Privacy Policy

Effective date: 2025-07-25
Last updated: 2025-10-10

1. Short summary

  • We collect the information you give us (account details, profile, fitness/activity data, device data) and some information automatically (technical & usage data).

  • We use it to provide and improve the service, process payments, protect accounts, and — with your consent — personalise and market to you.

  • We do not sell your personal information. You can control many privacy settings (including who sees your activity and location) and you can request access, correction, export, or deletion of your data.

  • We comply with applicable privacy laws, including the Australian Privacy Principles where they apply. OAIC

2. Who this policy applies to

This policy applies to personal information collected by Zufit through our websites, mobile applications, APIs and related services (collectively, the “Services”).

Controller / contact:
Zufit
Email: braedon.kittelty@gmail.com

3. What we collect

a) Information you provide

  • Account & contact details (name, email, username, password)

  • Profile information (photo, date of birth, gender if provided)

  • Fitness and activity data you upload or record (workout metrics, GPS routes, heart rate, calories, duration) — this may include sensitive health-related data if you provide it. We only process sensitive data with your explicit consent.

  • Payment and billing details (if you subscribe or purchase) — note: payment processors may collect payment card details directly.

  • Communications (support tickets, messages, feedback).

b) Automatically collected information

  • Device identifiers, operating system, app version, IP address, browser type, crash logs, and analytics data.

  • Usage data (pages visited, features used, time spent).

  • Location data: if you enable GPS tracking for an activity, we collect that route information (you control activity privacy settings). See “Controls” below.

c) Third-party information

  • If you connect a third-party account (for example, a device or app integration), we may receive information from that third party (profile, activity) subject to your permission. We share only what is necessary to provide the integration and you control the connection. For partnerships or device integrations (e.g., Garmin, Strava), their privacy practices also apply; you should review their policies.

4. How we use your information

We use personal information to:

  • Provide, operate, and maintain the Services.

  • Create and manage your account.

  • Enable activity tracking, sync with devices and third-party services.

  • Process payments and prevent fraud.

  • Communicate with you (service messages, security alerts, support).

  • Improve and personalise the user experience and product development.

  • Conduct analytics and research to improve the Services.

  • With your consent: send marketing communications and targeted content.

  • Comply with legal obligations and respond to lawful requests.

5. Legal basis and APP compliance

  • If the Privacy Act applies to us, we comply with the Australian Privacy Principles (APPs) regarding collection, use, disclosure, data quality, security, access and correction of personal information. Where APPs require, we will provide notices and obtain consent as necessary. OAIC

6. Sensitive information (health & biometric data)

  • Health or biometric data (e.g., heart rate, medical attributes) is treated as sensitive. We will only collect or process such information with your clear, informed consent and for the specific purpose you authorise (e.g., to display workout metrics). You can withdraw consent at any time via account settings or support.

7. Sharing & disclosure

We may share personal information with:

  • Service providers & processors (payment processors, cloud hosting, analytics). They act on our instruction and may not use your data for other purposes.

  • Third-party integrations you enable (e.g., device sync partners). Data shared depends on what you permit and the specific integration—always review those partners’ privacy terms. garmin.cn+1

  • Legal / safety reasons: when required by law, regulation, or to respond to lawful requests, protect rights, safety, or property.

  • Business transfers: if we merge or sell the business, customer data may be transferred as part of that transaction (with notice).
    We do not sell personal information for monetary gain.

8. Cookies, trackers & analytics

  • We use cookies and similar technologies to make the service work, measure performance, personalise content, and deliver targeted marketing where you consent. You can manage cookie preferences via our cookie banner/settings.

  • Detailed analytics are used to improve the product; aggregated or anonymised analytics may be shared with partners.

9. Controls / privacy settings

  • Activity & location privacy: you control who sees your activities and whether location is shared. We provide privacy settings that let you make activities public, private, or visible to followers — similar to common fitness platforms’ activity privacy controls. You can change settings in your profile at any time.

  • Marketing & tracking: opt-in for marketing and targeted advertising; opt-out links are included in every marketing email.

  • Third-party connections: you can revoke device or app connections at any time in account settings.

10. Data retention

  • We retain personal information as long as necessary to provide the Services, for legitimate business purposes (security, fraud prevention, analytics), and to comply with legal obligations. Where we no longer need data, we will securely delete or anonymise it.

  • Suggested practice: keep account data while the account is active and remove or anonymise inactive data after a defined period (e.g., configurable retention such as 2–7 years depending on legal needs). Adjust retention to your legal obligations and consult counsel.

11. Security

  • We use administrative, technical and physical safeguards (encryption in transit, access controls, server security best practices) to protect data. No system is perfectly secure — if a breach occurs we will notify affected users and regulators as required by law.

12. Cross-border transfers

  • Our Services can operate globally. Personal data may be transferred to, stored in, and processed in countries outside your jurisdiction. When we do so, we use contractual safeguards, vendor assessments, and where required, appropriate legal tools to protect your information. We will comply with APP 8 and applicable data-export rules and provide information about transfer safeguards on request. OAIC

13. Children

  • Our Services are for users aged [age requirement, e.g., 13/16+]. We do not knowingly collect personal information from children under the applicable age. If a parent/guardian believes we have collected a child’s data, contact us and we will remove it.

14. Access, correction, deletion, portability

You can:

  • Request a copy of personal data we hold about you.

  • Request correction of inaccurate data.

  • Request deletion or closure of your account (subject to legal obligations and our retention requirements).

  • Request export of your data in a machine-readable format.

To make a request, contact braedon.kittelty@gmail.com. We will respond within applicable legal timeframes and may require identity verification.

15. Complaints & supervisory authority

  • If you are in Australia and the Privacy Act applies, you can contact the Office of the Australian Information Commissioner (OAIC) for guidance or to make a complaint. We will cooperate with any investigation and try to resolve complaints directly. OAIC

16. Integrations & device partners (examples)

  • Where you choose to sync with devices or services (for example device manufacturers or fitness apps), data will flow between systems as permitted by you and the partner’s policies. You should review partner privacy terms (examples include Garmin and Strava). garmin.cn+1

17. Legal bases (if you have EU users / GDPR)

If GDPR applies to you or your users, we will process personal data on legal bases such as: consent (for marketing, sensitive data), performance of a contract (providing services), legal obligation, or legitimate interests (product improvement and fraud prevention). Users in the EU may exercise data subject rights (access, portability, restriction, erasure) as described above.

18. Changes to this policy

We may update this policy for legal, technical, or business reasons. We will publish the revised policy with a new effective date and, if changes are material, provide prominent notice (e.g., in-app or by email).

19. Contact

If you have questions, requests or complaints about this policy or our privacy practices, contact:
Zufit - Braedon Kittelty
Email: braedon.kittelty@gmail.com