Privacy Policy
TechnicallyFit Dynamics Inc. ("TechnicallyFit," "we," "us," "our") operates the TechnicallyFit website, web application, and mobile application (the "Services"). This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. Read it together with our Consumer Health Data Privacy Policy, which governs consumer health data (including under the Washington My Health My Data Act). Where they conflict on consumer health data, the Consumer Health Data Privacy Policy controls.
Information we collect
We collect account and identity data (name, email, role, profile), subscription and billing data, fitness and training data, health-adjacent / consumer health data (self-reported pain, soreness, readiness, recovery, bodyweight, and wearable-derived metrics), communications, and usage/device data. Some data is derived (for example, readiness and progress signals). The Services are not directed to children under 13.
How we use information
To provide, operate, secure, and improve the Services; to generate training programs and progress tracking (a deterministic engine; AI is used only as an interpretation/explanation layer); to process subscriptions; to enable coach–teammate and organization relationships you opt into; to communicate with you; for support; for fraud and security; and to comply with law. We do not sell personal information for money.
How we share information
With service providers / subprocessors under contract; with your coach and/or organization where you have that relationship; with our payment processor (Stripe); with authorities when legally required; and in a business transaction.
Subprocessors
The following subprocessors process personal information on our behalf. The engineering-truth list (with the data categories each receives and our DPA/BAA status) lives at docs/compliance/subprocessors.md in our public source repository, and is reconciled quarterly against the runtime configuration in apps/api/app/config.py.
-
Clerk — authentication and identity.
-
Stripe — payments, subscriptions, and billing.
-
Stream (GetStream) — in-app chat and messaging.
-
Resend — transactional and newsletter email.
-
PostHog — product analytics (configured to exclude consumer health data from event payloads).
-
Sentry — error and performance monitoring (configured to exclude consumer health data from event payloads).
-
Terra — wearable data aggregator for connected devices.
-
Expo / EAS — mobile push notifications and build delivery.
-
DigitalOcean — hosting (App Platform), managed Postgres database, object storage (Spaces), and container registry.
-
Cloudflare Stream — signed playback for exercise demo videos (no user data).
-
Doppler — secrets management (no user data).
-
Anthropic / OpenRouter — AI providers used solely as an interpretation/explanation layer; configured for zero-retention where supported.
-
Convex — legacy social-feed seam currently being decommissioned; any residual data is removed as the migration to managed Postgres completes.
-
features.vote — optional "I'm interested" demand-signal capture for beta features.
-
Supabase — not in use. We do not send your personal information to Supabase.
Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, port, and restrict processing, and to opt out of certain processing. Use in-app account export/deletion where available, or contact us. Consumer-health-data rights (including withdrawing consent) are described in the Consumer Health Data Privacy Policy. See our Data Deletion and Support page for the public, sign-in-free channels for these requests.
Retention, security, transfers
We retain personal information as long as needed to provide the Services and for lawful purposes. The full retention schedule (per data class, including backups and consumer health data) is maintained in our internal Notion control register and reviewed quarterly. We use encryption in transit, access controls, secret management, and monitoring. We are based in the United States.
Automated processing and AI
Core training and readiness outputs are produced by a deterministic engine. AI models are used only as an interpretation/explanation layer over engine outputs; they do not make legally or similarly significant automated decisions about you.
Contact
Questions about this policy can be directed to our privacy contact. See the Data Deletion and Support page for the public privacy and support channel.