Privacy Policy - SetVita

Introduction

SetVita ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

Please read this Privacy Policy carefully. By using SetVita, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

Account Information: Email address and password when you create an account
Profile Information: Name, body weight, and fitness preferences (optional)
Workout Data: Exercises, sets, reps, weights, workout history, routines, and programs you create or use
User Content: Custom exercises, notes, and any other content you create within the app

Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers
Usage Data: App features used, session duration, crash reports
Log Data: IP address, browser type, access times

Information from Third Parties

Import Data: Workout history from other fitness apps you choose to import

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Sync your workout data across your devices
Calculate statistics, personal records, and progress analytics
Enable sharing features (when you choose to share routines)
Send important notifications about your account or the Service
Respond to your requests and provide customer support
Monitor usage patterns to improve the app experience
Display advertisements (for free users)
Detect, prevent, and address technical issues

Sensitive Data and Health Information

SetVita collects fitness and workout data that may be considered health-related information under certain privacy laws, including GDPR (as "special category data") and CCPA/CPRA (as "sensitive personal information"). This includes:

Body weight and body measurements
Exercise performance data (weights lifted, reps completed, distances covered)
Workout frequency and duration patterns
Personal records and fitness progress metrics
Any pregnancy-related exercise modifications or tracking

We treat all fitness and workout data with heightened protection. We obtain your explicit consent before collecting this data, limit its use to providing the Service, and do not sell or share this sensitive information for advertising purposes.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal bases under GDPR:

Consent (Article 6(1)(a) and Article 9(2)(a))

Health and fitness data: We rely on your explicit consent to process workout data, body measurements, and other health-related information. You provide this consent when you create an account and enter this data.
Marketing communications: If we send promotional emails, we obtain your prior consent.
Personalized advertising: AdMob personalized ads require your consent via the app's consent dialog.

Contract Performance (Article 6(1)(b))

Account information: Processing your email and password to create and maintain your account.
Core service functionality: Storing and syncing your workouts, routines, and exercises across devices.
Subscription management: Processing subscription status to provide ad-free experience.

Legitimate Interest (Article 6(1)(f))

Security and fraud prevention: Monitoring for unauthorized access and protecting our Service.
Service improvement: Analyzing aggregated, anonymized usage patterns to improve the app (with opt-out available in settings).
Bug detection and crash reporting: Collecting error logs to maintain app stability.
Customer support: Responding to your inquiries and resolving issues.

For legitimate interest processing, we have conducted balancing tests to ensure our interests do not override your fundamental rights. You may object to legitimate interest processing at any time by contacting us.

Legal Obligation (Article 6(1)(c))

Compliance with laws: Responding to lawful requests from authorities and complying with tax, accounting, and regulatory requirements.

Withdrawing Consent

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. To withdraw consent, use the in-app settings or contact us at privacy@setvita.app.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We use third-party services to help operate our Service:

Firebase (Google): Authentication, database, cloud storage, and mobile app analytics
Google Analytics: Website analytics to understand visitor behavior and improve our website (see detailed disclosure in "Cookies, Tracking Technologies" section)
Google AdMob: Advertising services (for free users)
Crash reporting services (Sentry): To identify and fix bugs

Other Disclosures

With Your Consent: When you explicitly choose to share data (e.g., sharing a routine link)
Legal Requirements: If required by law, regulation, or legal process
Safety: To protect the rights, property, or safety of SetVita, our users, or others

Advertising

SetVita displays advertisements to free users through Google AdMob. These ads help us cover hosting costs and keep the app free. AdMob may use cookies and similar technologies to serve relevant ads.

You can remove ads by purchasing an optional subscription. All features remain free regardless of whether you see ads.

For more information about Google's advertising practices, visit: Google Privacy Policy

Data Storage and Security

Your data is stored securely using Google Firebase infrastructure. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication through Firebase Authentication
Access controls limiting employee access to personal data
Regular security assessments of our systems
Firestore security rules restricting data access to authorized users

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting your personal information, we are committed to notifying affected users and relevant authorities as required by applicable laws.

Our Breach Response

Detection and Assessment: We will promptly investigate any suspected breach to determine the scope and impact.
Containment: We will take immediate steps to contain the breach and prevent further unauthorized access.
Notification to Users: If the breach is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay—and within 30 days of discovery for California residents, as required by California law effective January 1, 2026.
Notification to Authorities: Where required by law, we will notify relevant data protection authorities (within 72 hours for GDPR, and to state attorneys general as required by state laws).
Remediation: We will take steps to mitigate the impact and prevent future breaches.

What We Will Tell You

If we notify you of a breach, we will provide:

A description of the breach and the types of data affected
The likely consequences of the breach
Steps we are taking to address the breach
Recommendations for how you can protect yourself
Contact information for questions

Your Rights and Choices

Access and Export

You can access and export your workout data at any time through the app's export feature. We support JSON and CSV export formats.

Deletion

You can delete your account and all associated data at any time through the app settings. Account deletion is permanent and cannot be undone.

Correction

You can update your profile information and workout data directly within the app.

Opt-Out

Ads: Subscribe to remove advertisements
Analytics: You can opt out of analytics collection in app settings

GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

To exercise these rights, please contact us at privacy@setvita.app.

CCPA/CPRA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You can request what personal information we collect, use, disclose, and sell about you.
Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
Right to Correct: You can request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: You can opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You can limit how we use your sensitive personal information (including health and fitness data).
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at privacy@setvita.app or use the in-app privacy settings. We will respond to verifiable requests within 45 days.

Categories of Personal Information We Collect

Under CCPA/CPRA, we collect the following categories:

Identifiers: Email address, device identifiers, IP address
Personal Information (Cal. Civ. Code § 1798.80): Name (if provided)
Internet/Network Activity: App usage data, session information
Geolocation Data: General location derived from IP address (not precise GPS)
Sensitive Personal Information: Health and fitness data (workout records, body weight)
Inferences: Personal records, progress statistics derived from your workout data

Do Not Sell or Share My Personal Information

SetVita does not "sell" your personal information as defined under CCPA/CPRA. We do not exchange your data for monetary consideration.

Regarding "sharing" for advertising: When you use the free version of SetVita, we work with Google AdMob to display advertisements. AdMob may use device identifiers and usage data to serve personalized ads, which may constitute "sharing" under CPRA's broad definition.

Your Right to Opt Out

You have the right to opt out of the "sharing" of your personal information for cross-context behavioral advertising. You can do this by:

In-App Settings: Navigate to Settings > Privacy > Personalized Ads and disable personalized advertising
Subscribing: Paid subscribers do not see ads and their data is not shared with advertising partners
Contacting Us: Email privacy@setvita.app with the subject "Do Not Share My Information"

When you opt out, you will still see ads, but they will be non-personalized (contextual ads only).

Sensitive Personal Information

We only use your sensitive personal information (health and fitness data) to provide the core Service. We do not use sensitive personal information for advertising purposes or share it with third parties for their own purposes. You do not need to separately limit this use, as we already restrict it by default.

Global Privacy Control (GPC)

SetVita honors the Global Privacy Control (GPC) signal. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the "sale" or "sharing" of your personal information under applicable laws, including CCPA/CPRA, Colorado Privacy Act, Connecticut Data Privacy Act, and other state laws that recognize GPC.

When we detect a GPC signal:

We will not share your information with advertising partners for personalized ads
You will see non-personalized (contextual) advertisements only
Your preference will be applied to that browser or device session

To enable GPC, visit globalprivacycontrol.org for instructions on enabling GPC in your browser.

Children's Privacy

SetVita is not intended for children under 13 years of age (or under 16 in the EEA without parental consent). We do not knowingly collect personal information from children under these age thresholds.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at privacy@setvita.app. We will promptly delete such information from our systems.

Under CCPA/CPRA, personal information of consumers under 16 years of age is treated as sensitive personal information with additional protections.

Automated Decision-Making and Profiling

SetVita uses automated processing to provide certain features, but we do not make any decisions that produce legal effects or similarly significantly affect you based solely on automated processing.

How We Use Automated Processing

Personal Record (PR) Detection: We automatically calculate when you achieve a new personal record for an exercise. This is informational only and has no legal or significant effect on you.
Progress Statistics: We automatically generate charts and statistics from your workout data. These are for your information and motivation only.
Workout Suggestions: If we provide suggestions based on your history, these are recommendations only—you always have full control over your workouts.
Ad Personalization (AdMob): Google AdMob may use profiling to select relevant ads. This does not produce legal effects, and you can opt out of personalized ads in settings.

Your Rights

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Since SetVita does not make such decisions, this right does not apply to our core features. However, you can always contact us at privacy@setvita.app if you have concerns about any automated processing.

Cookies, Tracking Technologies, and Device Permissions

Mobile App Tracking

SetVita is primarily a mobile application. We and our third-party partners use the following technologies to collect information:

Device Identifiers: We collect your device's advertising identifier (IDFA on iOS, GAID on Android) for advertising purposes if you have not opted out. You can reset or limit ad tracking in your device settings.
Firebase Analytics: Collects anonymized usage data to help us understand how users interact with the app. You can opt out in app settings.
Crash Reporting (Sentry): Collects error data and device information when the app crashes to help us fix bugs.

Website Cookies

Our website (setvita.app) may use the following types of cookies:

Essential Cookies: Required for the website to function (e.g., session management). These cannot be disabled.
Analytics Cookies: Help us understand website traffic and usage patterns. We use Google Analytics as described below.
Preference Cookies: Remember your choices (e.g., consent preferences).

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies and similar technologies to collect and analyze information about how visitors use our website. This helps us understand visitor behavior, improve our website, and make informed decisions about our service.

Data Collected by Google Analytics

Google Analytics collects information such as:

Usage Data: Pages visited, time spent on pages, click behavior, navigation paths, and interaction with website elements
Device Information: Browser type and version, operating system, screen resolution, and device type (desktop, mobile, tablet)
Network Information: IP address (automatically anonymized), internet service provider, and general geographic location (country/city level)
Referral Information: The website you came from and search terms used to find our site
Cookie Data: Unique identifiers stored in first-party cookies (such as _ga, _gid, _gat) to distinguish users and sessions

How Google Uses This Data

Google Analytics processes the collected data on our behalf to:

Generate reports about website traffic, user engagement, and visitor demographics
Identify trends and patterns in how visitors use our website
Help us measure the effectiveness of our content and marketing efforts
Provide anonymized, aggregated statistics about website usage

IP Address Anonymization: Google Analytics 4 (GA4) automatically anonymizes IP addresses before processing, which means full IP addresses are never logged or stored. This helps protect your privacy and comply with data protection regulations.

Google's Use of Your Information

Google may use the data collected through Google Analytics in combination with data from other Google services to improve its own products and services. Google's data practices are governed by the Google Privacy Policy. We do not have control over how Google uses data beyond the analytics services provided to us.

Data Retention

Google Analytics data is retained for 26 months from the date of collection, after which it is automatically deleted. This retention period allows us to analyze long-term trends while respecting your privacy.

How to Opt Out of Google Analytics

You have several options to opt out of Google Analytics tracking:

Cookie Consent Banner: When you visit our website, you can click "Decline" on our cookie consent banner to prevent Google Analytics from tracking your visit.
Browser Settings: You can configure your browser to refuse all cookies or to alert you when cookies are being sent. Note that some website features may not function properly without cookies.
Google Analytics Opt-out Browser Add-on: Install the Google Analytics Opt-out Browser Add-on, which prevents Google Analytics JavaScript from sharing information with Google Analytics about your visit.
Ad Settings: Visit Google Ads Settings to manage your preferences for personalized advertising across Google services.

Legal Basis for Processing (EEA/UK Users)

For users in the European Economic Area (EEA) and United Kingdom, our legal basis for using Google Analytics is:

Consent: When you accept cookies through our consent banner, you provide explicit consent for us to use Google Analytics to track your website usage.
Legitimate Interests: We have a legitimate interest in understanding how visitors use our website to improve our services, provided this does not override your fundamental rights and freedoms.

Third-Party Cookies and Cross-Site Tracking

Google Analytics uses first-party cookies (set by setvita.app) to track your activity on our website. Google may combine this data with information from other websites you visit that also use Google Analytics or other Google services. We use Google Analytics for website analytics purposes only and do not enable Google Analytics Advertising Features on our website.

Additional Resources

How Google uses data when you use our partners' sites or apps
Google Analytics Data Privacy and Security
Firebase Privacy and Security (for mobile app analytics)

Third-Party Tracking

Google AdMob displays advertisements in the free version of SetVita and may use cookies and device identifiers to serve personalized ads. AdMob's data practices are governed by Google's Privacy Policy.

Firebase (Google) provides our backend services and may process data according to Firebase's Privacy and Security documentation.

Your Tracking Choices

iOS Users: You can enable "Limit Ad Tracking" or respond "Ask App Not to Track" when prompted (App Tracking Transparency).
Android Users: You can opt out of personalized ads in Settings > Google > Ads.
In-App Settings: Use Settings > Privacy to manage analytics and personalized advertising preferences.
Browser Settings: You can block or delete cookies through your browser settings. Note that blocking essential cookies may affect website functionality.

Do Not Track (DNT)

We honor Global Privacy Control (GPC) signals as described above. We currently do not respond to browser Do Not Track (DNT) signals, as there is no consistent industry standard for DNT. However, you can use the opt-out mechanisms described in this policy to control tracking.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods

Account Information (email, password hash): Duration of your account plus 30 days after deletion request to complete the deletion process.
Workout Data and Routines: Duration of your account. Deleted immediately upon account deletion.
Usage Analytics (anonymized): Up to 26 months, in accordance with Google Analytics data retention settings.
Crash Reports and Error Logs: Up to 90 days for debugging purposes.
Customer Support Communications: Up to 3 years after resolution for quality assurance and legal compliance.
Subscription and Payment Records: As required by tax and accounting laws (typically 7 years). Note: We do not directly process payments; Apple and Google handle payment details.
Legal Hold Data: If involved in litigation or legal proceedings, relevant data may be retained until the matter is resolved.

Account Deletion

You can delete your account at any time through the app settings (Profile > Settings > Delete Account). Upon deletion:

Your workout data, routines, and profile information will be permanently deleted within 30 days
Anonymized, aggregated data that cannot identify you may be retained for analytics
Backup copies may persist for up to 30 additional days before being purged from backup systems
Community Submissions that have been incorporated into the app library will remain (as stated in our Terms of Service)

International Data Transfers

SetVita uses Google Firebase services, which means your data may be transferred to and processed in the United States and other countries where Google operates data centers. These countries may have different data protection laws than your country of residence.

Transfer Mechanisms

When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by relevant authorities, we rely on the following legal mechanisms:

Standard Contractual Clauses (SCCs): Google Cloud (including Firebase) has implemented the European Commission's Standard Contractual Clauses for data transfers. You can review Google's data processing terms at Google Cloud Data Processing Addendum.
EU-U.S. Data Privacy Framework: Google LLC is certified under the EU-U.S. Data Privacy Framework, providing additional protection for transfers to the United States.
UK Extension to EU-U.S. Data Privacy Framework: For UK users, Google's certification extends to the UK International Data Transfer Agreement.

Your Rights Regarding Transfers

You have the right to request information about the specific safeguards applied to your data when transferred internationally. Contact us at privacy@setvita.app for more information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you through the app or via email.

Your continued use of SetVita after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@setvita.app
General inquiries: contact@setvita.app