and fraud prevention
- Analytics and usage statistics
- Marketing communications (with consent)
- Legal compliance and dispute resolution
7. Sensitive Personal Information
We handle your health and fitness data with special care and additional protections:
- We obtain explicit consent before processing sensitive health data
- Health data is encrypted both in transit and at rest
- Access to sensitive data is strictly limited and monitored
- We conduct regular security assessments for health data systems
- You can withdraw consent for sensitive data processing at any time
We never sell or use your health data for advertising purposes.
8. Information Sharing and Disclosure
8.1 General Principle
We do not sell, rent, or trade your personal information. We only share information in the limited circumstances described below:
8.2 With Your Consent
We may share your information when you explicitly consent to such sharing.
8.3 Service Providers
We share information with trusted third-party service providers who assist us in operating our Service, including:
- Cloud hosting and data storage providers
- Payment processing services
- Analytics and performance monitoring tools
- Customer support platforms
8.4 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal processes or government requests
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Protect user safety or public health
8.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to equivalent privacy protections.
9. International Data Transfers
As a global service, we may transfer your personal information across international borders. When we do so, we ensure appropriate safeguards are in place:
- Transfers to countries with adequate protection as recognized by relevant authorities
- Standard contractual clauses approved by data protection authorities
- Certification schemes and codes of conduct
- Your explicit consent for specific transfers
10. Data Retention
We retain personal information only as long as necessary for the purposes outlined in this policy:
- Account Data: Retained while your account is active and for 3 years after deletion
- Health and Fitness Data: Retained while active and for 1 year after account deletion
- Payment Records: Retained for 7 years for tax and legal compliance
- Support Communications: Retained for 3 years after resolution
- Analytics Data: Aggregated data retained for 2 years
Upon expiration of retention periods, we securely delete or anonymize your personal information.
11. Data Security
We implement comprehensive security measures to protect your personal information:
11.1 Technical Safeguards
- End-to-end encryption for data transmission
- AES-256 encryption for data at rest
- Multi-factor authentication systems
- Regular security audits and penetration testing
- Intrusion detection and prevention systems
11.2 Administrative Safeguards
- Employee privacy and security training
- Access controls and principle of least privilege
- Background checks for personnel with data access
- Incident response and breach notification procedures
11.3 Physical Safeguards
- Secure data centers with 24/7 monitoring
- Biometric access controls
- Environmental controls and backup power systems
- Secure disposal of hardware and media
12. Your Privacy Rights
You have the following rights regarding your personal information:
12.1 Right of Access
You can request access to your personal information and receive a copy of the data we hold about you.
12.2 Right of Rectification
You can request correction of inaccurate or incomplete personal information.
12.3 Right of Erasure
You can request deletion of your personal information in certain circumstances.
12.4 Right to Restrict Processing
You can request that we limit how we process your personal information.
12.5 Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
12.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing.
12.7 Right to Withdraw Consent
You can withdraw consent at any time where processing is based on consent.
12.8 Exercising Your Rights
To exercise these rights, contact us at privacy@fitpulse.jp. We will respond within 30 days and may request identity verification.
14. Children's Privacy
We are committed to protecting children's privacy:
- Our Service is not intended for children under 13 years of age
- We do not knowingly collect personal information from children under 13
- Users aged 13-16 require parental consent in certain jurisdictions
- Parents can request access to, correction, or deletion of their child's information
If you believe we have collected information from a child inappropriately, please contact us immediately.
15. Automated Decision-Making
We use automated systems to provide personalized fitness recommendations and insights. You have the right to:
- Request human review of automated decisions
- Express your point of view about automated decisions
- Contest automated decisions that significantly affect you
- Opt out of certain automated processing
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make changes:
- We will post the updated policy on our website and app
- We will notify you of material changes via email or app notification
- We will seek new consent for significant changes to sensitive data processing
- Previous versions will be archived for reference
Continued use of our Service after changes become effective constitutes acceptance of the updated policy.
17. Complaints and Supervisory Authority
If you have concerns about our privacy practices, you can:
Contact us directly: privacy@fitpulse.jp
We will respond to complaints within 2 days
You also have the right to lodge a complaint with your local data protection authority if you believe we have violated applicable privacy laws.
18. Contact Information
For any questions about this Privacy Policy or our privacy practices, please contact us:
Email: privacy@fitpulse.jp