Back to Home

Privacy Policy

Last updated: February 15, 2026

1. Introduction

SERRATUS FIT SRL ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SERRATUS FIT mobile application ("App") and website at serratusfit.com ("Website"), collectively referred to as the "Services."

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Services.

2. Our Privacy Commitment

Our Core Privacy Principles

  • We prioritize anonymity and collect minimal personal information
  • We do not sell your personal data to third parties
  • We do not use your data for advertising purposes
  • We only share data with essential service providers as described in this policy
  • We configure analytics to minimize personal data collection

3. Information We Collect

3.1 Information from Authentication Providers

When you sign in to the App using Apple Sign-In or Google Sign-In, we receive certain information from these services:

Apple Sign-In

When you use Sign in with Apple, we may receive:

  • Your name (which you can edit before sharing)
  • Your email address (you may choose to hide your email and use Apple's private email relay service)
  • A unique user identifier

Apple provides a fraud prevention score to help verify you are a real person. This score is derived from your recent Apple account activity and abstracted device usage patterns. Neither we nor Apple receive specific information about how you use your device.

Google Sign-In

When you use Google Sign-In, we may receive:

  • Your name
  • Your email address
  • Your profile picture (if available)
  • A unique user identifier

We comply with Google's API Services User Data Policy. We do not transfer, sell, or use your Google user data for serving advertisements or for any purposes other than providing and improving our App.

3.2 Workout and Fitness Data

When you use the App, you may choose to input and store:

  • Workout logs (exercises, sets, reps, weights)
  • Workout schedules and plans
  • Fitness preferences and goals
  • Progress tracking data

3.3 Apple HealthKit Data (iOS)

If you choose to grant access, we may read the following data from the iOS Health app via Apple HealthKit:

  • Weight
  • Height
  • Step count

We may also write weight and height data from the App to Apple HealthKit, allowing you to keep your health data in sync across apps.

HealthKit Data Protection

  • HealthKit data is never used for marketing or advertising purposes
  • HealthKit data is never sold to or shared with third parties
  • HealthKit data is not used for data mining or use-based purposes beyond providing core App functionality
  • You are not required to share HealthKit data — the App functions without it
  • All HealthKit data is maintained in accordance with Apple's development guidelines

3.4 Android Health Connect Data

If you choose to grant access, we may read the following data from Android Health Connect:

  • Weight
  • Height
  • Step count

We may also write weight and height data from the App to Health Connect, allowing you to keep your health data in sync across apps.

Health Connect Data Protection

  • Health Connect data is never used for marketing or advertising purposes
  • Health Connect data is never sold to or shared with third parties
  • Our use of Health Connect data adheres to the Health Connect Permissions Policy, including the Limited Use requirements
  • You are not required to share Health Connect data — the App functions without it

3.5 Security and Authentication Data

To protect our Services and users, we collect certain technical information when you authenticate using Apple Sign-In or Google Sign-In:

Data Collected for Security

  • IP Address: Used for rate limiting authentication requests and detecting suspicious activity
  • User Agent: Used to identify the device and browser making authentication requests

This data is used solely for security purposes, including preventing abuse, rate limiting, and detecting fraudulent authentication attempts. We retain this security data for a limited period necessary for security analysis and then delete it.

3.6 Automatically Collected Information

We and our third-party service providers automatically collect certain information when you use the Services:

  • Device type and operating system version
  • App version (for App usage)
  • Browser type and version (for Website usage)
  • Session information (duration, screens/pages viewed)
  • Crash reports and error logs
  • General usage patterns (de-identified or aggregated where possible)

3.7 Cookies and Tracking Technologies

Our Website does not use cookies. Our Website analytics tool (Umami) is privacy-focused, operates without cookies, and does not track users across websites. The App uses cookies solely for authentication purposes — no cookies are used for advertising or cross-site tracking. Our App analytics tool (Vexo) is configured to collect product usage and technical event data needed to understand app performance and usage trends.

We do not use pixel tags, web beacons, or similar tracking technologies. We do not engage in interest-based or personalized advertising.

4. Third-Party Service Providers

We work with the following third-party service providers to operate and improve the App. We share data with these providers only as necessary for them to provide their services:

Convex (Backend Infrastructure)

We use Convex as our backend database and server infrastructure. Convex stores your account information and workout data.

  • Our current Convex deployment stores data in the United States (AWS us-east-1)
  • Data is encrypted in transit and at rest
  • Database state is replicated across multiple availability zones
  • Convex publishes security and data protection documentation, including GDPR-related terms

RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat acts as a data processor on our behalf.

  • We send RevenueCat the data required for subscription and entitlement management
  • RevenueCat processes purchase history and subscription status to operate billing features
  • RevenueCat may process identifiers, transaction metadata, and technical data needed to operate and secure its service
  • RevenueCat processes customer data in the United States by default
  • RevenueCat offers an EU data residency option for eligible accounts
  • RevenueCat publishes GDPR/CCPA information and contractual transfer safeguards, including SCCs

For more information, see RevenueCat's Privacy Policy at revenuecat.com/privacy and Data Processing Addendum at revenuecat.com/dpa

Vexo Analytics (Mobile App Analytics)

We use Vexo Analytics in our mobile App to understand how users interact with the App and to improve the user experience. Vexo is used exclusively for our mobile application, not for the Website.

  • Vexo tracks: active users, session duration, new downloads, screen views, app version adoption, and custom events
  • Vexo stores analytics data on servers in the United States and uses infrastructure providers based in the United States
  • Vexo may process technical metadata needed to maintain analytics reliability and security
  • Events are cached locally when offline and synced when connection is restored

For more information, see Vexo's Privacy Policy at vexo.co/privacy

Umami (Website Analytics)

We use Umami to understand how visitors interact with our Website (serratusfit.com) and to improve the user experience. Umami is a privacy-focused analytics tool used exclusively for our Website, not for the mobile App.

  • Umami does not use cookies or track users across websites
  • Data collected includes: page views, referrer sources, browser type, operating system, device type, and country (derived from anonymized IP processing)
  • Umami Cloud stores Website analytics data in Germany
  • Umami may transfer data outside the EU when necessary for operations and support
  • Umami publishes GDPR, CCPA, and PECR-related privacy documentation

For more information, see Umami's Privacy Policy at umami.is/privacy

Data Storage Locations

Because our Services are available internationally, we disclose where our providers store or process your information:

  • Convex: Account and workout data is stored in the United States (AWS us-east-1) for our current deployment.
  • RevenueCat: Subscription and purchase data is processed in the United States by default; RevenueCat also offers an EU data residency option for eligible accounts.
  • Vexo: Mobile analytics data is stored on servers in the United States.
  • Umami Cloud: Website analytics data is stored in Germany, with possible onward transfers outside the EU where needed for operations and support.

If we change provider regions, we will update this policy's "Last updated" date.

5. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services and their features
  • Create and manage your account
  • Process and manage your subscriptions
  • Store and sync your workout data across devices
  • Use HealthKit and Health Connect data (if you grant access) to display your health metrics within the App — this data is never used for marketing or shared with third parties
  • Analyze usage patterns to improve user experience
  • Protect the security of our Services through rate limiting and fraud prevention
  • Detect, prevent, and address technical issues
  • Respond to your requests and communications
  • Comply with legal obligations

6. Data Sharing and Disclosure

We Do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising or marketing purposes
  • Share your data with data brokers or information resellers
  • Transfer your data for credit-worthiness or lending purposes

We may share your information only in the following circumstances:

  • Service Providers: With the third-party service providers described above (Convex, RevenueCat, Vexo for the App, Umami for the Website) who need access to perform services on our behalf
  • Platform Providers (Apple and Google): With Apple and Google for authentication, app-store billing, subscription lifecycle events, and related account operations
  • Apple App Store Refund Handling: We may share usage and entitlement data with Apple when necessary to review or resolve App Store refund requests
  • Legal Requirements: When required by law, court order, or governmental regulation
  • Protection of Rights: To protect our rights, privacy, safety, or property, and/or that of our users or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified of any change in ownership or uses of your information

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of data at rest using AES-256
  • Secure authentication through Apple and Google
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. Security-related data (such as IP addresses and user agents collected during authentication) is retained for a limited period necessary for security analysis. If you delete your account, we delete personal information from active systems promptly, and residual data in backups or logs is retained only for limited periods where required for security, fraud prevention, legal compliance, or disaster recovery. We may also retain and use your information as necessary to:

  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

If you request deletion of your account, we will delete your personal information within a reasonable timeframe, except where we are required to retain it by law.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your personal information

To exercise any of these rights, please contact us at privacy@serratusfit.com. You can also delete your account directly within the App. Account deletion removes personal information from active systems promptly, with any limited residual retention handled as described in Section 8.

10. Children's Privacy

The Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take necessary action.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. For our current services, this includes:

  • United States: Convex (current deployment), RevenueCat (default data residency), and Vexo
  • Germany: Umami Cloud for Website analytics

Where cross-border transfers occur, we rely on appropriate safeguards under applicable law, including standard contractual clauses (SCCs) and equivalent transfer mechanisms provided by our processors. RevenueCat also publishes information about its GDPR program and participation in the EU-U.S. Data Privacy Framework for relevant transfers.

12. App Store Privacy Disclosures

In accordance with Apple App Store and Google Play Store requirements, we disclose the following:

Data Collected

  • Contact Info: Email address (via Sign in with Apple/Google)
  • Identifiers: User ID
  • Purchase History: In-app purchases and subscriptions
  • Usage Data: App interactions and analytics
  • Health: Weight, height, and step count (via Apple HealthKit or Android Health Connect, if you grant access)
  • Diagnostics: IP address and user agent (for security and rate limiting)

Data Usage

  • App Functionality: To provide core features
  • Analytics: To understand app usage and improve experience
  • Security: To protect against fraud and abuse through rate limiting

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Third-party provider terms and infrastructure can change over time, and we periodically review this policy to keep disclosures accurate.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

SERRATUS FIT SRL

Email: privacy@serratusfit.com