PRIVACY POLICY

 

Privacy Policy FitnessRec

We, PARSREC YAZILIM LIMITED SIRKETI B BLOK, NO:4/4 ESREF DINCER MAHALLESI OZLEM SOKAK Gemlik 16000 Bursa Turkey, are committed to protecting privacy of users of the FitnessRec website, FitnessRec application(s), and/or other related services (hereinafter collectively the “FitnessRec Services” or the “Services”).

For the purposes of this Privacy Policy, PARSREC YAZILIM LIMITED SIRKETI is the “data controller” for all FitnessRec Services.

This Privacy Policy describes the types of personal and non-personal data we collect and how we use such data.  This Privacy Policy is part of our General Terms and Conditions and applies to all FitnessRec Services. Therefore, please make sure that you read and understand our Privacy Policy, as well as the General Terms and Conditions.

This Privacy Policy does not apply to any third-party websites, services or applications, even if they may be accessible through the FitnessRec Services.

By using any of the FitnessRec Services, you hereby warrant and represent that (i) you have read, understand and agree to this Privacy Policy, (ii) you are over 18 years of age (or are a parent or guardian with such authority to agree to this Privacy Policy for the benefit of an individual who is under 18 years of age). If you do not accept the terms set forth in this Privacy Policy and the consents associated therewith, please do not use our Services.

Last revised: December 2025

1. What types and categories of data we collect, process and use?

We collect, process and use personal and non-personal data.

1.1 Personal and non-personal data

The term “personal data” is defined by  the European General Data Protection Regulation (GDPR). You can think of your personal data as any data that allow you to be identified or that can be correlated to you.

On the other hand, “non-personal” data cannot be correlated to any specific person. By removing identifiable parts from and anonymizing personal data, personal data may be converted into “non-personal data.”

1.2 Data we collect, process and use

We collect, process and use three types of data:

• data you provide to us voluntarily,
• data we receive when you use our Services, and
• data we receive from third parties.

Typically, we collect, process and use the following categories of data:

• your name and address;
• your personal contact information (telephone, e-mail, fax, etc.);
• your username and password;
• your user profile data (e.g., workout schedule);
• your user preferences (e.g., preferred language settings);
• your IP address, operating system, browser type, browser version, browser configuration, name of Internet provider, and any other relevant information regarding your computer and Internet connection in order to identify the type of your device, to connect you to the website, to exchange data with your (mobile) terminal device, or to ensure proper use of the website and an FitnessRec application;
• the URL and IP address of the website from which you access our website or from which you are transferred to our website, including date and time;
• any pages of our website on which you click during your visit, and any links on our website on which you click, including date and time;
• the entire Uniform Resource Locator (URL) clickstream regarding, through, and from the website, including date and time;
• your service inquiries and your orders;
• your transaction history, including open and completed transactions;
• search terms you input in relation to or within our Services;
• information regarding your orders and payments;
• information collected by cookies or similar technologies (as explained below);
• your survey answers, critiques, evaluations, or other responses;
• the content of all messages sent through the website or an FitnessRec application, including information uploaded to social networks through the website or an FitnessRec application or otherwise shared with us and/or other users, as well as chat messages and chat logs;
• information about workouts you upload or download using an FitnessRec application;
• your newsletter subscriptions;
• any consents you have given us;
• any other information input or uploaded by you through the website or an FitnessRec application (e.g., information you provide when completing an online form, photos you upload); or
• data we receive when you log in through social media (e.g., if you log in with Facebook).

2. How is data collected?

Personal data is collected by us only if you provide such data to us on your own initiative by choosing to use our Services. To be able to use our Services, you must register your account with us.

2.1 Login

You may create an FitnessRec user account through our login system. Following registration, you will be able to use your user account to subscribe to all FitnessRec Services. To register, you must provide us with at least the following information:

• first and last name,
• e-mail address, and
• password

Before completing the registration process, you must confirm that you have read our Privacy Policy and accept our General Terms and Conditions.

2.2 Adding information to your user profile

FitnessRec application(s) also enable you to provide us with additional information, such as your gender, fitness level, and workout goals. After registering, you can add more information to your profile (e.g., a profile photo). If you do so, you will once again provide us with personal data. We will also receive data (including personal data) from you when you communicate with us or other users through an FitnessRec application. If you create a workout schedule, we will receive information about which and how many workouts you have completed. We will also receive information about how you use FitnessRec application(s). In that case, too, you will provide us with personal data. However, We do not send any data gathered in the health, fitness, and medical research context to third parties and do not engage in targeted or behavioral advertising based on such sensitive user data including the data gathered from Apple Health app or Google Fit app and their APIs.

2.3 Enabling access rights to your device

For you to be able to use an FitnessRec application to the full extent, we will also need certain access rights to your smart phone. When you want to use such a function for the first time, we will ask you whether you grant us such access rights or we will ask you to grant us access by selecting the appropriate settings. Generally, you may revoke such access rights at any time by changing the appropriate settings.

We may request access to the following device features and capabilities:

• Camera: To take photos for your profile, progress pictures, or to scan food barcodes
• Photo Library: To upload or select photos from your device gallery
• File Storage: To save and access workout videos, progress photos, and other media
• Push Notifications: To send workout reminders, nutrition alerts, and app notifications
• Location Services: To track outdoor workout routes and calculate distance (only when GPS tracking is enabled during workouts)
• Network Information: To detect connectivity status and optimize data synchronization
• Haptic Feedback: To provide tactile feedback for certain interactions
• Keyboard: To manage keyboard appearance and behavior for better user experience
• Local Notifications: To schedule reminders even when the app is not running
• Barcode Scanning: To scan food product barcodes for quick nutrition logging using ML Kit
• Clipboard: To enable copy/paste functionality within the app

These device capabilities are accessed through Capacitor plugins and native platform APIs. All access requires your explicit permission through your device's permission system. Data from these features is processed locally on your device or securely transmitted to our Firebase servers as needed for app functionality.

2.3.1 Health Data Synchronization

If you choose to enable health data synchronization, FitnessRec will request permission to access health and fitness data from third-party platforms such as Apple HealthKit, Google Health Connect (formerly Google Fit), Samsung Health, Fitbit, and Garmin Connect. This integration is entirely optional and requires your explicit authorization.

When you enable health data synchronization, we may collect and process the following types of data:

Personal Characteristics:

• Biological sex/gender
• Date of birth

Body Measurements:

• Weight (kg)
• Height (m)
• Body Mass Index (BMI)
• Body fat percentage (%)

Physical Activity Data:

• Step count
• Flights of stairs climbed
• Distance traveled (walking, running, cycling in meters)
• Active exercise time (including Apple Exercise Time)
• Workout and exercise sessions (activity type, duration, intensity)
• Workout routes with GPS coordinates (latitude, longitude, altitude)

Energy and Calories:

• Active calories burned (kcal)
• Basal/resting calories burned (kcal)
• Total calories burned (kcal)
• Dietary calories consumed (kcal)

Sleep Data:

• Sleep duration
• Sleep quality and analysis
• Sleep stages (if available from your device)

Cardiovascular Metrics:

• Heart rate (beats per minute)
• Resting heart rate
• Heart rate variability (HRV/SDNN)

Health Metrics:

• Blood glucose levels (mmol/L or mg/dL)
• Blood pressure (systolic and diastolic in mmHg)
• UV exposure index

Nutrition Data:

• Total carbohydrates (g)
• Total fats (g)
• Protein (g)
• Sugar (g)
• Water/hydration intake (ml)
• Other macronutrients and micronutrients you log

Mindfulness and Wellness:

• Mindfulness session duration (seconds/minutes)

The specific data types available depend on what your connected health platform supports (Apple HealthKit, Google Health Connect, Fitbit, Garmin) and which permissions you grant. Not all data types are available on all platforms. You have granular control over which data types you share with FitnessRec.

This data is synchronized with our secure cloud infrastructure (Firebase) to enable:

• Cross-device access to your fitness data
• Backup and data preservation
• Comprehensive analytics and progress tracking
• Personalized workout and nutrition recommendations
• Integration with trainer services (if you have authorized a fitness professional)

You can enable or disable health data synchronization at any time through the app settings. When you disable synchronization, we will stop collecting new data from the connected platforms. Previously synchronized data will remain in your account unless you explicitly request its deletion.

We implement data optimization techniques to minimize storage usage while preserving data accuracy, including compression algorithms for GPS routes and heart rate data. We do not share health data collected through these integrations with third parties for advertising or marketing purposes.

2.4 Newsletter

You can register for our newsletter. That way, you will receive regular updates about the FitnessRec Services. All you need to receive our newsletter is to provide us with a valid e-mail address. If you are no longer interested in receiving the newsletter, you may unsubscribe at any time using the link that is included in each newsletter.

2.5 Linking your account to third-party authentication providers

You can link your FitnessRec user account to third-party authentication providers such as Google or Facebook. To do so, simply choose "Login with Google" or "Login with Facebook" during the registration process; you will then be transferred to the respective service. There, you will be shown to which data we will receive access. We will store your email address from the authentication provider. This is the email address we will use to contact you, if necessary. We will also record the fact that you have registered through a third-party authentication provider.

2.6 Website

You will also transfer certain information to us when you access our website or FitnessRec application(s), e.g., your IP address. We will also receive data about which terminal device (computer, smartphone, tablet, etc.) you are using, which browser (Internet Explorer, Safari, Firefox, etc.) you are using, the time at which you access the website, the so-called referrer, and the data volume transferred. Such data cannot be used by us to identify the user. This data is processed for statistical purposes only. Such analyses help us make our Services more attractive and, if necessary, to improve our Services.

2.7 Log files

Every time you access our website the aforementioned data will be automatically stored in log files. A log file automatically logs all or defined actions on a computer system. Such log files are important, for example, for process control and automation. In the case of databases a log file tracks changes to the database of correctly executed transactions. In the event of an error (e.g., a system crash), this allows the current dataset to be restored. Log files are also created by web servers. Inter alia, the following data are logged: the address of the accessing computer, authentication fields, date and time of access, access method, content of HTML access, status code of the web server, and information about the browser and operating system used by the client.

2.8 Other possible instances of data collection

Collection of data also happens, for example, when you contact us or other users, i.e., when you open your FitnessRec user account, sign up for a subscription, upload a profile photo, or use our Services to send messages.

3. What are our legal bases for processing of your data?

We will collect, process, and use your personal data and other data to support the delivery of FitnessRec Services in accordance with our General Terms and Conditions.  In this section we provide information on the legal basis for our processing of your Personal Data as required by law, as well as provide detailed information about the purposes of collection, processing and use of your data.

We process your data based on the following legal bases:

• performance of our Services,
• legitimate interest relating to our Services,
• if you have given us your consent to process your data,
• if it is necessary for us to comply with a legal obligation

We may also process the data if it is necessary to protect vital interests of our users and/or other people, or for the performance of an obligation to carry out in the public interest.

4. Purpose of date use ?

We will use personal data you have provided to us only if and to the extent necessary for providing our Services and handling of the contract or if you have consented that we may use your data for the purposes described in this Privacy Policy.

We process and use data (including personal data) you make available to us voluntarily on the website or through the FitnessRec application in various situations (e.g., when you send us an e-mail). We also use data that are collected automatically on our website or through the FitnessRec application. Finally, we may also receive data about you from third parties, for example when another user provides us with information about you.

We collect, process and use data for the following purposes:

• to administer, operate, maintain, and improve the website and FitnessRec application(s);
• to allow and process orders for services placed by you through the website or FitnessRec application(s);
• to customize your experience in relation to our website or FitnessRec application(s) (e.g., by tailoring content and offers to your personal preferences);
• to assess your right to receive certain types of offers or services;
• to support the improvement and customization of the FitnessRec Services;
• to analyze and research customer behavior;
• to respond to your questions and inquiries;
• to provide you with information about services that may be of interest to you;
• to communicate with you about certain concerns;
• to manage awards, surveys, winning games, lotteries, or other promotional activities or events;
• to comply with our legal obligations to prevent any unlawful use of the website or FitnessRec application(s), to protect the security of our Service, to detect and prevent fraud or abuse, to settle disputes, and to enforce our contracts;
• for any other purposes to which you have consented in a particular case, or
• otherwise as permitted by applicable law.

If required by law, we will ask for your consent before collecting, processing, or using your personal data for any of the aforementioned purposes.

We will also notify you if we want to use your personal data for a new or different purpose. We will use your personal data for such other purposes only if and to the extent necessary or permitted by applicable law or with your consent.

5. How long and where are data stored?

Your personal data will be stored for as long as this is necessary for achieving the defined purposes of processing. We apply the following retention periods:

• Account Data: Retained for the duration of your active account plus 30 days after account deletion to allow for account recovery requests.
• Health and Fitness Data: Retained for the duration of your active account. Upon account deletion, health data is permanently deleted within 30 days.
• Transaction and Payment Records: Retained for 7 years after the transaction date to comply with tax and accounting regulations.
• Communication Records: Chat messages and support communications are retained for 2 years after the last interaction.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for service improvement purposes.
• Log Files: Server logs are retained for 90 days for security and debugging purposes.

If you cancel your user account, we will delete or anonymize your personal data within 30 days, except where we have a legal obligation to retain certain data for longer periods. You may request earlier deletion of specific data categories by contacting us.

Data Storage Location: Your data is primarily stored on Firebase servers operated by Google. Data may be stored in data centers located in the United States and the European Union. We ensure appropriate safeguards are in place for any international data transfers as described in Section 7.

6. Cookies and tracking pixels

We collect information about visitors to our website and about users of our FitnessRec application(s) in order to improve our Services. For this purpose we use different kinds of so-called cookies and tracking pixels (a.k.a. web beacons).

A cookie allows a web server to place a text file (e.g., a clear ID) on your computer or smart phone/tablet. Cookies are used, for example, to automatically recognize you the next time you visit our websites or use an FitnessRec application. The cookie is sent either by the web server to your browser or is generated by client-side scripting (e.g., JavaScript). Cookie data will be stored locally on your terminal device and in most cases will be effective only for a limited time period.

Websites that include flash media write user-specific data to your computer and later read such data. Such files are called flash cookies or local shared objects (LSO). Such files are not managed by your browser, but rather by the flash player plug-in. Flash cookies are subject to the same rules as conventional cookies. Flash cookies, too, can only be read by the website that caused those flash cookies to be placed. However, flash cookies can store a substantially greater volume of data.

Your browser offers extensive setting options to manage cookies. For example, you can deactivate cookies in your browser or limit cookies to certain websites. You can also program your browser to first notify you before a cookie is placed. You can also choose these settings on your mobile terminal devices. You can at any time manage cookies by changing the settings of your devices, delete cookies, or block cookies altogether.

You can also visit our website even if you block cookies on your terminal device. If you block cookies, the display of our website may however be impaired and not all functions may be available to you. You can also use FitnessRec application(s) without cookies. In that case, you may however no longer be able to use all functions of such application as conveniently.

Tracking pixels are small graphics in HTML e-mails or on websites. When you access such a website, your access to the tracking pixel will be recorded in a log file. This allows statistical analysis, which, in turn, can be used to improve our Services. You can set your e-mail program or your browser so that HTML e-mails will be displayed as text only, thereby preventing the use of some tracking pixels.

7. Transfer of data to third parties

Your personal data will be transferred to third parties only if we have a legal obligation to do so, if the data transfer is necessary for performance of the contract, or if you have consented to the transfer of your data. Third-party service providers and partner companies will receive your data only if and to the extent necessary for performance of the contract or with your consent. In such cases, the extent to which data are transferred will however be kept to the absolute minimum. To the extent that our service providers come into contact with your personal data, we will make sure that they too will comply with all applicable data protection laws. Please also read the data privacy policies of such third-party providers.

We use cloud services. This means we will transfer your data to a third party – the cloud services provider – and store data on the servers of that provider. In some cases, your data may also be stored on servers outside the European Union (EU) or European Economic Area (EEA). In some cases, your data may also be processed there. We ensure appropriate safeguards for international data transfers through one or more of the following mechanisms: (i) Standard Contractual Clauses (SCCs) approved by the European Commission, (ii) the EU-US Data Privacy Framework for transfers to certified US organizations (https://www.dataprivacyframework.gov/), or (iii) other legally recognized transfer mechanisms. These safeguards ensure an appropriate level of data protection consistent with EU standards.

8. Data processing – third-party services and partners

To be able to offer you all functions and services of FitnessRec application(s) in the most convenient way possible and to be able to continuously improve our Services, we use third-party services and partners. We also use the assistance of third parties to improve our website. Finally, we use certain tools for our marketing.

Below is the description of the third-party services we use and for what purposes:

Google

We use a number of different Google services (Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043, U.S.A. – hereinafter “Google”) for analysis and marketing purposes. These tools collect and statistically analyze data about your use of our Services in different ways. We also use your data to show you personalized ads with the help of Google services. By using our website or our FitnessRec Services, you consent that we may use your data for these purposes.

Below (in 8.1.1-8.1.6) we will explain the different services and the ways in which you can to conveniently revoke your consent, and we provide you with additional important information.

Additional information about how Google handles data transmitted by us is available here:https://policies.google.com/technologies/partner-sites?hl=en

You can find additional information about how Google uses cookies in the data privacy policy of Google here: (https://www.google.com/intl/en/policies/privacy/).

Information generated by Google tools is generally transferred to a server of Google in the United States and stored there. Google and its subsidiaries are EU-US Privacy-Shield certified.

Google Analytics

Our application(s) and our website use Google Analytics, a web analysis program of Google. Google Analytics uses cookies that are stored on your terminal device and allows an analysis of your use. We activate IP address anonymization so that IP addresses will first be truncated by Google within the European Union. On our behalf Google uses such information to analyze your use of our Services as well as the use of our Services by other users, and provides us with reports and other services. The IP address transmitted from your terminal device to Google Analytics will not be merged with any other data of Google. Google will transfer your data to third parties only if permitted by applicable law or in accordance with outsourced data processing agreements.

You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. In the alternative, you can also install a browser plug-in.

DoubleClick by Google

DoubleClick uses cookies to show you ads that are relevant to you. In the process, a pseudonymous identification number (ID) is assigned to you to monitor which ads have been shown in your browser and which ads have been clicked. Such cookies contain no personal information. DoubleClick cookies allow Google and its partner websites to show ads on the basis of previous visits to our website or other websites on the Internet. Information generated by such cookies is transferred by Google to a server in the United States for analysis, where it is stored. Google never merges your data with any other data of Google. Data is transferred to third parties by Google only if permitted by applicable law or in accordance with outsourced data processing agreements.

If you do not wish to receive personalized ads, you can place an opt-out cookie:

https://adssettings.google.com/authenticated?hl=en#display_optout

You can also install the DoubleClick deactivation browser add-on. You will find this browser plug-in here:

https://www.google.com/settings/ads/onweb/

Google AdWords

We use Google AdWords to advertise our offers. Following a search on Google, our ads will be shown in the areas designated for this purpose. Our website registers with the help of cookies how many users have found our Services through such ads. We use such data to optimize our ads. A cookie is stored by Google when an ad is clicked. You can block the cookie by selecting the appropriate settings in your browser. In that case, your visit to our website will not be included in anonymous user statistics.

If you do not wish to receive personalized ads, you can place an opt-out cookie:

https://www.google.com/settings/ads/onweb#display_optout

You can also block cookies, for example, by installing an appropriate browser plug-in.

Google AdMob

We use Google AdMob to display advertisements within the free version of our app. AdMob helps FitnessRec show targeted advertising to our users. To achieve this, we send identifiers for mobile devices (including Android Advertising ID, Advertising Identifier for iOS) to AdMob.

We send to Google the advertising ID from the device on which the ad is serving. Google uses it to generate interests and demographics (for example, 'sports enthusiasts'). Interests, demographics, and other data may be used to serve better targeted ads to the user.

AdMob may display banner ads and interstitial ads (full-screen ads shown between app screens). Premium subscribers can remove ads by upgrading to a paid subscription.

Important: We do not send any data gathered in the health, fitness, and medical research context to AdMob, and we do not engage in targeted or behavioral advertising based on such sensitive user data including the data gathered from Apple Health app, Google Health Connect, or their APIs. Health and fitness data is strictly separated from advertising identifiers.

You can opt out of personalized advertising by adjusting your device settings (Ad Settings on Android, or Limit Ad Tracking on iOS).

Google Dynamic Remarketing

We use Google Dynamic Remarketing functions on our website. This technology allows us to show automatically generated, target group-based ads following your visit to our website. The ads shown are based on products and services on which you clicked or which you viewed during your last visit to our website. Google uses cookies to generate interest-based ads. If you do not wish to receive user-based ads from Google, you can deactivate ads by selecting the appropriate settings of Google.

If you do not wish to receive personalized ads, you can place an opt out cookie:

https://www.google.com/settings/ads/onweb#display_optout

You can block personalized ads by installing the appropriate browser plug-in, which is available here:

https://support.google.com/ads/answer/7395996?hl=en

You can also block personalized ads from Google and other advertising networks by opting out on the following page:

https://www.youronlinechoices.com/

Firebase

Firebase is a Google subsidiary with its registered office in San Francisco, CA, U.S.A. We use Firebase SDK, Firebase Authentication, Cloud Firestore, Firebase Cloud Functions, Firebase Storage, Firebase Cloud Messaging, and Google Analytics for Firebase for our FitnessRec application(s).

Firebase provides our backend infrastructure and enables core functionality including:

• User authentication and account management
• Secure cloud storage for user data, workout logs, nutrition records, and health data
• Real-time data synchronization across devices
• Push notifications for workout reminders and app updates
• Analytics to understand app usage and improve our Services
• Cloud Functions for server-side processing of data

Firebase uses technologies that work similar to cookies, in particular advertising IDs. This way, we collect information about how you use the FitnessRec application(s). We use such data for statistical analysis purposes, to test our offers (e.g., A/B testing), and to improve our offers. In addition, we use such information for personalized advertising. By using our Services you consent to our collection of such data.

All data stored in Firebase is encrypted in transit and at rest. We implement Firebase Security Rules to ensure that users can only access their own data. Health data synchronized from third-party platforms is stored securely in Firebase Firestore and is subject to the same privacy protections as all other user data.

If you do not wish that such data is collected, you may opt out at any time. You can conveniently do so, for example, by selecting the appropriate settings in your mobile terminal device. How you can prevent such data from being collected on your Android device is explained, for example, here:

https://www.google.com/policies/technologies/ads/

On your iOS device you will find the appropriate setting under Settings > Data Privacy > Advertising.

8.1.7 Additional Google Services

We also use the following Google services:

• Firebase App Check: To protect our backend services from abuse and ensure requests come from legitimate app instances. App Check uses device attestation to verify that requests come from your authentic app and device, not bots or unauthorized clients.
• Google Sign-In: To provide a convenient and secure authentication method using your Google account
• Google reCAPTCHA v3: Used on web platforms to protect against spam and abuse. reCAPTCHA analyzes user interactions to determine if requests are from legitimate users. reCAPTCHA's privacy policy: https://www.google.com/recaptcha/about/
• AI-Powered Insights:
  • Default (On-Device Insights): By default, fitness insights, workout recommendations, and nutrition analysis are generated locally on your device using on-device algorithms. While your health data is synced to our cloud servers for storage and cross-device access (as described in this policy), AI-powered insights are computed on your device without sending data to external AI services.
  • Advanced Insights (Opt-In Only): If you choose to enable Advanced Insights in your settings, we may use Google's Generative AI capabilities (Firebase AI/Gemini) to provide enhanced recommendations and deeper analysis. This feature requires your explicit consent and can be disabled at any time.
  • No AI Training: Your personal health and fitness data is NEVER used to train AI models. Whether you use on-device insights or opt in to cloud AI features, your data is not used for machine learning training purposes. Cloud AI services only process your data in real-time to generate personalized insights and do not retain or learn from your individual data.
  Cloud AI processing, when enabled, is performed through Google's secure infrastructure and is subject to Google's AI privacy terms: https://cloud.google.com/terms/generative-ai-terms
• Firebase Performance Monitoring: To track app performance metrics, identify slow screens, and improve user experience
• Firebase Remote Config: To dynamically update app configuration (such as MeiliSearch endpoints) without requiring app updates

8.1.8 Health Platform Integrations

When you enable health data synchronization, we integrate with the following third-party health platforms:

Apple HealthKit: On iOS devices, we use HealthKit (provided by Apple Inc.) to read and write health and fitness data. HealthKit data is processed on your device and synchronized with our servers only with your explicit permission. We access only the data types you specifically authorize. Apple's privacy policy applies to HealthKit data: https://www.apple.com/legal/privacy/

Google Health Connect: On Android devices, we use Health Connect (formerly Google Fit, provided by Google LLC) to read and write health and fitness data. Health Connect acts as a centralized repository for health data from various apps and devices. We access only the data types you specifically authorize. Google's privacy policy applies to Health Connect data: https://policies.google.com/privacy

Fitbit: When you connect your Fitbit account, we may access activity, sleep, heart rate, and other fitness data from your Fitbit devices and account. Fitbit's privacy policy applies: https://www.fitbit.com/global/us/legal/privacy-policy

Garmin Connect: When you connect your Garmin account, we may access activity, workout, and fitness data from your Garmin devices and account. Garmin's privacy policy applies: https://www.garmin.com/en-US/privacy/

Samsung Health: On Android devices with Samsung Health installed, we may use the Samsung Health Data SDK to read and write health and fitness data including activity summary, steps, calories, heart rate, sleep, blood oxygen, blood pressure, body composition, nutrition, water intake, exercise sessions, and other health metrics. We access only the data types you specifically authorize. Samsung's privacy policy applies: https://account.samsung.com/membership/terms/privacypolicy

We use the cordova-plugin-health library and Samsung Health Data SDK to facilitate these integrations. This plugin provides a unified interface for accessing health data across different platforms while respecting each platform's privacy and security requirements.

8.1.9 Additional Third-Party Services

RevenueCat: We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat processes transaction data and subscription status but does not have access to your health or fitness data. RevenueCat's privacy policy: https://www.revenuecat.com/privacy

Stripe: For web-based purchases, we use Stripe for payment processing. Stripe handles payment information securely and we do not store credit card details on our servers. Stripe's privacy policy: https://stripe.com/privacy

MeiliSearch: We use MeiliSearch for fast and efficient searching of food items and exercises in our database. Search queries are processed to provide relevant results but are not linked to your personal profile. MeiliSearch's privacy policy: https://www.meilisearch.com/privacy

Cloudflare: We use Cloudflare for content delivery, image optimization, and image transformations. Cloudflare may process image requests, generate thumbnails (e.g., 112x63 variants for exercise images), and cache content to improve app performance. Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

Google Cloud Video Transcoder: We use Google Cloud Video Transcoder API to process workout videos and progress videos uploaded by users. Videos are temporarily processed in Google Cloud servers to optimize them for streaming and storage. Processed videos are stored in Firebase Storage. Google Cloud's privacy policy: https://cloud.google.com/terms/cloud-privacy-notice

Leaflet: We use Leaflet (an open-source mapping library) to display workout routes and GPS tracks. Map tiles are provided by OpenStreetMap contributors and may be served through third-party tile servers. Location data is only accessed with your explicit permission and is used solely to display your workout routes. OpenStreetMap privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

Ionic PWA Elements: We use Ionic PWA Elements to provide camera and photo functionality on web platforms. This library enables camera access through your browser but does not transmit data to any third-party service.

ngx-translate: We use ngx-translate for multi-language support. Translation files are stored locally and no data is transmitted to third parties for translation services.

8.1.10 Data Visualization and Processing Libraries

We use the following open-source libraries for data visualization and processing. These libraries run locally in your app or browser and do not transmit data to external servers:

• Chart.js: For creating fitness and nutrition charts and graphs
• ngx-charts: For advanced data visualizations and analytics displays
• D3.js: For custom data visualizations and interactive charts
• Moment.js: For date and time formatting and calculations
• PapaParse: For CSV parsing when importing/exporting nutrition data
• Fuse.js: For client-side fuzzy search functionality
• Pako: For data compression to optimize storage and network usage

These libraries process your data locally on your device and do not communicate with external servers or third-party services.

8.2 Social plug-ins

We use the following social plug-ins for our website:

• Facebook/Meta (operator: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, U.S.A.)
• X (formerly Twitter) (operator: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.A.)

These plug-ins routinely collect data from you and transfer such data to servers of the provider.

Once activated, such plug-ins will also record your IP address. In addition, activated social plug-ins will place a cookie with a clear ID when the relevant website is accessed. This also allows providers to create profiles of your user behavior. Such a cookie is placed whether or not you are a member of the social network. If you are a member of a social network and are logged in when you visit our website or when you use the FitnessRec application(s), data and information about your visit to our website or your use of an FitnessRec application may be linked to your profile on the social network. Please note that we have no control over the exact extent to which your data will be collected by social network providers. For more information about the extent, type, and purpose of data processing and about rights and settings to protect your privacy, please refer to the data privacy policy of the relevant social network provider. These are available at the following addresses:

• Facebook/Meta: https://www.facebook.com/privacy/policy/
• X (formerly Twitter): https://x.com/en/privacy

Facebook Connect

We use the “Facebook Connect” function, so that you can register and log in with us using your Facebook account.

If you use Facebook Connect, Facebook profile data and public data from your Facebook profile will be transferred to us. Conversely, data may be transferred from us to your Facebook profile. Such data are used by us to register you on our website or for FitnessRec application(s) or to allow you to log in. For this purpose we also store and process such data.

By registering on our website or for an FitnessRec application with the help of Facebook Connect you consent that your profile data from your Facebook profile may be transferred to us and, conversely, that we may transfer data to Facebook.

Please also note that Facebook receives information through Facebook Connect about how you use our FitnessRec application(s) and our website.

For information about the purpose and extent of data processing, the further processing and use of data by Facebook, and your rights and setting options to protect your privacy, please refer to the data privacy policy of Facebook: https://www.facebook.com/policy.php.

9. Data security

We implement comprehensive security measures to protect your personal data and health information. Our security practices include:

• Encryption in Transit: All data transmitted between your device and our servers is protected using TLS 1.2 or higher encryption.
• Encryption at Rest: Data stored on our servers is encrypted using industry-standard AES-256 encryption.
• Access Controls: We implement strict role-based access controls to ensure only authorized personnel can access user data, and only when necessary for service operation or support.
• Firebase Security Rules: We use Firebase Security Rules to ensure users can only access their own data and cannot access other users' information.
• App Check Protection: We use Firebase App Check to verify that requests to our backend come from legitimate app instances.
• Regular Security Audits: We regularly review and update our security practices to address emerging threats.
• Secure Authentication: We support secure authentication methods including Google Sign-In and implement password hashing for email/password accounts.

Health Data Security: Health and fitness data from connected platforms (Apple HealthKit, Google Health Connect, Fitbit, Garmin) receives additional protection:

• Health data is stored separately from advertising identifiers
• Health data is never shared with advertising networks
• Access to health data requires explicit user authorization
• Users can revoke health data access at any time through app settings

While no system can guarantee absolute security, we are committed to protecting your data using industry best practices. We encourage you to protect your account by using a strong password and not sharing your login credentials with others. If you believe your account has been compromised, please contact us immediately at support@parsrec.com.

10. Websites of third parties

We occasionally place links to websites of third parties. Although we carefully select such third parties, we make no guarantee and assume no liability for the correctness or completeness of content or data security of any third-party websites. Nor does this Privacy Policy apply to linked third-party websites. We assume no responsibility for data privacy policies or content of any other websites.

11. Changes to this Privacy Policy

We may need to make changes to this Privacy Policy, for example if we add new functions or services to the application. We will however notify you of any changes and ask that you read and accept such changes before they are implemented by us.

12. Your rights: information/revocation/erasure and data controller

You may at any time and at no cost request us to provide you information about your personal data that are processed by us, correction of any errors in your personal data, termination of processing of your personal data, or erasure of your personal data – subject to mandatory legal provisions or obligations to the contrary. In particular, if you qualify as the “data subject” under the terms of (GDPR), you have the right to:

• request information on personal data processed by us about you as provided by Art. 15 GDPR.
• in accordance with Art. 16 GDPR, to immediately demand the correction of incorrect data or completion of incomplete personal data stored with us;
• pursuant to Art. 17 GDPR, to request deletion of your personal data stored by us, unless the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
• in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you or the processing is unlawful;
• in accordance with Art. 20 GDPR, to receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another controller;
• in accordance with Art. 7 (3) GDPR, to revoke at any time your consent previously granted to us. As a result, we will be no longer able to continue the data processing based on this consent for the future;
• in accordance with Art. 77 GDPR, users have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose.
• also, if your personal data is processed based on legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons based on your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which shall be implemented by us without you specifying any particular situation.

13. Authorization for Trainers and Professionals

Our fitness application allows users to authorize their personal trainers, dieticians, or similar fitness professionals ("Authorized Professionals") to access and review their data. This feature is entirely optional and is designed to enhance the user's fitness experience by enabling personalized coaching and guidance.

How Authorization Works

When you choose to authorize an Authorized Professional to access your data, you are granting them permission to view specific fitness-related information, such as your exercise routines, progress, and dietary preferences. This authorization is granted explicitly by you and is only applicable to the specific Authorized Professional you have selected.

Revoking Authorization

You have the right to revoke the authorization for an Authorized Professional to access your data at any time. If you wish to withdraw this consent, you can do so within the settings of the application. Once authorization is revoked, the Authorized Professional will no longer be able to access your data, and they will no longer have visibility into your fitness-related information.

Privacy and Security of Data

We take the privacy and security of your data seriously. Any data shared with an Authorized Professional will be handled in accordance with this privacy policy. We do not share your personal information with any third-party professionals unless you explicitly authorize it. All communication between you and your Authorized Professional through the application is encrypted to protect your data from unauthorized access.

Responsibility of Authorized Professionals

It's essential to note that Authorized Professionals are independent users of our application and are not our employees or representatives. While we provide the platform for them to access your data, we do not control or take responsibility for their actions outside the application. We encourage you to review the privacy policies and terms of service of any Authorized Professional before granting them access to your data.

Changes to Authorization

We reserve the right to modify or discontinue the feature that allows users to authorize professionals to access their data. In such cases, we will provide appropriate notice within the application, and any existing authorizations will be revoked if the feature is discontinued.

If you have any questions or concerns regarding the authorization of fitness professionals or the handling of your data, please contact us at support@parsrec.com.

14. Children's Privacy and Rights

FitnessRec is designed for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13 without verifiable parental consent. For users between 13 and 18 years of age, we require parental or guardian consent before using our Services.

Age Requirements

• Under 13 years old: We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13 without parental consent, we will promptly delete such information.
• 13-17 years old: Users in this age range may use FitnessRec with verifiable parental or guardian consent. Parents must review and agree to this Privacy Policy on behalf of their child.
• 18 years and older: Full access to all features without parental consent requirement.

Health Data and Minors

Due to the sensitive nature of health and fitness data, we implement additional safeguards for users under 18:

• Health data synchronization features (HealthKit, Health Connect, Fitbit, Garmin) require parental consent for users under 18.
• We do not use health data from minors for any advertising or marketing purposes.
• Health data from minors is not shared with third parties except as necessary to provide the core Services.
• Parents can request complete deletion of their child's health data at any time.

Parental Rights and Controls

Parents and guardians have the right to:

• Review the personal information we have collected about their child
• Request deletion of their child's personal information and account
• Refuse to allow further collection or use of their child's information
• Revoke consent previously provided

To exercise these rights, please contact us at support@parsrec.com with proof of your relationship to the child.

COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and similar international regulations regarding children's privacy. We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary.

If you have any questions or concerns about our privacy practices regarding children, please contact us at support@parsrec.com.

To exercise your rights under GDPR, simply contact us at any time by letter or e-mail at:

PARSREC YAZILIM LIMITED SIRKETI
B BLOK, NO:4/4 ESREF DINCER MAHALLESI OZLEM SOKAK Gemlik
16000 Bursa
Turkey

E-Mail: support@parsrec.com
Managing director: Emre Akkoc
Recorded in the Commercial Register at Gemlik

under number:5993
VAT ID No.: TR7220928896