Privacy Policy

Last updated: April 23, 2026

This policy explains how Fitleo collects, uses and protects your personal data when you use our website and mobile application. We take your privacy seriously and comply with the General Data Protection Regulation (GDPR).

1. Who we are

Fitleo is operated personally by Alexandre Henrotte, a natural person residing at 6730 Tintigny, Belgium. No commercial entity is registered at this stage: the service is provided privately during the launch phase. Contact: fitleo.app@gmail.com.

2. Data we collect

We only collect data necessary to run the coach:

• Identity: name, email, optional profile picture, identifier from your login provider (Apple, Google).
• Fitness profile: goal, level, training days, session duration, equipment, locations, weight, height, date of birth, gender.
• Workout activity: sessions completed, exercises, sets, reps, loads, personal records, body measurements.
• Conversations with Leo: messages exchanged with Leo and facts memorised to personalise its responses.
• Technical: timezone, language, Expo push token, subscription identifier, anonymised technical logs.

3. Purposes and legal basis

• Contract performance (art. 6.1.b GDPR): deliver the service, generate your program, personalise coaching.
• Legitimate interest (art. 6.1.f): security, abuse prevention, product improvement.
• Legal obligation (art. 6.1.c): billing, fraud prevention.
• Consent (art. 6.1.a): push notifications, marketing communications (revocable at any time).

4. Sub-processors

We share some data with providers who help us run the service:

• Supabase (database hosting, authentication) — EU (Ireland).
• Google / Gemini API (engine powering Leo) — transfers covered by Standard Contractual Clauses.
• Mem0 (long-term coach memory) — SCCs.
• Vercel (web hosting) — SCCs.
• Expo (mobile push notifications).
• RevenueCat (subscription management).
• Loops (transactional email delivery).

None of these processors resell your data. We sign a GDPR-compliant data processing agreement with each of them.

5. Retention

• Active account: as long as you use Fitleo.
• Deleted account: full erasure within 30 days (except legal accounting retention).
• Technical logs: 90 days maximum.

6. Your rights

Under GDPR you have the following rights:

• Access: know what data we hold about you.
• Rectification: correct inaccurate data.
• Erasure: request complete deletion of your account (directly from the app, Account section).
• Portability: receive your data in a structured format.
• Object: refuse certain processing (notably marketing).
• Restriction: freeze processing in certain cases.
• Withdraw consent at any time.

To exercise these rights, write to fitleo.app@gmail.com. We reply within 30 days. You may also lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

7. Security

Your data is encrypted in transit (HTTPS/TLS) and at rest (database encryption). Internal access is limited to staff who need it. No system is perfect: in case of a breach, we will notify you as required by GDPR.

8. Cookies

The Fitleo website only uses a functional cookie fl_lang to remember your language preference. No advertising cookies, no third-party trackers. The mobile app does not use cookies.

9. Transfers outside the EU

Some processors (Gemini, Mem0, RevenueCat, Expo) are based in the United States. Transfers are governed by Standard Contractual Clauses issued by the European Commission, complemented where needed by supplementary technical safeguards.

10. Minors

Fitleo is restricted to users aged 9 or older. If you believe a minor under 9 has created an account, contact us and we will delete it.

11. Changes

We may update this policy to reflect legal or product changes. For substantial changes we will notify you by email or in-app at least 30 days in advance.

12. Contact

Questions about your data? fitleo.app@gmail.com

← Back to home