Privacy Policy
Last Updated: May 7, 2026 · Effective Date: March 9, 2026
GoldBits LLC (“Company,” “we,” “us,” or “our”) operates the OneFit AI mobile application (“App”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App and related services (collectively, the “Service”).
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
Account Information
- Email address
- Display name (optional)
- Profile photo (optional)
- Authentication data from third-party sign-in providers (Apple Sign-In)
Physical and Health Information
- Date of birth, gender
- Height, weight, body fat percentage
- Physical injuries and limitations
- Fitness experience level and activity level
- Body measurements you log over time (e.g., weight progression)
Apple Health and Apple Watch (Optional)
If you grant permission and use the Apple Watch companion app, we may access the following data through Apple HealthKit:
- Heart rate during workouts
- Calories burned during active workout sessions
- Workout duration and metadata
HealthKit data is used solely to enrich your workout records and is never shared with third parties for advertising. You can revoke HealthKit permissions at any time via iOS Settings → Privacy & Security → Health.
Fitness Goals and Preferences
- Primary and secondary fitness goals
- Target weight and body composition goals
- Workout preferences (duration, frequency, types, equipment)
- Exercise restrictions and disliked exercises
Nutrition Information
- Dietary restrictions and food allergies
- Calorie and macronutrient targets
- Meal logs and food entries
- Meal photos uploaded for AI scanning
Workout Data
- Workout logs (exercises, sets, reps, weight)
- Workout completion history and duration
- Personal records and favorites
Communications
- AI Coach conversation messages (text)
- Feedback, bug reports, and support requests
Voice Input (Optional)
When you use voice features (e.g., voice meal logging or speaking to the AI Coach):
- Audio is captured momentarily for speech-to-text conversion
- Speech recognition is performed on-device using Apple's speech framework
- The original audio is never transmitted to our servers or stored
- Only the transcribed text is sent to our backend (covered above under “AI Coach conversation messages” and meal logs)
Search History
- Exercise searches within the workout builder
- Food and meal database searches
Search history is stored on your account to power features like recent searches and personalized suggestions.
1.2 Information Collected Automatically
Device and Usage Information
- Device type, model, and operating system version
- App version and build number
- Usage patterns and feature interactions
- Crash reports and performance data
- Push notification tokens
Analytics Data
- Screen views and navigation patterns
- Feature usage frequency
- Session duration and engagement metrics
We do not collect precise location data, contacts, or call logs.
1.3 Information from Third Parties
- Apple Sign-In: Name and email (as authorized by you)
- Apple App Store: Subscription and purchase status
2. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and operate the Service | Account, fitness profile, workout/nutrition data | Performance of contract |
| Generate AI workouts and coaching | Fitness profile, preferences, conversation history | Performance of contract |
| Analyze meal photos for nutrition | Meal photos, dietary context | Performance of contract |
| Process subscriptions and payments | Account info, purchase data (via Apple) | Performance of contract |
| Send push notifications | Push tokens, preferences | Consent |
| Analyze usage and improve the Service | Device info, analytics data | Legitimate interest |
| Detect and prevent fraud | Account info, usage patterns | Legitimate interest |
| Diagnose crashes and performance issues | Crash reports, device info | Legitimate interest |
We do not sell your personal information to third parties.
3. How We Share Your Information
We share your information only in the following circumstances:
3.1 Third-Party Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, fitness data, meal photos, workout logs |
| OpenAI / Anthropic / OpenRouter | AI coaching, workout generation, meal scanning | Fitness profile (anonymized), messages, meal photos. No names, emails, or account IDs |
| Amplitude | Product analytics | Anonymized usage events, session data |
| Firebase (Google) | Analytics, crash reporting | Anonymized usage events, crash logs, device info |
| New Relic | Performance monitoring | Performance metrics, error logs |
| Apple | In-App Purchases, push notifications | Purchase receipts, push tokens |
3.2 Legal Requirements
We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
4. AI Data Processing
4.1 What Data is Sent to AI Providers
- AI Coach: Your fitness profile (goals, experience, preferences), conversation history (up to 10 recent messages), and local date/timezone
- AI Workouts: Your fitness profile, equipment availability, workout preferences, and exercise restrictions
- Meal Scanning: Your meal photo (as image data) and meal type
4.2 What is NOT Sent
We do not send your name, email address, account ID, or any other personally identifiable information to AI providers. Fitness profile data is sent as context parameters only.
4.3 AI Provider Data Practices
Our AI providers (OpenAI, Anthropic, OpenRouter) process data according to their respective privacy policies. As of our last review, OpenAI does not use API data to train its models. We select providers and configurations that prioritize data privacy.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Fitness profile and preferences | Until you delete your account |
| Workout and nutrition logs | Until you delete your account |
| AI Coach conversations | Until you delete your account |
| Analytics data | 24 months from collection |
| Crash reports | 12 months from collection |
When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes).
6. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest
- Secure authentication (including third-party sign-in)
- Row-level security on database tables
- Access controls and least-privilege principles
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
7.1 All Users
Regardless of your location, you have the right to:
- Access your personal data through the App
- Update your profile and preferences at any time
- Delete your account and associated data from within the App
- Opt out of push notifications via device settings
- Opt out of analytics data collection via App privacy settings
7.2 European Economic Area (EEA) and UK Residents (GDPR)
If you are in the EEA or UK, you also have the right to:
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data (“right to be forgotten”)
- Restriction: Request limitation of data processing
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent at any time (without affecting prior processing)
- Lodge a complaint: File a complaint with your local data protection authority
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
Data Controller: GoldBits LLC, 30 N Gould St, Ste N, Sheridan, WY 82801, United States
7.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Delete your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
8. International Data Transfers
Your information may be transferred to and processed in the United States, where our servers and service providers are located. If you are located outside the United States, you consent to the transfer of your data to the United States.
For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards for international data transfers where required by law.
9. Children’s Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will promptly delete it. If you believe a child under 16 has provided us with personal information, please contact us at [email protected].
10. Push Notifications
We may send push notifications for workout reminders, meal logging reminders, progress updates, and important service announcements. You can disable push notifications at any time through your device settings. Disabling notifications does not affect your ability to use the Service.
11. Cookies and Tracking
The App does not use browser cookies. Our analytics providers (Amplitude, Firebase) use device identifiers and SDK-based tracking to collect usage data. You can opt out of analytics data collection via the App's privacy settings.
We do not track users across third-party apps or websites for advertising purposes.
12. Third-Party Links
The App may contain links to third-party websites or services (e.g., our feedback board, Discord community). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or by other reasonable means. The “Last Updated” date at the top of this policy indicates when the latest revisions were made. Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
GoldBits LLC
30 N Gould St, Ste N
Sheridan, WY 82801
Email: [email protected]
For GDPR-related inquiries, you may also contact your local data protection authority.