CommitFit

Privacy Policy

Last updated: June 2026

1. Who we are

CommitFit (“we”, “us”, “our”) is the data controller for the personal information you provide when using this service. If you have any questions about this policy or how we handle your data, please contact us at privacy@commitfit.app.

2. What data we collect and why

We collect the minimum information necessary to provide the CommitFit service:

Data Why we collect it Legal basis Required?
First and last name To identify your account and personalise the experience Contract Yes
Email address Account login and service communications Contract Yes
Password (stored as a one-way hash) Secure account authentication Contract Yes
Username Your public display name on leaderboards and the community Contract Yes
Date of birth To calculate age-adjusted fitness metrics in your AI plan Consent No
Weight and height To calculate BMI, personalise points and track body composition over time Consent No
Workout activity logs Core app function: points, leaderboards, badges and training insights Contract Yes (to use the app)
Profile photo and biography To personalise your public profile Consent No
Third-party integration keys (Hevy API key, Strava URL, etc.) To import workouts from external platforms Consent No

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Optional health data

Height, weight, and date of birth are entirely optional. If you choose to provide them, this data is classified as health-related information under UK GDPR and is processed only on the basis of your explicit consent. You can remove it at any time from your User Details page.

4. Cookies

CommitFit uses a single session cookie to keep you logged in. This cookie is strictly necessary for the service to work and does not track you across other websites. We do not use advertising or analytics cookies.

Note: we load fonts from Google Fonts. Google may set their own cookies; please refer to Google’s Privacy Policy for details.

5. How long we keep your data

We keep your personal data for as long as your account is active. If you delete your account, all personal data associated with it is permanently deleted immediately. Forum posts and threads you have authored will be anonymised (the content is kept but your identity is removed) so that community discussions remain coherent.

6. Your rights

Under UK GDPR you have the following rights, all of which you can exercise directly within the app:

  • Right of access – download a copy of all data we hold about you from your User Details page.
  • Right to rectification – update your name, email, or any other details at any time from your User Details page.
  • Right to erasure – delete your account and all associated data permanently from your User Details page.
  • Right to data portability – export your data as a machine-readable JSON file from your User Details page.
  • Right to withdraw consent – you can remove optional data (height, weight, date of birth) at any time.

If you believe your data rights have not been respected, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

7. Data security

Passwords are never stored in plain text. We use bcrypt with a high cost factor so that even in the unlikely event of a data breach, passwords cannot be recovered. All data is stored in a private database accessible only to the application server.

8. Changes to this policy

If we make material changes to this policy, we will notify you by displaying a notice within the app. The “last updated” date at the top of this page reflects the most recent revision.

9. Contact us

For any privacy-related questions or to exercise your rights manually, please contact us at privacy@commitfit.app.

Privacy Policy