Last updated: June 2026
CommitFit (“we”, “us”, “our”) is the data controller for the personal information you provide when using this service. If you have any questions about this policy or how we handle your data, please contact us at privacy@commitfit.app.
We collect the minimum information necessary to provide the CommitFit service:
| Data | Why we collect it | Legal basis | Required? |
|---|---|---|---|
| First and last name | To identify your account and personalise the experience | Contract | Yes |
| Email address | Account login and service communications | Contract | Yes |
| Password (stored as a one-way hash) | Secure account authentication | Contract | Yes |
| Username | Your public display name on leaderboards and the community | Contract | Yes |
| Date of birth | To calculate age-adjusted fitness metrics in your AI plan | Consent | No |
| Weight and height | To calculate BMI, personalise points and track body composition over time | Consent | No |
| Workout activity logs | Core app function: points, leaderboards, badges and training insights | Contract | Yes (to use the app) |
| Profile photo and biography | To personalise your public profile | Consent | No |
| Third-party integration keys (Hevy API key, Strava URL, etc.) | To import workouts from external platforms | Consent | No |
We do not sell your personal data to third parties. We do not use your data for advertising.
Height, weight, and date of birth are entirely optional. If you choose to provide them, this data is classified as health-related information under UK GDPR and is processed only on the basis of your explicit consent. You can remove it at any time from your User Details page.
CommitFit uses a single session cookie to keep you logged in. This cookie is strictly necessary for the service to work and does not track you across other websites. We do not use advertising or analytics cookies.
Note: we load fonts from Google Fonts. Google may set their own cookies; please refer to Google’s Privacy Policy for details.
We keep your personal data for as long as your account is active. If you delete your account, all personal data associated with it is permanently deleted immediately. Forum posts and threads you have authored will be anonymised (the content is kept but your identity is removed) so that community discussions remain coherent.
Under UK GDPR you have the following rights, all of which you can exercise directly within the app:
If you believe your data rights have not been respected, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Passwords are never stored in plain text. We use bcrypt with a high cost factor so that even in the unlikely event of a data breach, passwords cannot be recovered. All data is stored in a private database accessible only to the application server.
If we make material changes to this policy, we will notify you by displaying a notice within the app. The “last updated” date at the top of this page reflects the most recent revision.
For any privacy-related questions or to exercise your rights manually, please contact us at privacy@commitfit.app.