Privacy Policy

OwnFit ("we", "us", "our") is the data controller for personal data processed through this platform. For privacy inquiries, contact us at info@davm.it.

Account data: name, email address, password, and professional role (trainer, nutritionist, physiotherapist, gym owner, or athlete) when you create an account.

Professional data (trainers, nutritionists, physiotherapists, gym owners): business profile information, client rosters, programs and templates you create, scheduling data, and payment tracking information.

Athlete data: workout programs assigned to you, progress measurements, body composition data, physique photos, and event attendance records.

Health and fitness data: exercise logs, nutritional plans, physiotherapy assessments, and any health-related notes shared between professionals and their clients. This data is treated as sensitive data under GDPR Article 9.

Communication data: messages, notifications, and files exchanged between professionals and athletes within the platform.

Usage data: device type, browser, IP address, pages visited, and app interaction patterns, collected automatically for analytics and security.

We process your data based on: (a) your explicit consent, particularly for health and fitness data (GDPR Article 9(2)(a)), (b) performance of the contract when you use our services (Article 6(1)(b)), (c) our legitimate interests in improving and securing the platform (Article 6(1)(f)), and (d) legal obligations we must comply with (Article 6(1)(c)).

For AI-powered features that transmit data to third-party providers, we require separate explicit consent (GDPR Article 9(2)(a)) before any data is sent. You can grant or revoke this consent independently of your health data consent.

You may withdraw any consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To provide and maintain the OwnFit platform for all user roles: enabling trainers, nutritionists, physiotherapists, and gym owners to manage their clients, create programs, schedule sessions, and track progress.

To facilitate the professional-athlete relationship, including program delivery, progress tracking, in-app messaging, and event management.

To send service-related emails (account verification, password resets, session reminders, and notifications you opted into).

To improve our services through aggregated, anonymized usage analytics.

We never sell your personal data to third parties.

OwnFit offers optional AI-powered features to assist trainers, including training plan review, exercise progression analysis, workout feedback drafting, chat reply suggestions, and exercise autofill. These features are powered by Google Gemini (provided by Google LLC).

When you use AI features, the following data may be sent to Google for processing: exercise performance data, workout session feedback, training plan structures, body composition measurements (weight, body fat percentage, muscle mass, body measurements), athlete comments, and chat message history.

AI features require separate explicit consent before any data is transmitted. You can enable or disable AI data processing at any time through your GDPR consent settings. If you do not grant AI consent, all other platform features continue to work normally.

AI-generated responses are not stored by OwnFit. Only token usage metrics are recorded for billing purposes. Google processes data according to their AI data processing terms and does not use your data to train their models.

Trainers can customize AI behavior (tone, language, verbosity) through personality settings. These customizations are included in AI requests but contain no personal data beyond your preferences.

We use the following sub-processors to operate the platform, all bound by data processing agreements compliant with GDPR Article 28:

Cloud hosting: Railway (EU-based servers) — hosts the platform infrastructure and database.

AI processing: Google Gemini (Google LLC, USA) — powers optional AI features. Data is transmitted only when AI consent is granted. Google operates under EU-US Data Privacy Framework adequacy decision.

Email delivery: Resend (USA) — sends transactional emails (verification, notifications, reminders).

File storage: S3-compatible storage (EU-based) — stores uploaded files, images, and documents.

Payment processing: Polar / Stripe — processes subscription payments. We do not store credit card details.

Professionals (trainers, nutritionists, physiotherapists, gym owners) can access data of athletes who have accepted their invitation. This includes assigned programs, progress data, measurements, and messages. Each professional can only see data relevant to their relationship with the athlete.

Athletes control all professional relationships and can revoke access at any time. Revoking access immediately removes the professional's ability to view athlete data.

Gym owners may have visibility into scheduling and attendance data for athletes linked to their facility, but not private health data shared with individual professionals.

All data is stored on servers located in the European Union. We use encryption in transit (TLS) and at rest. Access to production data is restricted to authorized personnel only.

Where data is transferred to sub-processors outside the EU (Google, Resend, Stripe), transfers are protected by EU-US Data Privacy Framework adequacy decisions or Standard Contractual Clauses (SCCs).

You have the right to: access your data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability, and object to processing.

To exercise any of these rights, visit our Privacy Center at privacy.ownfit.com or contact us at info@davm.it. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (in Italy: Garante per la protezione dei dati personali).

We retain your data for as long as your account is active. After account deletion, we remove personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance).

AI processing data is not stored by OwnFit or Google beyond the duration of the request.

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice.