AI Privacy Policy

Effective Date: 4 December 2025

Introduction:

At GRITFIT.AI, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the GRITFIT.AI website and services. It also outlines your rights regarding your personal data and how you can exercise them. By using our website or services, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect and Why

We only collect personal information that you knowingly provide or that is necessary for the functioning of our platform. GRITFIT.AI does not collect any personal data beyond what you voluntarily submit via our site (such as through account registration, contact forms, or comments). The types of data we collect include:

  • Account Information: If you create a user account to log in, we collect basic information such as your name, email address, and login credentials. This information is used to set up and maintain your account and allow you to access member features. We do not collect any additional profile data beyond what you provide during registration.
  • Contact Form Data: When you reach out to us via a contact form or other inquiry forms, we collect the information you provide (for example, your name, email address, and the content of your message). We use this data only to respond to your inquiry or request.
  • Comments: If you post comments on our site (e.g. on blog posts or forums), we collect the information you enter into the comment form (such as your name and comment text). For security purposes, we also temporarily collect technical data like your IP address and browser user agent when a comment or form is submitted, to help us with spam detection and site security. We anonymise the IP address (or use an anonymised version) when processing it for spam prevention, ensuring that we do not store your full IP in association with your comment.
  • Cookies and Usage Data: Like most websites, we use cookies and similar technologies to enhance your experience. These may collect information about your interactions with our site, such as which pages you visit, preferences you set, and other usage details. This data helps us keep you logged in, remember your preferences, personalise content, and understand how users engage with our platform (analytics). Please see the Cookies section below for more details.

We do not collect any sensitive personal data (such as health information, genetic data, etc.) through our website, except for any fitness performance data you voluntarily input into the GRITFIT.AI platform for your training purposes. Any performance or fitness data you provide is used strictly to power your personal training experience on the platform and is kept private and in-house.

Children’s Privacy

GRITFIT.AI is intended exclusively for adults and is not directed to children or adolescents. Use of the GRITFIT.AI platform is restricted to individuals who meet the Eligibility and Age Requirement (18+) set out in our Terms of Service.

We do not knowingly collect personal information from individuals under the age of 18. If we become aware that personal data has been collected from a user under 18, we will take reasonable steps to delete such information and terminate the associated account in accordance with our policies and applicable law.

If you are a parent or guardian and believe that a minor has provided personal information to GRITFIT.AI in violation of these terms, please contact us so we can investigate and take appropriate action.

How We Use Your Data

We use the personal data we collect only for specific, legitimate purposes, and we will not process it in a manner incompatible with those purposes. The main uses of your data include:

  • Providing and Improving Our Service: We process your account data to log you in and allow you to use GRITFIT.AI’s features. For example, we use your information to deliver personalised workout plans or AI-driven fitness recommendations tailored to you. (Notably, all AI training engine decisions and performance analyses are done internally – we do not send your personal fitness data to any third-party AI or external decision-making APIs.) We may review aggregated, non-identifying technical logs (for example: server error logs) to keep the site reliable and secure.
  • Communication: We use contact information (like your email from a contact form or account registration) to respond to your inquiries, support requests, or to send important administrative information (such as changes to this Privacy Policy or security notices). We will not send you marketing emails unless you have explicitly opted in to such communications.
  • Essential site operation: Our public website uses only essential cookies required for basic functionality and security. We do not use advertising trackers. If we introduce optional analytics in the future, we will request consent where required and update our Cookie Policy.
  • Security and Fraud Prevention: Information such as anonymised IP addresses and browser details are used to protect our platform and users. Specifically, we utilise these data points to detect and prevent spam comments, fraudulent activities, or misuse of our website. For example, automated spam detection services may check form submissions, and providing an anonymised IP helps in identifying spam patterns without storing your actual IP. We may also use data to troubleshoot issues, debug errors, and maintain the overall security of the site.

GRITFIT.AI will never use your personal data for any purpose other than those described above without obtaining your consent or unless required by law. In particular, we do not use your information for any automated decision-making or profiling that has legal or similarly significant effects on you. Any fitness performance data or personal progress metrics you provide are processed solely to give you feedback and guidance within the platform; this data is kept confidential within GRITFIT.AI and is not shared externally.

Cookies and Embedded Content

Cookies:
Our website uses cookies, which are small text files placed on your device, to ensure core functionalities and to enhance your experience. We use cookies for several reasons:

  • Login Persistence: When you log in to your GRITFIT.AI account, we set a secure cookie to keep you logged in during your session and (if you choose) to remember you on your device for your next visit. This saves you from re-entering your credentials every time and provides seamless access to your account.
  • Site Personalisation: Cookies help us remember your preferences and settings. For example, they may store your preferred language, layout, or other customisation choices so that the site appears and behaves according to your selections each time you return.
  • Analytics and User Experience: We use cookies (and similar tracking technologies like local storage) to collect usage data for analytics purposes. This helps us understand how users navigate the site, which features are popular, and how we can improve.  Any analytics cookies we use are intended to gather aggregate information and do not directly identify you.

When you first visit our site, you may see a notice about cookies. By continuing to use the site, you consent to our use of cookies for the purposes described. You can control or delete cookies through your browser settings at any time. Please note: if you disable or refuse certain essential cookies (such as those for login), some features of the site (like staying logged in or personalised settings) may not function properly.

Embedded Content:
Pages on the GRITFIT.AI website may include embedded content or functionalities from third-party sites (for example, videos, social media widgets, or interactive fitness content). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website directly. These third-party sites may collect data about you, use cookies, embed additional third-party tracking, or monitor your interaction with that embedded content. For example, if we embed a YouTube instructional video, YouTube may set its own cookies and collect usage data per its own privacy policy. GRITFIT.AI does not control the data collection of these third-party providers. We embed content only as necessary to provide a richer experience, and we recommend you review the privacy policies of any third-party services that provide embedded features on our site. If you prefer not to be tracked by embedded content, you can choose not to interact with such content or use browser extensions that block third-party content.

Data Sharing and Disclosure

We value your privacy. GRITFIT.AI does not sell, rent, or trade your personal data to any third parties for marketing or any other purposes. We also do not disclose your personal information to outside parties except in the limited circumstances described below:

  • Service Providers (Data Processors): We use reputable third-party services to help us operate and support the GRITFIT.AI platform. For example, we rely on Google Firebase for our website and application infrastructure (data hosting, databases, authentication, etc.), and we might use analytics or email service providers. These third-party processors may have access to personal data solely to perform specific tasks on our behalf (such as storing data or sending out a response email) and are contractually obligated to keep your information confidential and secure. They are not permitted to use your data for their own purposes. We ensure that any service providers we engage process personal data in compliance with applicable privacy laws.
  • Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (for example, in compliance with a court order, subpoena, or other legal process). In such cases, we will only disclose the minimum amount of information necessary to comply with the law.
  • Protection of Rights and Users: If necessary, we may share information to enforce our Terms of Service or other agreements, or to investigate potential violations thereof. We may also disclose data to detect, prevent, or address fraud, security, or technical issues, or to protect the rights, property, and safety of GRITFIT.AI, our users, or the public as required or permitted by law.
  • Business Transfers: In the event that GRITFIT.AI undergoes a business transaction such as a merger, acquisition by another company, or sale of assets, user information (including personal data) may be transferred to the successor organisation. If such a transfer occurs, we will ensure that your personal data remains subject to confidentiality commitments and will notify you (for example, via a prominent notice on our website) of any change in data ownership or uses, as well as any choices you may have regarding your personal data.

Aside from the situations above, no personal data is shared with any other individuals or companies. In particular, we do not provide your information to third-party advertising networks or social media companies for independent use. Your workout performance data and any AI-generated insights about you remain strictly within GRITFIT.AI’s system and are not transmitted to outside entities.

Data Storage and International Transfers

GRITFIT.AI uses Google Firebase as our primary data storage and processing platform. This means that the data you provide is stored on Firebase’s secure servers. While we are based in the United Kingdom, Firebase (operated by Google) may store or process data on servers located in multiple countries. In particular, your data might be transferred to and stored on servers outside of your country of residence, including servers in the United States or other jurisdictions where Google or its sub processors operate data centres.

We understand that different countries have different data protection laws. Whenever your personal data is transferred outside of your jurisdiction (for example, outside the UK or European Economic Area), we take steps to ensure that adequate safeguards are in place to protect your information in accordance with applicable legal requirements. These safeguards may include:

  • Ensuring the recipient country has been deemed to have an adequate level of data protection by relevant authorities, or
  • Using standard contractual clauses or equivalent legal mechanisms in agreements with our service providers to require the same level of data protection as required in your home jurisdiction.

By using the GRITFIT.AI website or providing us with your information, you consent to this transfer, storage, and processing of your personal data in other countries as described. We will always handle your personal data securely, no matter where it is processed, and in line with this Privacy Policy.

Data Retention

We will retain your personal data only for as long as is necessary to fulfil the purposes for which we collected it (as described in this policy), or to comply with legal, accounting, or reporting requirements. Different types of data may have different retention periods:

  • Account Information: If you have a GRITFIT.AI account, we keep your account details and any associated data for as long as your account is active. If you choose to delete your account or if it has been inactive for an extended period, we will remove or anonymise your personal data associated with that account (except for any data we are required to keep for legal reasons). Data backups containing your information may persist for a short period as part of our routine backup procedures, but will be purged according to our backup retention schedule.
  • Contact Form Correspondence: Information you provide to us through contact forms or support inquiries may be retained for a reasonable period to allow us to effectively manage your requests. We may keep these communications (including our responses) for our records and to help train our support team, unless you specifically request deletion. Typically, unless further follow-up is needed, contact form data is not kept longer than necessary to address your inquiry.
  • Comments: If you leave a comment on our site, the comment and its metadata are generally retained indefinitely. This is so we can display your comment on the site as intended and follow-up comments can be recognised automatically. However, if you wish to have a comment removed, you can contact us to request deletion, and we will remove your comment and associated personal information from our site.
  • Analytics Data: Analytics and usage data collected via cookies or similar technologies may be stored by our analytics providers (e.g., Google) for statistical analysis. Such data is often aggregated or anonymised over time. We do not retain personally identifiable analytics data longer than necessary. For instance, IP addresses in Google Analytics can be anonymised, and raw analytic logs are typically deleted or anonymised after a set period (e.g., 14 months), depending on the service’s settings.
  • Server Logs: Our web servers may automatically log certain information (such as IP address, browser type, access times) when you use the site. These server logs are typically retained for a short period for troubleshooting and security monitoring, and then automatically deleted.

Once the retention period expires or the purpose of data collection has been fulfilled, we will either securely delete or anonymise your personal data so that it can no longer be associated with you. If for technical reasons (for example, data stored in backups) we cannot immediately delete certain information, we will take appropriate measures to prevent any further use of that data.

Your Data Rights and Choices

You have rights regarding your personal data, and we are committed to honouring them. Depending on the laws applicable to your region (such as the UK Data Protection Act 2018, UK GDPR, EU GDPR, or other privacy regulations), your rights may include:

  • Right to Access: You have the right to request confirmation of whether we process your personal data and to request a copy of the personal data we hold about you, as well as information about how we process it.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it.
  • Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data where, for example, it is no longer necessary for the purposes for which it was collected, you withdraw consent (where consent was the legal basis), you successfully object to processing (where applicable), or we are required to delete it to comply with a legal obligation.
  • Right to Data Portability: Where applicable, you have the right to request that we provide personal data you have provided to us in a commonly used, machine-readable format, and to have it transmitted to a third party where technically feasible. This typically applies where processing is based on your consent or a contract and is carried out by automated means.
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances, particularly where we rely on legitimate interests as the legal basis for processing. You also have the right to object at any time to processing for direct marketing (if we were to conduct it). Where you object, we will assess your request and stop processing unless we have compelling legitimate grounds or the processing is required for legal claims.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations -for example, while we are verifying accuracy, assessing an objection, or where processing is unlawful, but you prefer restriction instead of deletion.
  • Right to Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew it. If you withdraw consent, we may be unable to provide certain features or services that depend on that processing.

Exercising Your Rights: If you wish to exercise any of these rights, please contact us using the details in the Contact Us section below. For security, we may need to verify your identity before fulfilling your request. We will respond as soon as possible and, in any event, within the timeframe required by law (generally within one month for UK/EU requests, with the possibility of extension for complex requests).

There are some exceptions and limitations to these rights. For example, we may need to retain certain information to comply with legal obligations, establish or defend legal claims, or for security and fraud-prevention purposes. If we cannot fulfil your request in whole or in part, we will explain why, subject to any legal restrictions.

Cookies and Analytics Choices: As noted above, you can control cookies through your browser settings. You may also opt-out of certain analytics tracking (for instance, Google Analytics offers a browser add-on to opt out of its tracking). See our Cookies section for more about managing cookie preferences.

Complaints: We endeavour to address all inquiries and complaints promptly and transparently. However, if you believe we have not handled your personal data properly or have not respected your rights, you have the right to lodge a complaint with a supervisory authority. If you are in the UK, this would be the Information Commissioner’s Office (ICO). If you are in another country, you can contact your national data protection authority.

Data Security

We take the security of your personal data very seriously. GRITFIT.AI implements appropriate technical and organisational measures to protect your information from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Our website is secured via HTTPS, which means data transmitted between your browser and our site is encrypted in transit. Sensitive information (such as passwords) is additionally hashed or encrypted before being stored. For instance, your account password is stored in encrypted (hashed) form and not in plain text.
  • Secure Infrastructure: We rely on Firebase and other cloud services that employ state-of-the-art security practices, including firewalls, intrusion detection systems, and regular security audits. Firebase data is stored in secure data centres with strict controls. We also apply access controls so that only authorised personnel and service processes can access the data necessary for their role.
  • Access Controls: Personal data at GRITFIT.AI is accessible only to those team members or service providers who need it to perform their duties (for example, support staff helping you with an issue). All staff are bound by confidentiality obligations and trained in data protection best practices.
  • Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks. We keep our software and platforms updated with the latest security patches. We may also perform periodic security testing or audits to ensure our safeguards remain effective.
  • Anonymisation: Where possible, we use data anonymisation or pseudonymisation techniques. For example, as mentioned, we anonymise IP addresses used in spam detection, and we may store analytics data in an aggregated form that does not directly identify individuals.

Despite our efforts, please be aware that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data with commercially acceptable means, we cannot guarantee absolute security. You can also play a part in keeping your data safe: please use a strong, unique password for your GRITFIT.AI account and notify us immediately if you suspect any unauthorised access to your account or any security breach.

If, in the unlikely event, a data breach occurs that affects your personal data, we will notify you and the relevant authorities as required by law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top of this policy. If any material changes are made, we will take additional steps to inform you, such as posting a prominent notice on our website or contacting you via email (if appropriate and we have your email address).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect. Your continued use of the GRITFIT.AI website after any changes to this Privacy Policy constitutes acceptance of those changes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us. We are here to help and address any issues you may have. You can reach us by:

We will gladly assist with enquiries about your data, including requests to access or delete your information, or general questions about our privacy practices. Your privacy is important to us, and we welcome your feedback.

Thank you for trusting GRITFIT.AI with your fitness journey. We are committed to keeping your personal information safe and using it responsibly in line with this Privacy Policy.

Scroll to Top