Privacy Policy
This Privacy Policy explains how Ruby Trading LLC, doing business as FitChat ("FitChat," "we," "us," or "our"), collects, uses, shares, and protects information when you use the FitChat mobile application, website at fitchatapp.com, and related services (together, the "Service"). FitChat is a chat-based food and nutrition tracker: you describe what you ate in everyday language, by voice, or with a photo, and the Service returns an estimated breakdown of calories and macros. This Policy is incorporated into our Terms of Use.
The short version. We collect the messages, photos, voice memos, and food logs you create so the Service can work and improve. We do not sell your personal information or use it for third-party advertising. The third-party AI providers that help generate your results do not use your content to train their models. We do use de-identified (anonymized) conversations and logs to train and improve FitChat's own models and features. You can access or delete your data at any time.
1. Information we collect
1.1 Account information
When you create an account, we collect your email address and a securely hashed password — or, if you sign in through a third-party provider (such as Apple or Google), the basic profile information that provider returns to us, such as your email address. You may also provide a display name and profile details.
1.2 Content you create in the app
FitChat is built around a chat. We collect and store the content you submit, including:
- Chat messages you send to the in-app AI assistant, and the assistant's replies.
- Voice memos you record to log meals, and transcriptions of them.
- Photos and images of food or meals you submit, and the information derived from them.
- Food, meal, and nutrition entries you log, including items, quantities, calories, and macros.
- Profile and goal details you choose to provide, such as dietary preferences, daily targets, and other settings.
1.3 Health and fitness information
Much of the content above relates to your diet and body. Depending on where you live, this may be treated as "sensitive personal information" or a "special category of data." We process it only to provide the Service to you and for the purposes described in this Policy, and, where the law requires, only with your consent.
1.4 Waitlist information
If you join the waitlist on our website before launch, we collect the email address you submit and the platform you select (iOS or Android) so we can notify you when FitChat is available. To protect that form from automated abuse, we use Cloudflare Turnstile, which performs a privacy-preserving bot check.
1.5 Technical and usage information
When you use the Service, our servers and providers automatically receive standard technical information sent by your device or browser — such as IP address, device type, operating system version, app version, and timestamps — along with diagnostic and crash information and basic, privacy-respecting usage events. We use this to operate, secure, debug, and improve the Service.
2. How we use your information
- To provide and operate the Service — authenticating you, storing your data, generating calorie and macro estimates, and responding to your messages.
- To personalize the Service to your goals, preferences, and history.
- To maintain the security, reliability, and integrity of the Service and prevent fraud and abuse.
- To communicate with you about your account, support requests, waitlist status, and material changes to the Service.
- To analyze, debug, and improve the Service — including improving FitChat's own models and prompts, as described in Section 4.
- To comply with legal obligations and enforce our Terms.
We do not sell your personal information, and we do not use your data to serve third-party advertising.
3. How the chat and AI features work
When you send a message, voice memo, or photo, the contents — together with the context needed to produce a useful reply (such as recent conversation or summaries of your recent entries) — are sent to the AI and search providers listed in Section 5 for processing. Those providers return a result (for example, an estimated set of food items, calories, and macros), which we store as part of your logs. The Service may also search the public web to identify restaurant items and nutrition data.
The AI providers we use process your content under their API terms solely to return a response to us, and do not use it to train their own models.
4. Model training and Service improvement
We want FitChat to get better at understanding food the way people actually describe it. To do that:
- We may use your User Content to operate, debug, evaluate, and improve our own internal models, prompts, and features.
- We may create de-identified (anonymized) and aggregated data from your content — for example, a food description with account identifiers, contact details, and other direct identifiers removed or obscured — and use that de-identified data to train, fine-tune, and evaluate FitChat's own models and to improve the Service. Once data is de-identified, it is no longer linked to you, and we maintain it as de-identified.
- We will not use User Content that identifies you to train third-party generative AI models without your separate, informed consent.
This mirrors Sections 14 and 15 of our Terms of Use.
5. Service providers we share information with
To run FitChat, we share limited information with the service providers (sub-processors) below. They are contractually required to use your information only to provide services to us.
5.1 Supabase
Database and authentication. Your account credentials and the content you create (chat messages, logged meals, voice and photo data, preferences) are stored on Supabase infrastructure. See the Supabase Privacy Policy.
5.2 OpenAI
The primary in-app AI assistant is powered by OpenAI's API. Message contents and the context needed to generate a reply are transmitted to OpenAI for processing. Per OpenAI's API data policy, data submitted to the OpenAI API is not used to train OpenAI's models. See the OpenAI Privacy Policy.
5.3 Google (Gemini API)
Some specialized tasks (such as matching foods to units and portions) are handled by Google's Gemini models through Google's API. Relevant content is transmitted to Google for processing and is not used to train Google's models under the applicable paid API terms. See the Google Privacy Policy.
5.4 Exa
To look up restaurant menus, branded foods, and nutrition information on the public web, we use the Exa search API. Search queries derived from your request are sent to Exa. See the Exa Privacy Policy.
5.5 Resend
We use Resend to send transactional emails (such as waitlist confirmations and account notifications). Resend processes the recipient email address and message content needed to deliver the email.
5.6 Hosting and infrastructure
We use Amazon Web Services to run the FitChat backend and Cloudflare to host and protect the website. These providers process technical request metadata (such as IP addresses) on our behalf to deliver and secure the Service.
5.7 App Stores and payments
If you purchase a subscription, payment is handled by the Apple App Store or Google Play Store. We do not receive or store your full payment card details; the App Store shares limited transaction information with us to manage your subscription.
6. Legal disclosures and safety
We may disclose information when we believe in good faith that doing so is required by law, legal process, or a valid governmental request, or is reasonably necessary to protect the rights, property, or safety of FitChat, our users, or the public, or to detect, prevent, or address fraud, security, or technical issues.
7. Data retention
We retain your account information and the content you create for as long as your account is active. If you delete your account or request deletion, we will delete or de-identify your personal information within a reasonable period, except where we must retain it for legal, accounting, security, or backup purposes. De-identified and aggregated data, which no longer identifies you, may be retained and used as described in Section 4.
8. Your choices and rights
- Access and export. You may request a copy of the personal data we hold about you.
- Correction. You may correct or update your account and profile information in the app.
- Deletion. You may delete your account and associated data from in-app settings, or by emailing us at the address below.
- Additional rights. Depending on where you live, you may have further rights under laws such as the EU/UK GDPR or U.S. state privacy laws (including California, Colorado, Connecticut, Texas, Utah, Virginia, and others) — for example, to know, access, correct, delete, port, or restrict certain processing, and to opt out of targeted advertising, the "sale" of personal information, or certain profiling. We do not sell personal information or use it for targeted advertising.
To exercise any of these rights, contact us at matthew@fitchatapp.com. We will verify your request as required by law and will not discriminate against you for exercising your rights.
9. Children's privacy
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children under 13. Users aged 13–17 may use the Service only with the involvement of a parent or guardian, as described in our Terms. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to delete it.
10. International users and data transfers
FitChat is operated from the United States, and our providers may process information in the United States and other countries. If you access the Service from outside the United States, you understand that your information may be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for such transfers.
11. Security
We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and access controls. No method of electronic storage or transmission is 100% secure, however, and we cannot guarantee absolute security.
12. Cookies and similar technologies
Our website uses only essential storage needed to operate the site and to run the Cloudflare Turnstile bot check on the waitlist form. We do not use advertising or cross-site tracking cookies.
13. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email. Your continued use of the Service after a change takes effect means you accept the updated Policy.
14. Contact us
Ruby Trading LLC (d/b/a FitChat)
Email: matthew@fitchatapp.com