Privacy Policy
Last updated: June 15, 2026
TL;DR
- We collect profile data, location, and activity to run the matchmaking and session features.
- Your profile is visible to your matches and session attendees. Nobody else.
- We use Google Firebase (EU region) to store data. We do not sell your data.
- We may use your data for advertising in the future. We will be transparent when we do.
- You can edit or delete your data at any time. EU residents have full GDPR rights.
This Privacy Policy describes what FitFFinder collects about you, why we collect it, how we use and share it, and the choices you have. It applies to the FitFFinder mobile app and any associated websites or services.
1. Who we are
FitFFinder is a training-partner matchmaking application. For questions about this policy or to exercise your data rights, contact us at support@fitinder.com.
Our production infrastructure runs on Google Cloud (Firebase) in the europe-west1 region. Users of the production app are served from EU infrastructure.
2. What we collect
Account information
- Email address (used as your login identifier).
- Display name.
- Account creation date and last login timestamp.
Profile content
- Profile photos you choose to upload (up to three).
- Sport preferences and experience level.
- Fitness goals and a short bio (optional).
- Weekly availability windows.
- City. We geocode the city name into an approximate latitude and longitude to show distance estimates to other users. We do not expose your raw coordinates to other users.
Sensitive information
- Date of birth or age. We collect this to verify that you are 18 or older and to personalise matching.
- Approximate location (derived from city entry, as described above).
- Precise location (if you grant the location permission in your device settings). Precise location is used to refine distance calculations and to let you pin the location of a workout session. We do not store your precise GPS coordinates on our servers beyond the session pin you explicitly create.
Usage and activity
- Swipe decisions (likes and passes), stored privately to prevent the same profiles from reappearing in your feed.
- Matches and the messages within them.
- Sessions you create or join, including session details, location pins, and group-chat messages.
- Ratings you give and receive after a session ends.
- Reports you submit through the in-app safety menu.
- Block relationships (users you have blocked).
Device and technical information
- Push notification tokens (to deliver session invites and match alerts to your device).
- Crash and diagnostic logs used to identify and fix bugs. We currently collect these through Firebase Crashlytics and Sentry. We will update this policy before adding any additional analytics services.
- Device type and operating system version (collected automatically by our crash-reporting infrastructure).
3. Why we collect it and our legal bases (GDPR)
We process your data under the following legal bases:
- Performance of a contract (Article 6(1)(b) GDPR). Account data, profile content, activity data, and device tokens are necessary to provide the matchmaking, sessions, chat, and safety features you signed up for.
- Legitimate interests (Article 6(1)(f) GDPR). Crash and diagnostic logs are processed to keep the app stable and secure. Moderation records are retained to protect users from abuse. We have assessed that these interests are not overridden by your rights.
- Consent (Article 6(1)(a) GDPR). Precise location access is processed only with your explicit in-device consent. Date of birth is collected with your acknowledgment during sign-up. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
- Compliance with legal obligations (Article 6(1)(c) GDPR). We may retain certain data to comply with applicable law or to respond to lawful requests from public authorities.
4. Advertising
FitFFinder does not currently serve advertising or share your data with advertising partners. The app is currently free of advertisements.
However, we expressly reserve the right to introduce advertising in the future, including personalized advertising and contextual advertising. If and when we do so, we may share data with advertising partners and networks to deliver relevant ads, measure ad performance, and manage ad campaigns. We will update this Privacy Policy before any advertising feature goes live, and where required by law, we will obtain your consent before using your data for personalized advertising.
The data categories that may be used for advertising in the future include: usage patterns, sport and fitness interests, general location (city level), and demographic information such as age range. We will not share your precise GPS coordinates, your messages, or your match history with advertising partners.
5. How we share your data
With other users
Your display name, profile photos, sport preferences, experience level, goals, availability windows, city, session ratings, and the messages you send are visible to users you have matched with and to attendees of sessions you have joined or created. Your email address is never visible to other users.
With our infrastructure provider (Google / Firebase)
Data is stored in Google Cloud Firestore and Firebase Storage, operated in the europe-west1 region. Google processes this data as our data processor under a Data Processing Agreement. Google's standard infrastructure security applies. See Firebase privacy documentation for details.
With analytics and crash-reporting providers
We use Firebase Crashlytics and Sentry to collect crash reports and diagnostic data. These services may process device identifiers and crash-state information. We will list any additional analytics providers here before enabling them.
With advertising partners (future)
We do not currently share data with advertising partners. See Section 4 for our reserved right to do so in the future.
For legal compliance
We may disclose your data if required by a valid court order, subpoena, or other lawful legal process. We will notify you of such a request to the extent permitted by law, and we will push back on requests that we believe are overbroad or unlawful.
In connection with a business transfer
If FitFFinder is acquired, merged, or sold, your data may be transferred as part of that transaction. We will notify you via the app or by email before your data is transferred and becomes subject to a different privacy policy.
6. Your rights
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data protection law, you have the following rights:
- Access. You can request a copy of the personal data we hold about you.
- Correction. You can update most of your profile data directly in the app. For data you cannot edit yourself, contact us.
- Deletion. You can delete your account and the data associated with it from Settings > Danger zone. Some data (such as moderation records) may be retained after deletion as described in Section 8.
- Portability. You can request your data in a structured, machine-readable format.
- Restriction. You can ask us to restrict processing of your data in certain circumstances.
- Objection. You can object to processing based on legitimate interests. We will assess your objection and stop processing unless we have compelling legitimate grounds that override your interests.
- Withdrawal of consent. Where processing is based on consent (such as precise location), you can withdraw consent at any time through your device settings or by contacting us.
To exercise any of these rights, contact us at support@fitinder.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
7. How to delete your account
You can delete your account at any time from within the app: Settings > Danger zone > Delete account. This removes your profile, photos, matches, and session memberships. Some data (moderation records, transaction logs) may be retained as described in Section 8.
8. Retention
- Profile data. Kept until you delete your account.
- Messages. Kept until either party unmatches or deletes their account.
- Moderation records (reports). Retained after account deletion for safety and legal compliance, for up to five years.
- Crash and diagnostic logs. Short-lived. Typically deleted within 90 days.
- Session location pins. Retained for the duration of the session. Deleted when the session is deleted by its creator or when it expires.
9. Security
We use Firebase Authentication for identity management, server-side Firestore security rules to enforce data access controls, HTTPS for all data in transit, and Google Cloud's at-rest encryption for stored data. Crash and security logs are accessible only to the development team.
No system is perfectly secure. If you believe your account has been compromised, change your password immediately and contact us at support@fitinder.com.
10. Children
FitFFinder is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have collected data from a user under 18, we will delete the account and its associated data promptly.
11. International data transfers
Our production infrastructure is hosted in Google Cloud's europe-west1 region (Belgium). If you access FitFFinder from outside the European Economic Area, your data will be transferred to and processed in the EU. For transfers from the EEA to countries without an adequacy decision, we rely on the standard contractual clauses adopted by the European Commission, incorporated into our agreement with Google Cloud.
12. Changes to this policy
We may update this Privacy Policy as the product evolves. When we make material changes, we will notify you in the app before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of the service after the effective date of a change constitutes your acknowledgment of the updated policy.
13. Contact
For questions, data access requests, deletion requests, or complaints: support@fitinder.com