Privacy Policy

1. Introduction

This Privacy Policy explains how BestFitCoach Inc. ("BestFitCoach," "Company," "we," "us," or "our"),a corporation incorporated under the Canada Business Corporations Act (federal), registered in the Province of Quebec, with its registered headquarters at [204 Saint-Sacrement,street,H2Y 1W8], Montreal, Quebec, Canada, collects, uses, discloses, retains, and protects your personal information when you use our AI fitness coaching application and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable privacy legislation, including the Quebec Act respecting the protection of personal information in the private sector (Quebec Law 25), the Personal Information Protection and Electronic Documents Act (PIPEDA), and, where applicable to users in the European Economic Area, the General Data Protection Regulation (GDPR).

By creating an account or using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you register for and use the Service, you may provide us with:

• Account information: Name, email address, display name, password, and timezone
• Profile information: Fitness level, fitness goals, and personal preferences
• Payment information: Payment method details, processed securely by our third-party payment processor. We do not store full credit card numbers on our servers.
• Health and fitness data: Weight, height, body measurements, injuries, medical conditions you choose to disclose, workout history, exercise performance, personal records, and nutrition logs
• Conversation data: Text and voice messages exchanged with the AI coach, including fitness goals, preferences, feedback, and any personal information shared during conversations
• Assessment data: Responses to the Better Self challenge assessment, including dream goals, baseline metrics, and target metrics

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical and usage information:

• Device information: Device type, operating system, browser type and version, screen resolution
• Usage data: Features accessed, session duration, frequency of use, interaction patterns, and navigation paths
• Log data: IP address, access times, referring URLs, and error logs
• Performance data: Application performance metrics and crash reports

2.3 Ambassador and Referral Data

If you participate in our Ambassador Program or arrive via a referral link, we additionally collect:

• Ambassador account details, referral codes, and commission history
• Referral relationship data (which ambassador referred which subscriber)
• Payout information necessary to process commission payments
• Referral tracking cookies (described in Section 6)

3. How We Use Your Information

We process your personal information for the following purposes:

3.1 Service Delivery

• Providing personalized AI fitness coaching, workout plans, and nutrition guidance
• Maintaining conversation memory to deliver contextual, personalized coaching over time
• Tracking workout completion, personal records, streaks, and progress metrics
• Processing and displaying nutrition logs and macro tracking
• Operating the Better Self challenge and gamification features

3.2 Account and Subscription Management

• Creating and maintaining your account
• Processing subscription payments and managing billing
• Sending transactional communications (payment confirmations, account updates, security alerts)

3.3 Ambassador Program

• Tracking and attributing referrals
• Calculating and processing ambassador commissions
• Preventing fraud and abuse within the referral program

3.4 Service Improvement

• Analyzing usage patterns to improve features, performance, and user experience
• Identifying and resolving technical issues and bugs
• Developing new features and functionality

3.5 Communications

• Sending optional email reminders and weekly progress summaries (you may opt out at any time via Settings)
• Responding to support inquiries
• Notifying you of material changes to the Service or these policies

3.6 Legal and Safety

• Complying with applicable legal obligations
• Enforcing our Terms of Service
• Protecting the safety and security of users and the Service
• Detecting and preventing fraud, abuse, or unauthorized access

4. Legal Basis for Processing (GDPR Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

• Performance of contract: Processing necessary to provide the Service you have subscribed to (Sections 3.1, 3.2, 3.3)
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud (Sections 3.4, 3.6), where such interests are not overridden by your rights
• Consent: Processing based on your explicit consent, such as optional marketing communications (Section 3.5). You may withdraw consent at any time.
• Legal obligation: Processing necessary to comply with applicable laws and regulations

5. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising purposes. We may share your information with the following categories of service providers, solely as necessary to operate and deliver the Service:

• AI technology providers: We use third-party large language model providers to power the AI coaching functionality. Your conversation data is transmitted to these providers solely to generate coaching responses. These providers are contractually prohibited from using your data to train their AI models or for any purpose other than providing the service to BestFitCoach.
• Cloud infrastructure and hosting providers: We use third-party cloud services to host the application, store data, and deliver the Service. All data is encrypted in transit and at rest.
• Payment processors: We use a third-party payment processor to handle subscription billing. We do not store your full payment card details.
• Database providers: We use third-party database services to securely store user accounts, fitness data, and application data.
• Email service providers: We use third-party email services to send transactional and optional marketing communications.

We retain the right to change any or all of these third-party providers at any time without notice, provided that any replacement provider offers equivalent or greater data protection standards.

We may also disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

Ambassador referral data is shared only between the ambassador and BestFitCoach. Ambassadors can see the number and status of their referrals but cannot access any personal information about referred users.

6. Cookies and Tracking Technologies

We use a limited number of cookies and similar technologies to operate the Service:

6.1 Essential Cookies

These cookies are strictly necessary for the Service to function and cannot be disabled. They include:

• Authentication cookies: Required for login, session management, and maintaining your authenticated state
• Security cookies: Used to prevent cross-site request forgery and other security threats

6.2 Functional Cookies

These cookies enable enhanced functionality:

• Preference cookies: Remember your settings and preferences (timezone, display preferences)
• Referral cookies: When you visit via an ambassador referral link, we store a cookie for up to thirty (30) days to attribute your subscription to the referring ambassador. This cookie contains only the referral code and no personal information.

6.3 What We Do NOT Use

We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies. We do not participate in ad networks or sell data to advertisers. We do not use analytics tracking cookies that follow you across other websites.

6.4 Managing Cookies

You can manage cookies through your browser settings. Please note that disabling essential cookies may prevent the Service from functioning properly. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of all data in transit using TLS/SSL protocols
• Encryption of data at rest within our database infrastructure
• Secure authentication mechanisms with hashed and salted passwords
• Role-based access controls limiting employee access to personal data on a need-to-know basis
• Row-level security policies ensuring users can only access their own data
• Regular security assessments and vulnerability monitoring
• Rate limiting and abuse prevention systems

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as your account is active and as needed to provide the Service. Specific retention periods include:

• Account and profile data: Retained for the duration of your active account
• Conversation history: Retained for the duration of your active account to maintain coaching continuity and memory
• Workout and nutrition logs: Retained for the duration of your active account
• Payment records: Retained for up to seven (7) years after your last transaction for tax and legal compliance
• Ambassador commission records: Retained for up to seven (7) years for tax and accounting purposes
• Usage and rate-limiting data: Retained for up to thirty (30) days, then automatically purged

Upon account deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law or for legitimate business purposes as described above. Backup systems may retain encrypted copies for up to ninety (90) days following deletion.

9. Your Privacy Rights

9.1 Rights Under Canadian Law (Quebec Law 25 and PIPEDA)

As a Canadian resident, you have the following rights regarding your personal information:

• Right of access: You may request access to the personal information we hold about you
• Right to rectification: You may request correction of inaccurate or incomplete personal information
• Right to deletion: You may request deletion of your personal information, subject to legal retention requirements
• Right to data portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format
• Right to withdraw consent: You may withdraw your consent to the processing of your personal information at any time, subject to legal or contractual obligations
• Right to file a complaint: You may file a complaint with the Commission d'acces a l'information du Quebec (CAI) if you believe your privacy rights have been violated

9.2 Rights Under GDPR (EEA, UK, and Swiss Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you additionally have the following rights:

• Right to restrict processing: You may request that we restrict the processing of your personal information under certain circumstances
• Right to object: You may object to processing based on our legitimate interests
• Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. Our AI coaching system generates recommendations but does not make legally binding decisions about you.
• Right to lodge a complaint: You may file a complaint with your local data protection supervisory authority

9.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@bestfitcoach.com. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request. There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.

10. International Data Transfers

Our Service is operated from Canada. Your personal information may be processed and stored in Canada and in other countries where our third-party service providers operate, including the United States. These countries may have data protection laws that differ from those in your country of residence.

When we transfer your personal information outside of Canada, the EEA, or your country of residence, we ensure appropriate safeguards are in place, including:

• Contractual clauses that require service providers to protect your data to equivalent standards
• Selecting providers in jurisdictions recognized as providing adequate data protection
• Implementing supplementary technical and organizational measures where necessary

By using the Service, you consent to the transfer of your information to Canada and other countries as described in this section.

11. AI Processing and Automated Decision-Making

The Service uses artificial intelligence to process your information and generate personalized coaching responses, workout plans, and nutrition guidance. Specifically:

• Your conversation messages are transmitted to third-party AI language model providers to generate coaching responses
• Your fitness data, workout history, and preferences are included as context to enable personalized recommendations
• Behavioral patterns may be analyzed to generate coaching insights (such as identifying workout consistency patterns)
• Memory systems store summaries of past conversations to provide continuity across coaching sessions

Our AI processing is designed to assist and recommend -- it does not make legally binding decisions about you. All workout plans and recommendations are suggestions that you choose whether or not to follow. You retain full control over your fitness decisions at all times.

Our third-party AI providers are contractually prohibited from using your conversation data to train, improve, or develop their AI models. Your data is processed solely to generate responses for you and is not shared with other users.

12. Data Breach Notification

In the event of a security breach that results in unauthorized access to, disclosure of, or loss of your personal information, we will:

• Investigate the incident promptly and take appropriate measures to contain and mitigate the breach
• Notify affected users without unreasonable delay and in any event within seventy-two (72) hours of becoming aware of the breach, where feasible
• Notify the Commission d'acces a l'information du Quebec (CAI) and any other applicable regulatory authorities as required by law
• Provide you with information about the nature of the breach, the data affected, the measures taken, and recommended steps to protect yourself

13. Children's Privacy

The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete such information. If you believe that a child under 18 has provided us with personal information, please contact us at privacy@bestfitcoach.com.

14. Sensitive Health Information

Some of the information you provide to the Service may constitute sensitive health information, including physical measurements, injuries, medical conditions, and fitness assessments. We treat all health-related information with heightened security and care. This information is:

• Collected only with your explicit consent, provided when you voluntarily share it during coaching conversations or assessments
• Used solely for the purpose of delivering personalized fitness coaching
• Never sold, rented, or shared for advertising or marketing purposes
• Subject to the same encryption and security protections described in Section 7
• Deleted upon account deletion in accordance with Section 8

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or in-app notification at least thirty (30) days before material changes take effect
• Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us at:

If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with:

• In Quebec: Commission d'acces a l'information du Quebec (CAI) -- www.cai.gouv.qc.ca
• In Canada (federal): Office of the Privacy Commissioner of Canada -- www.priv.gc.ca
• In the EEA/UK: Your local data protection supervisory authority