Back to Home

Privacy Policy

Last updated: December 20, 2025

1. Introduction

SERRATUS FIT SRL ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SERRATUS FIT mobile application ("App") and website at serratusfit.com ("Website"), collectively referred to as the "Services."

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Services.

2. Our Privacy Commitment

Our Core Privacy Principles

  • We prioritize anonymity and collect minimal personal information
  • We do not sell your personal data to third parties
  • We do not use your data for advertising purposes
  • We only share data with essential service providers as described in this policy
  • Analytics data collected by our partners is anonymous

3. Information We Collect

3.1 Information from Authentication Providers

When you sign in to the App using Apple Sign-In or Google Sign-In, we receive certain information from these services:

Apple Sign-In

When you use Sign in with Apple, we may receive:

  • Your name (which you can edit before sharing)
  • Your email address (you may choose to hide your email and use Apple's private email relay service)
  • A unique user identifier

Apple provides a fraud prevention score to help verify you are a real person. This score is derived from your recent Apple account activity and abstracted device usage patterns. Neither we nor Apple receive specific information about how you use your device.

Google Sign-In

When you use Google Sign-In, we may receive:

  • Your name
  • Your email address
  • Your profile picture (if available)
  • A unique user identifier

We comply with Google's API Services User Data Policy. We do not transfer, sell, or use your Google user data for serving advertisements or for any purposes other than providing and improving our App.

3.2 Workout and Fitness Data

When you use the App, you may choose to input and store:

  • Workout logs (exercises, sets, reps, weights)
  • Workout schedules and plans
  • Fitness preferences and goals
  • Progress tracking data

3.3 Security and Authentication Data

To protect our Services and users, we collect certain technical information when you authenticate using Apple Sign-In or Google Sign-In:

Data Collected for Security

  • IP Address: Used for rate limiting authentication requests and detecting suspicious activity
  • User Agent: Used to identify the device and browser making authentication requests

This data is used solely for security purposes, including preventing abuse, rate limiting, and detecting fraudulent authentication attempts. We retain this security data for a limited period necessary for security analysis and then delete it.

3.4 Automatically Collected Information

We and our third-party service providers automatically collect certain information when you use the Services:

  • Device type and operating system version
  • App version (for App usage)
  • Browser type and version (for Website usage)
  • Session information (duration, screens/pages viewed)
  • Crash reports and error logs
  • General usage patterns (anonymized)

4. Third-Party Service Providers

We work with the following third-party service providers to operate and improve the App. We share data with these providers only as necessary for them to provide their services:

Convex (Backend Infrastructure)

We use Convex as our backend database and server infrastructure. Convex stores your account information and workout data.

  • All data is encrypted at rest using 256-bit AES encryption
  • All data in transit is encrypted using TLS
  • Convex is hosted on AWS and complies with GDPR, SOC 2 Type II, and other security standards
  • Database state is replicated across multiple availability zones

RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat acts as a data processor on our behalf.

  • RevenueCat collects your purchase history (this is required for subscription management)
  • By default, RevenueCat does not collect personally identifiable information (PII) such as emails, names, or IP addresses
  • RevenueCat does not use cookies
  • All data in transit and at rest is protected using industry-standard encryption
  • RevenueCat complies with GDPR, CCPA/CPRA, and Brazilian LGPD

For more information, see RevenueCat's Privacy Policy at revenuecat.com/privacy

Vexo Analytics (Mobile App Analytics)

We use Vexo Analytics in our mobile App to understand how users interact with the App and to improve the user experience. Analytics data collected by Vexo is anonymous. Vexo is used exclusively for our mobile application, not for the Website.

  • Vexo tracks: active users, session duration, new downloads, screen views, app version adoption, and custom events
  • All analytics data is stored on secure servers in the United States using industry-standard encryption
  • The service does not address anyone under the age of 13
  • Events are cached locally when offline and synced when connection is restored

For more information, see Vexo's Privacy Policy at vexo.co/privacy

Umami (Website Analytics)

We use Umami to understand how visitors interact with our Website (serratusfit.com) and to improve the user experience. Umami is a privacy-focused analytics tool that collects anonymous information. Umami is used exclusively for our Website, not for the mobile App.

  • Umami does not collect any personally identifiable information
  • Umami does not use cookies or track users across websites
  • Data collected includes: page views, referrer sources, browser type, operating system, device type, and country (derived from anonymized IP addresses)
  • All data is aggregated and cannot be used to identify individual users
  • Umami is GDPR, CCPA, and PECR compliant

For more information, see Umami's Privacy Policy at umami.is/privacy

5. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services and their features
  • Create and manage your account
  • Process and manage your subscriptions
  • Store and sync your workout data across devices
  • Analyze usage patterns to improve user experience
  • Protect the security of our Services through rate limiting and fraud prevention
  • Detect, prevent, and address technical issues
  • Respond to your requests and communications
  • Comply with legal obligations

6. Data Sharing and Disclosure

We Do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising or marketing purposes
  • Share your data with data brokers or information resellers
  • Transfer your data for credit-worthiness or lending purposes

We may share your information only in the following circumstances:

  • Service Providers: With the third-party service providers described above (Convex, RevenueCat, Vexo for the App, Umami for the Website) who need access to perform services on our behalf
  • Legal Requirements: When required by law, court order, or governmental regulation
  • Protection of Rights: To protect our rights, privacy, safety, or property, and/or that of our users or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified of any change in ownership or uses of your information

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of data at rest using AES-256
  • Secure authentication through Apple and Google
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. Security-related data (such as IP addresses and user agents collected during authentication) is retained for a limited period necessary for security analysis. We may also retain and use your information as necessary to:

  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

If you request deletion of your account, we will delete your personal information within a reasonable timeframe, except where we are required to retain it by law.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your personal information

To exercise any of these rights, please contact us using the information provided at the end of this policy.

10. Children's Privacy

The Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take necessary action.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information, we ensure that appropriate safeguards are in place to protect your information and comply with applicable data protection laws, including standard contractual clauses approved by relevant authorities.

12. App Store Privacy Disclosures

In accordance with Apple App Store and Google Play Store requirements, we disclose the following:

Data Collected

  • Contact Info: Email address (via Sign in with Apple/Google)
  • Identifiers: User ID
  • Purchase History: In-app purchases and subscriptions
  • Usage Data: App interactions and analytics
  • Fitness: Workout and exercise data
  • Diagnostics: IP address and user agent (for security and rate limiting)

Data Usage

  • App Functionality: To provide core features
  • Analytics: To understand app usage and improve experience
  • Security: To protect against fraud and abuse through rate limiting

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

SERRATUS FIT SRL

Email: privacy@serratusfit.com