Privacy Policy
Effective date: April 1, 2026
Last updated: April 1, 2026
About This Policy
This Privacy Policy explains how Solo Innovations LLC (“Solo Innovations,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Solo Fitness mobile application (“Solo Fitness” or “the app”). Solo Innovations LLC is the data controller responsible for your personal data.
This policy applies to all users, including residents of the European Union/European Economic Area, California, Washington State, and all other jurisdictions with applicable privacy laws.
Solo Innovations LLC Seattle, Washington, United States Email: privacy@soloinnovationshq.com
Information We Collect
Account and Profile Information
When you create an account, we collect:
- Registration data — your email address, display name, and authentication credentials (via email/password, Apple Sign-In, or Google OAuth).
- Profile data — your age, date of birth, gender, height, weight, city, country, bio, and profile photo.
- Preferences — dietary preferences, measurement units, language, theme, notification settings, and privacy settings.
Health and Fitness Data (Sensitive Data)
With your explicit permission, we collect health and fitness data from Apple HealthKit (iOS) and Google Health Connect (Android), including:
- Activity — steps, active calories, basal calories, workouts, and physical effort.
- Cardiovascular — heart rate, resting heart rate, heart rate variability (HRV), heart rate recovery, heartbeat series (R-R intervals), and blood pressure.
- Sleep — sleep stages (awake, light, deep, REM), sleep duration, breathing disturbances, and sleep efficiency.
- Respiratory and oxygen — blood oxygen saturation (SpO2), respiratory rate, and wrist temperature.
- Body composition — body weight, body fat percentage, lean body mass, BMI, waist circumference, and height.
- Fitness metrics — VO2 max, running power, ground contact time, vertical oscillation, stride length, and walking steadiness.
- Reproductive health — menstrual flow tracking and ovulation test results.
- Other — mindfulness sessions, UV exposure, electrodermal activity, and caffeine and water intake.
We also write certain data back to HealthKit/Health Connect with your permission, including workout sessions, active calories, distance, water intake, caffeine, menstrual flow, and mindfulness sessions.
Data from Connected Devices
If you connect third-party devices, we sync data from their official APIs:
- Oura Ring — daily activity, readiness, sleep, heart rate, SpO2, and stress.
- Garmin — daily activity, sleep, stress, body composition, SpO2, and respiratory data.
- WHOOP — recovery, sleep, workouts, heart rate, HRV, SpO2, wrist temperature, and body measurements.
Device sync occurs automatically every 30 minutes via our servers. You can disconnect at any time.
Location Data (Sensitive Data)
- Workout GPS tracking — when you record a distance-based workout (running, cycling, hiking, etc.), we collect GPS coordinates including latitude, longitude, altitude, and speed. This includes background location while a workout is actively in progress, so tracking continues if you switch apps.
- Weather — we request a single approximate location reading to provide weather-based workout recommendations. This reading is not stored.
GPS route data is stored with your workout record. You control whether workouts are public or private.
Nutrition Data
- Food photos — images you capture or select for AI-powered food scanning. These images are stored in our cloud storage.
- Menu photos — images of restaurant menus for AI-powered menu analysis.
- Meal logs — food names, calories, and macronutrient data you log manually or via scanning.
- Barcode scans — barcode numbers scanned for nutrition lookups. Only the barcode string is processed; no image is stored.
- Fasting sessions — schedule type, duration, and status.
- Water intake — daily hydration logs.
Social and Communication Data
- Posts and comments — content you share in the social feed, including text and photos (Fit Checks).
- Direct messages — messages you send in conversations and group chats.
- Community data — guild membership, accountability pacts, and group challenges.
Journal and Wellness Data
- Journal entries — free-text notes, mood scores, energy scores, and daily wellness check-ins (soreness, stress, and other self-reported items).
Device and Technical Information
- Device identifiers — a vendor-specific identifier (IDFV on iOS, Android ID on Android) used solely for subscription trial enforcement.
- Push notification tokens — device tokens for delivering notifications via Apple Push Notification Service or Expo Push Service.
- Error logs — device model, operating system version, app version, screen name, and crash/error data for troubleshooting. Client IP addresses are hashed (SHA-256) and never stored in raw form.
Subscription and Payment Data
- Subscription status — your plan tier (Free, Pro, or Elite), trial status, and renewal state. Payment processing is handled entirely by Apple App Store or Google Play Store. We do not collect or store credit card numbers or payment method details.
- RevenueCat — we use RevenueCat to manage subscription state. Your anonymous user ID and entitlement status are shared with RevenueCat.
How We Use Your Information
We use your information for the following purposes, along with the legal basis for each (as required by GDPR):
| Purpose | Legal Basis |
|---|---|
| Provide and maintain your Solo Fitness account and core features | Performance of contract |
| Sync and display health, fitness, and workout data | Performance of contract; your explicit consent (for sensitive data) |
| Power AI-driven coaching, recommendations, and health pattern detection | Your explicit consent |
| Scan food and menu images for nutritional analysis | Performance of contract; your explicit consent |
| Track workouts with GPS route mapping | Your explicit consent |
| Sync data with Oura, Garmin, and WHOOP | Your explicit consent |
| Send notifications about goals, streaks, and achievements | Legitimate interest; your consent (for marketing) |
| Moderate social content for safety | Legitimate interest |
| Process subscriptions and manage billing status | Performance of contract |
| Diagnose bugs and improve app stability via error logs | Legitimate interest |
| Improve the app and develop new features | Legitimate interest |
| Respond to support requests | Performance of contract |
| Comply with legal obligations | Legal obligation |
How We Use Artificial Intelligence
Solo Fitness uses AI to provide personalized coaching, workout recommendations, health pattern detection, nutrition analysis, and food/menu scanning.
What data AI receives
To generate personalized responses, our AI features send a context summary to our AI provider that may include:
- Your display name, age, gender, fitness level, and dietary preferences.
- Recent workout data (type, duration, calories, heart rate, exertion).
- Recent sleep data (duration, stages, sleep score, efficiency).
- Recent daily metrics (steps, resting heart rate, HRV, recovery score).
- Recent meal logs (meal type, calories, macronutrients).
- Journal entries (mood, energy, and free-text notes you write).
- Menstrual cycle phase (if cycle tracking is enabled).
- Training plans and exercise history.
- Food or menu images you submit for scanning.
Important: This data includes personally identifiable and sensitive health information. It is sent securely to our AI provider to generate responses tailored to you.
AI providers
- Google Gemini — powers all AI coaching, workout analysis, nutrition analysis, food/menu image scanning, plan generation, health pattern detection, and personalized recommendations.
- OpenAI — used solely for automated content moderation of social posts and Fit Check photos before they are published.
AI data protections
- Your data is NOT used to train AI models. Our agreements with AI providers prohibit the use of your data for model training.
- AI responses are cached temporarily (up to 48 hours) to reduce redundant processing, then deleted.
- You can opt out of AI-powered features at any time in your app settings. Opting out will limit personalized coaching and recommendation features.
Third-Party Services
Solo Fitness integrates with the following third-party services. We share only the minimum data necessary for each service to function. We do not sell your personal data to any third party.
| Service | Data Shared | Purpose |
|---|---|---|
| Supabase | All core app data | Database hosting, user authentication, file storage, real-time features |
| Google Gemini AI | Health context, journal notes, food/menu images (see AI section above) | AI-powered coaching, analysis, and recommendations |
| OpenAI | Social post text and photo URLs | Automated content moderation |
| RevenueCat | Anonymous user ID, subscription status | Subscription and entitlement management |
| Apple HealthKit | Health and fitness data (with your permission) | Bidirectional health data sync |
| Google Health Connect | Health and fitness data (with your permission) | Bidirectional health data sync (Android) |
| Oura, Garmin, WHOOP | OAuth tokens; receives fitness/recovery data | Device data synchronization |
| Expo Push Service | Push tokens, notification content | Delivering push notifications |
| USDA FoodData Central | Food name search queries (not linked to your identity) | Nutrition database lookups |
| Open Food Facts | Barcode numbers (not linked to your identity) | Barcode-based nutrition lookups |
| OpenWeatherMap | Approximate GPS coordinates (rounded to 0.1 degree) | Weather data for workout recommendations |
| Apple Maps / Google Maps | Map tile requests (standard, via device) | Displaying workout routes and heatmaps |
| Apple Sign-In / Google OAuth | Authentication tokens | Account sign-in |
| Resend | Username, support ticket category, and description | Sending admin notification emails for support tickets |
Apple HealthKit Data
Solo Fitness accesses Apple HealthKit data with your explicit permission. Our use of HealthKit data is strictly governed by Apple’s guidelines:
- HealthKit data is used solely to provide app functionality, including workout tracking, health analytics, and personalized recommendations.
- HealthKit data is NEVER sold to third parties.
- HealthKit data is NEVER used for advertising or marketing.
- HealthKit data is NEVER shared with third parties except as explicitly described in this policy for the purpose of providing core app functionality.
- HealthKit data is stored securely and encrypted in transit using TLS 1.2 or higher.
Data Security
We implement technical and organizational measures to protect your personal data:
- Encryption in transit — all data transmitted between the app and our servers uses TLS 1.2 or higher.
- Encryption at rest — sensitive data including OAuth tokens and authentication credentials are encrypted at rest using pgcrypto.
- Access controls — database access is restricted through row-level security policies. Sensitive tables (device integration tokens, authentication tokens, audit logs) are accessible only to server-side service roles, not directly by users.
- IP hashing — client IP addresses in error and audit logs are stored as SHA-256 hashes, not in raw form.
- EXIF stripping — food and profile photos are processed with EXIF metadata (including embedded GPS coordinates) stripped before upload.
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
International Data Transfers
Solo Fitness is operated from the United States. If you are located in the European Union, European Economic Area, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States.
We rely on the following safeguards for international data transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with third-party service providers.
- Your explicit consent where applicable, particularly for the transfer of sensitive health data for AI processing.
By using Solo Fitness, you acknowledge that your data will be processed in the United States, where data protection laws may differ from those in your jurisdiction.
Data Retention and Deletion
| Data Type | Retention Period |
|---|---|
| Account and profile data | Retained while your account is active |
| Health, fitness, and workout data | Retained while your account is active |
| Food scan images | Retained while your account is active |
| AI coaching conversations | Automatically deleted after 21 days |
| AI cache responses | Automatically expire after 48 hours |
| Error logs | Retained for up to 90 days, then deleted |
| Login audit logs | Retained for up to 30 days, then deleted |
| Subscription event logs | Retained for up to 90 days, then deleted |
Account deletion
You can delete your account at any time from within the app. Upon deletion:
- All personal data is permanently removed from our database and storage within 30 days.
- Apple Sign-In tokens are revoked with Apple’s servers.
- Photos (profile, food scans, social posts) are deleted from cloud storage.
- An audit record of the deletion is retained for compliance purposes.
You can also request deletion by emailing privacy@soloinnovationshq.com.
Data export
You can export all your personal data in a portable, machine-readable JSON format from within the app, in accordance with your right to data portability.
Your Privacy Rights
Depending on your jurisdiction, you have some or all of the following rights regarding your personal data:
- Right to access — request a copy of the personal data we hold about you.
- Right to correct — request correction of inaccurate or incomplete personal data.
- Right to delete — request that we delete your personal data.
- Right to portability — receive your data in a structured, commonly used, machine-readable format.
- Right to restrict processing — request that we limit how we process your data under certain conditions.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — withdraw your consent for any consent-based processing at any time, without affecting the lawfulness of processing performed before withdrawal.
- Right to opt out of sale/sharing — opt out of the sale or sharing of your personal information. We do not sell or share your personal information for cross-context behavioral advertising.
- Right to limit use of sensitive data — request that we limit our use of your sensitive personal information to what is necessary to provide the services.
- Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights.
How to exercise your rights
- In the app — use the data export and account deletion features in Settings.
- By email — contact us at privacy@soloinnovationshq.com.
We will respond to verified requests within 30 days (or 45 days if we notify you of an extension). If we deny a request, you may appeal by contacting us at the same email address, and we will respond to the appeal within 60 days.
Universal opt-out signals
We honor the Global Privacy Control (GPC) signal. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request under applicable laws, including the California Consumer Privacy Act and other state privacy laws that recognize universal opt-out mechanisms.
Washington My Health My Data Act (MHMDA)
As a Washington State company that collects consumer health data, we comply with the Washington My Health My Data Act. The following disclosures apply:
For complete disclosures required by the Washington My Health My Data Act, see our standalone Consumer Health Data Privacy Policy.
- Consumer health data we collect: biometric data (heart rate, HRV, SpO2, blood pressure, respiratory rate, body composition, wrist temperature, electrodermal activity), reproductive health data (menstrual cycle, ovulation), sleep data, fitness data, nutrition data, location data collected during health-related activities, and journal entries related to wellness.
- Purposes: We collect and use consumer health data to provide personalized fitness coaching, health analytics, workout tracking, and nutritional analysis as part of the Solo Fitness service.
- Consent: We obtain your separate, affirmative consent before collecting consumer health data and before sharing it with third parties (such as AI providers for coaching features).
- We do not sell consumer health data. We do not exchange your health data for monetary or other valuable consideration.
- Geofencing: We do not use geofencing technology around healthcare facilities to identify, track, collect data from, or send notifications or advertisements to consumers.
To exercise your rights under MHMDA, contact us at privacy@soloinnovationshq.com.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Categories of personal information collected: identifiers, personal records, protected classifications, commercial information, biometric information, geolocation data, internet activity, sensory data (photos), professional or employment-related information (fitness level), inferences, and sensitive personal information (health data, precise geolocation, account credentials).
- We do not sell your personal information. We have not sold personal information in the preceding 12 months.
- We do not share your personal information for cross-context behavioral advertising.
- Sensitive personal information is used only as necessary to provide the services you request. You may limit our use of sensitive personal information through your app settings or by contacting us.
- Automated decision-making: Solo Fitness uses AI to generate personalized coaching recommendations, workout suggestions, and health pattern insights. These are advisory and do not produce legal or similarly significant effects. You can opt out of AI-powered features in your app settings.
European Privacy Rights (GDPR)
If you are located in the European Union or European Economic Area, the following additional disclosures apply under the General Data Protection Regulation:
- Data controller: Solo Innovations LLC, Seattle, Washington, United States.
- Legal bases: We process your personal data based on performance of a contract (core app features), your explicit consent (health data, location data, AI features), legitimate interest (error logging, app improvement, content moderation), and legal obligation (compliance with applicable laws).
- Sensitive data: Health data, reproductive health data, and precise location data are processed only with your explicit consent, which you may withdraw at any time.
- Data retention: See the Data Retention section above.
- International transfers: See the International Data Transfers section above.
- Your additional rights include the right to lodge a complaint with your local data protection supervisory authority.
- Automated decision-making: We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you. AI features provide advisory recommendations only.
Children’s Privacy
Solo Fitness is not intended for children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete that information promptly.
If you believe a child under 16 has provided us with personal data, please contact us at privacy@soloinnovationshq.com.
Data Breach Notification
In the event of a data breach that affects your personal data, we will:
- Notify affected users without undue delay (and within 72 hours where required by GDPR).
- Notify relevant supervisory authorities as required by applicable law.
- Provide information about the nature of the breach, the data affected, and the steps we are taking to address it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the “Effective date” and “Last updated” date at the top of this page.
- Notify you via in-app notification or email before the changes take effect.
Your continued use of Solo Fitness after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you may delete your account.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: privacy@soloinnovationshq.com
- Company: Solo Innovations LLC, Seattle, Washington, United States
If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.