Privacy Policy

This Privacy Policy describes how narmiAI FZ-LLC ("we," "us," or "our"), the operator of the SWEATX fitness coaching platform, collects, uses, discloses, and safeguards your information when you use our fitness coaching platform (the "Service"). By using SWEATX, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

We collect the following personal information that you provide directly:

• Account Information: Email address, password, first name, last name, role (coach or athlete)
• Health Data Consent: Explicit consent required for processing health data (GDPR Article 9)
• Profile Information: Age, height, weight, injury history, timezone
• Fitness Data: Workout completion history, exercise performance metrics, pain reports (1-5 scale), RPE feedback (1-10 scale)
• Payment Information: Subscription plan, billing address (processed by Stripe — we do not store full payment card details)
• Communication Preferences: Notification settings, push notification tokens
• Device Information: Mobile device identifiers for push notifications

1.2 Third-Party Integration Data

• WHOOP Fitness Data: If you choose to connect your WHOOP account, we collect recovery scores, sleep data, and integration status through WHOOP's API. This integration is optional and requires your explicit consent.
• Usage Analytics: Website and app usage data through Google Analytics and Vercel Analytics

1.3 Automatically Collected Information

• Log Data: IP addresses, browser types, pages visited, time and date of visits
• Device Information: Device type, operating system, unique device identifiers
• Cookies and Tracking Technologies: See Section 9 for details

2. Consent Management

2.1 Health Data Consent (GDPR Article 9)

Processing of health data (pain reports, workout metrics, injury history, WHOOP data) requires your explicit consent. Without consent, we cannot process your fitness data.

2.2 Cookie Consent

We obtain consent before using non-essential cookies, including Google Analytics. You can customize your cookie preferences at any time.

2.3 Consent Withdrawal

You may withdraw consent for health data processing or marketing communications at any time through your account settings or by contacting us.

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Provide personalized fitness coaching services
• Schedule and track workouts
• Display workout history and progress
• Send push notifications about workouts and updates

3.2 Communication

• Send welcome emails, password reset emails, and service notifications
• Respond to customer support inquiries
• Send marketing communications (with your consent)

3.3 Analytics and Improvement

• Analyze usage patterns to improve our service
• Monitor platform performance and security
• Conduct research and development

3.4 Legal Compliance

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers:

• MongoDB Atlas: Database hosting and storage
• Resend: Email delivery service
• Firebase Storage: Video and file storage
• Expo: Mobile app notifications and updates
• Vercel: Web hosting and analytics
• Stripe: Payment processing and subscription management

4.2 Third-Party Integrations

• WHOOP: If you connect your WHOOP account, fitness data is shared with WHOOP's API for integration purposes. You maintain control over this connection and can disconnect it at any time.
• Google Analytics: Usage data is shared with Google for analytics

4.3 Legal Requirements

We may disclose your information if required by law or to protect our rights, prevent fraud, or ensure user safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Passwords are hashed using bcrypt; data transmission uses HTTPS
• Access Controls: Role-based access control limits data access
• Secure Authentication: JWT tokens with HTTP-only cookies
• Regular Security Audits: Ongoing monitoring and updates
• Data Minimization: We collect only necessary information

Despite these measures, no method of transmission over the internet is 100% secure.

6. Data Retention

We retain your personal information for as long as necessary to provide our services:

6.1 Account Data

• Active accounts: Retained while account is active
• Deleted accounts: Retained for 3 years after deletion for legal compliance
• Inactive accounts: Retained for 2 years after last activity
• Payment records: Retained for 7 years (financial regulations)

6.2 Health and Fitness Data

• Workout history, pain reports, RPE feedback: Retained for 7 years
• WHOOP data: Retained for 7 years. Deleted within 30 days of disconnection.

6.3 Automatic Deletion

We implement automatic deletion processes for expired data. You may request immediate deletion at any time (see Section 8).

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• EU-US Data Transfers: Comply with EU Standard Contractual Clauses
• Data Processing Agreements: All service providers have appropriate data protection agreements

8. Your Rights

Depending on your location, you have certain rights regarding your personal information:

8.1 General Rights

• Access: Request a copy of your personal information
• Rectification: Correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable format
• Objection: Object to processing based on legitimate interests

8.2 GDPR Rights (European Users)

• Withdraw Consent: Withdraw consent for processing where applicable
• Restriction: Request restriction of processing
• Automated Decision Making: Information about automated decisions

8.3 CCPA Rights (California Users)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information
• Non-Discrimination: No penalties for exercising rights

8.4 Exercising Your Rights

To exercise these rights, contact us at help@sweatx.app or info@narmiai.com, or visit our Privacy Rights page.

9. Cookies and Tracking Technologies

9.1 Cookies We Use

• Essential Cookies: Authentication and security (auth-token)
• Analytics Cookies: Google Analytics (_ga, _gid)
• Functional Cookies: User preferences and settings

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect service functionality.

10. Children's Privacy

SWEATX is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you by posting the new policy on our website, sending an email notification, or displaying an in-app notification.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Company: narmiAI FZ-LLC (Freezone Company, UAE)
• Support Email: help@sweatx.app
• General Inquiries: info@narmiai.com
• Address: narmiAI FZ-LLC, Ras Al Khaimah, United Arab Emirates
• Response Time: We aim to respond within 30 days

13. Complaints

If you believe we have not handled your personal information adequately, you have the right to lodge a complaint with your local data protection authority.