GDPR Compliance Statement

This GDPR Compliance Statement explains how FitAzi respects your privacy rights and maintains compliance with the European Union's General Data Protection Regulation (GDPR) and similar data protection regulations worldwide.

1. Data Controller

FitAzi, registered in Romania, is the data controller responsible for your personal data when you use our services. For any data protection inquiries, you can contact us at:

• Email: office@fitazi.app

2. What Data We Do NOT Store

FitAzi is designed with privacy in mind. We do NOT collect or store:

• ✗ Personal identification information - such as full name, address, or government IDs
• ✗ Sensitive health data - such as medical records, detailed health conditions, or biometric data
• ✗ Payment information - credit card numbers, bank account details, or billing addresses are handled exclusively by third-party payment processors (Apple, Google, Stripe)
• ✗ Location tracking data - we do not continuously track or store your location
• ✗ Social media credentials - we do not access or store your social media passwords or authentication tokens
• ✗ Contacts or phone data - we do not access your device contacts, call logs, or SMS messages

3. Minimal Data Collection

To provide our AI-powered fitness and nutrition services, we may collect only the following minimal, non-personal data:

• Email address - solely for account creation, login authentication, and essential service communications
• Anonymous usage analytics - aggregated, non-identifiable data about app feature usage to improve our services
• Device type and OS version - to ensure app compatibility and optimize performance
• Transaction records - only subscription status and transaction IDs (not payment details) to manage your access to premium features

This data is collected on a need-to-know basis and is never shared with third parties for marketing purposes.

4. Your GDPR Rights

Under GDPR, you have the following rights regarding your data:

• Right to Access - You can request a copy of any data we hold about you (which is minimal, as stated above)
• Right to Rectification - You can request correction of any inaccurate data
• Right to Erasure ("Right to be Forgotten") - You can request deletion of your account and any associated data at any time
• Right to Restriction - You can request that we limit how we use your data
• Right to Data Portability - You can request your data in a machine-readable format
• Right to Object - You can object to certain types of data processing
• Right to Withdraw Consent - You can withdraw consent for data processing at any time

To exercise any of these rights, please contact us at office@fitazi.app. We will respond to your request within 30 days as required by GDPR.

5. Legal Basis for Processing

When we process the minimal data described above, we do so under the following legal bases:

• Contractual Necessity - To provide you with the FitAzi service you signed up for
• Legitimate Interest - To improve our services, prevent fraud, and ensure security
• Consent - Where required, we obtain your explicit consent before processing any optional data

6. Data Security

We implement industry-standard security measures to protect the minimal data we collect:

• End-to-end encryption for data transmission
• Secure authentication protocols
• Regular security audits and updates
• Access controls limiting who can access data
• Compliance with PCI-DSS standards for payment processing (handled by third parties)

7. Third-Party Services

FitAzi uses the following trusted third-party services that may process limited data on our behalf:

• Apple App Store & Google Play Store - for app distribution and payment processing (subject to their respective privacy policies)
• Stripe - for secure payment processing (PCI-DSS Level 1 compliant)
• Cloud Infrastructure Providers - for secure server hosting with data encryption

We ensure that all third-party processors are GDPR-compliant and have appropriate data protection agreements in place.

8. International Data Transfers

If we transfer data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or certifications like the EU-US Data Privacy Framework.

9. Data Retention

We retain your minimal account data only for as long as necessary to provide our services or as required by law:

• Active account data is retained while your account is active
• Upon account deletion, we remove all associated data within 30 days
• Anonymous analytics data may be retained indefinitely in aggregated form
• Transaction records may be retained for up to 7 years for legal and tax compliance

10. Children's Privacy

FitAzi does not knowingly collect personal data from children under 13 years of age without parental consent. If we become aware that we have collected data from a child under 13 without verification of parental consent, we will delete that information immediately.

11. Cookie Policy

Our website uses minimal cookies and similar technologies:

• Essential cookies - necessary for website functionality (session management, authentication)
• Analytics cookies - anonymous usage data to improve our services (you can opt out)

We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

13. Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated statement on this page and updating the "Last updated" date.

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For users in Romania, the supervisory authority is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

Website: www.dataprotection.ro

15. Contact Us

If you have any questions about this GDPR Compliance Statement, how we handle your data, or wish to exercise your GDPR rights, please contact us:

• Email: office@fitazi.app
• Subject line: "GDPR Request" or "Data Protection Inquiry"