Privacy Policy
Last updated: 9 July 2026
This Privacy Policy explains how Fitimio collects, uses, stores, and shares personal data when you use the Fitimio website, dashboard, MCP server, and connected assistant features.
This document is a template. Replace the placeholders for company name, address, contact details, and jurisdiction before launch.
1. Who we are
Fitimio is operated by [Legal company name].
Contact:
- Email: [[email protected]]
- Address: [company address]
- EU representative, if required: [representative details]
- Data Protection Officer, if required: [DPO contact]
For the purposes of the GDPR, Fitimio is generally the controller for the personal data it collects and stores in your Fitimio account.
2. What data we collect
Depending on how you use Fitimio, we may collect:
- account data, such as your email address, authentication provider, user ID, and subscription status;
- diet and nutrition data, such as meals, calories, macros, ingredients, food photos, barcode lookups, meal templates, supplements, and drinks;
- workout and plan data, such as workout routines, workout sessions, plan items, and progress notes;
- health and wellness context, such as goals, body metrics, custom metrics, allergies, food restrictions, conditions, medications, and user-provided notes;
- shopping and pantry data, such as shopping lists, bought items, and planned meals;
- technical data, such as IP address, browser type, device information, request logs, security logs, MCP session identifiers, and error logs;
- payment data processed by Stripe, such as subscription plan, billing status, customer ID, and limited payment metadata. Fitimio does not store full card numbers.
Some of this data may be health data or data related to health, diet, allergies, or conditions. In the EU, this can be special category data under the GDPR.
3. Why we use your data
We use your data to:
- create and maintain your Fitimio account;
- provide meal tracking, goal tracking, workouts, shopping lists, analytics, and dashboard features;
- expose your Fitimio data through MCP tools to AI assistants that you connect;
- let connected assistants read relevant context or perform actions that you request, such as logging a meal or updating a shopping list;
- process subscriptions and billing;
- secure the service, prevent abuse, debug errors, and monitor reliability;
- comply with legal obligations.
4. Legal bases for processing
We rely on different legal bases depending on the purpose:
- Contract: to provide the Fitimio account, dashboard, MCP server, and subscription features you request.
- Explicit consent: to process health, allergy, condition, nutrition, workout, and wellness data where required by law.
- Consent: to share relevant Fitimio context with connected AI assistants when you enable that feature.
- Legitimate interests: to keep the service secure, prevent abuse, debug issues, and improve reliability.
- Legal obligation: where we must keep records for tax, accounting, fraud prevention, or legal compliance.
You can withdraw consent where consent is the legal basis. Withdrawing consent may disable health tracking or AI assistant features that depend on that data.
5. AI assistant and MCP processing
Fitimio is designed as a data and MCP tool layer. When you connect an AI assistant, the assistant may request relevant Fitimio data through MCP tool calls.
For example, a connected assistant may ask Fitimio for:
- your meals for today;
- your calorie or protein goal;
- your stored allergies or food restrictions;
- your shopping list;
- food nutrition data;
- permission to log a meal or update a list.
Fitimio does not control the full conversation you have with the AI assistant unless that conversation happens inside a Fitimio-controlled interface. Fitimio receives the MCP tool request and returns the data or action result needed for that tool call.
The AI provider may process the data it receives according to its own terms, privacy policy, and data processing agreement. You should review the AI provider settings and policies before connecting Fitimio.
6. External processors and providers
We may use service providers to operate Fitimio, including:
- hosting and database providers;
- authentication providers;
- payment provider Stripe;
- AI providers selected or connected by you;
- analytics, logging, email, and infrastructure providers.
Where required, we use data processing agreements with processors. If personal data is transferred outside the EEA, we use an appropriate transfer mechanism, such as an adequacy decision or standard contractual clauses, where required.
7. Medical and safety limits
Fitimio is a wellness, tracking, and personal organization product. It is not a medical device and does not provide diagnosis, treatment, emergency care, or professional medical advice.
Do not use Fitimio or connected AI assistants as a substitute for a doctor, registered dietitian, emergency service, or mental health professional.
For medical conditions, allergies, eating disorders, pregnancy, medication interactions, severe symptoms, or emergencies, contact a qualified professional or local emergency services.
8. How long we keep data
We keep personal data for as long as needed to provide the service, comply with legal obligations, resolve disputes, secure the service, and enforce agreements.
Typical retention periods:
- account and profile data: while your account is active;
- meal, goal, metric, workout, shopping, and condition data: while your account is active or until you delete it;
- billing records: as required by tax and accounting law;
- security and request logs: for a limited period needed for security, debugging, and abuse prevention.
You may request deletion of your account and personal data, subject to legal retention obligations.
9. Your rights
Depending on your location, you may have rights to:
- access your personal data;
- correct inaccurate data;
- delete your data;
- restrict or object to processing;
- withdraw consent;
- receive a portable copy of your data;
- lodge a complaint with a data protection authority.
To exercise your rights, contact us at [[email protected]].
10. Security
We use technical and organizational safeguards designed to protect personal data, including authentication, access controls, encrypted transport, limited data access, and security logging.
No online service is completely risk-free. You are responsible for keeping your account credentials and connected assistant accounts secure.
11. Children
Fitimio is not intended for children under [age threshold, e.g. 16]. We do not knowingly collect personal data from children without valid parental consent where required.
12. Changes
We may update this Privacy Policy when the product, law, or data practices change. If changes are material, we will provide appropriate notice.