Privacy Policy
Last Updated: February 23, 2026
Introduction
Evos.Fit ("Evos," "we," "our," or "us") operates the Evos meal planning platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Identity Information: First name, last name, email address, phone number (optional)
- Credentials: Password (stored in hashed form, never as plain text)
- Profile Data: Avatar, bio, specializations, certifications, experience level
- Preferences: Contact preferences, notification settings
1.2 Client Health and Fitness Data
If you are a client or trainer managing client data, we may collect:
- Body Metrics: Height, weight, body fat percentage, muscle mass, body measurements
- Health Information: Allergies, current medications, medical conditions, doctor clearance status
- Dietary Preferences: Dietary restrictions, food allergies, foods to avoid, preferred cuisines, meal complexity preferences, grocery budget
- Fitness Goals: Target weight, target body fat percentage, activity level, fitness goals
- Progress Data: Progress photos, weight history, vitals
1.3 Meal Plan and Recipe Data
- Generated meal plans and schedules
- Recipe ingredients, instructions, and nutritional information
- Shopping lists
- Meal preferences and customization requests
1.4 Payment Information
- Billing name and address
- Payment method tokens (we do not store full credit card numbers)
- Subscription status and billing history
1.5 Technical and Usage Data
- Device Information: IP address, browser type, device type, operating system
- Usage Data: Pages visited, features used, meal plans generated, login timestamps
- Log Data: Error logs, performance data, API usage
1.6 Communications
- Email correspondence with our team
- Support requests and feedback
2. How We Use Your Information
2.1 Provide and Improve the Service
- Generate personalized AI-powered meal plans based on your dietary preferences and goals
- Calculate nutritional requirements and macronutrient targets
- Create customized shopping lists
- Track progress toward health and fitness goals
2.2 Account Management
- Create and manage your account
- Authenticate your identity and secure your account
- Process payments and manage subscriptions
2.3 Communications
- Send transactional emails (account verification, password resets, meal plan notifications)
- Provide customer support
- Send service updates and announcements (with your consent)
2.4 Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Maintain audit logs for compliance and security purposes
- Enforce our Terms of Service
2.5 Analytics and Improvement
- Analyze usage patterns to improve our Service
- Develop new features and functionality
- Conduct research and analysis
3. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
3.1 Service Providers
We use trusted third-party services to operate our platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment tokens, billing address |
| SendGrid | Email delivery | Email address, name, message content |
| OpenAI / Anthropic / Google Gemini | AI meal plan generation | Dietary preferences, nutritional goals, meal preferences (no identifying information) |
| Google Cloud Platform | Infrastructure hosting | All data (encrypted at rest and in transit) |
| Firebase | Frontend hosting | Technical data, usage analytics |
3.2 Within Your Organization
- Trainers can access data for clients they manage
- Gym Administrators can access organization-level data and reports
- Clients can view meal plans shared with them by their trainers
3.3 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect our rights, privacy, safety, or property.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
3.5 Aggregated, De-identified Data
We may create, use, and share aggregated, de-identified data that cannot reasonably be used to identify any individual. This includes:
- Industry trends and benchmarks
- Statistical insights about platform usage patterns
- Anonymized research data for health and fitness studies
This aggregated data contains no personal identifiers and cannot be traced back to any specific user. We may share or sell such anonymized insights for marketing, research, or industry analysis purposes.
4. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Deleted upon account deletion |
| Client health data | Duration of account |
| Meal plans and recipes | Duration of account |
| Payment records | 7 years (legal/tax requirements) |
| Audit and security logs | 90 days |
| Email delivery logs | 30 days |
| MFA verification codes | 10 minutes |
| Trusted device tokens | 30 days |
When you delete your account, we initiate a soft deletion process. Your data is marked as deleted and excluded from active use but may be retained in backups for a limited period.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: Data encrypted in transit (TLS/HTTPS) and at rest
- Password Security: Passwords hashed using bcrypt with secure salt rounds
- Authentication: JWT-based authentication with optional multi-factor authentication (MFA)
- Access Control: Role-based permissions limiting data access
- Infrastructure: Hosted on Google Cloud Platform with enterprise security controls
- Audit Logging: Comprehensive logging of security-relevant events
Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data.
6. Cookies and Local Storage
We use cookies and browser storage for:
| Technology | Purpose |
|---|---|
| Session cookies | Authentication and session management |
| Local storage | User preferences and application state |
| Trusted device tokens | Remember devices for MFA (30-day expiry) |
We do not use third-party advertising cookies. Email communications may include tracking pixels to monitor delivery and engagement.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
7.1 Access and Portability
You can request a copy of your personal data in a portable format.
7.2 Correction
You can update or correct inaccurate information through your account settings or by contacting us.
7.3 Deletion
You can request deletion of your account and associated data. Some data may be retained for legal compliance.
7.4 Restriction and Objection
You can request that we limit processing of your data or object to certain uses.
7.5 Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time.
7.6 Complaint
You have the right to lodge a complaint with a data protection authority.
To exercise these rights, contact us at the address below.
8. Special Categories of Data
Our Service collects health-related information (dietary restrictions, allergies, medical conditions, body metrics) to provide personalized meal planning. This data is:
- Collected only with your explicit consent
- Used solely for providing the Service
- Protected with enhanced security measures
- Never sold to third parties
- Shared with AI providers only in anonymized form for meal generation
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States, where our service providers operate. We ensure appropriate safeguards are in place for such transfers.
10. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: We do not sell personal information
- Non-Discrimination: We will not discriminate against you for exercising your rights
To make a request, contact us using the information below.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:
- Legal Basis: We process data based on contract performance, legitimate interests, and consent
- Data Protection Officer: Contact us at the address below
- Supervisory Authority: You may lodge a complaint with your local data protection authority
13. Limitation of Liability & Hold Harmless
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- Evos Fit provides the Service and processes personal data on an "as is" and "as available" basis. We make no warranties, express or implied, regarding the accuracy, completeness, or reliability of any data processing activities.
- Evos Fit shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising out of or related to our collection, use, or processing of your personal information, including but not limited to unauthorized access, data breaches caused by third-party service providers, or any loss of data beyond our reasonable control.
- You agree to hold harmless and indemnify Evos Fit, its owners, officers, employees, and contractors from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from: (a) your provision of inaccurate or incomplete information; (b) your failure to safeguard your own account credentials; or (c) your violation of this Privacy Policy or applicable data protection laws.
- Our total aggregate liability for any claims related to data privacy under this policy shall not exceed the fees paid by you to Evos Fit during the three (3) months preceding the event giving rise to the claim.
- Nothing in this section limits liability that cannot be excluded or limited under applicable law, including liability for fraud or willful misconduct.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification
- Displaying a notice within the Service
Your continued use of the Service after changes constitutes acceptance of the updated policy.
15. Contact Us
For privacy-related questions, requests, or concerns:
Email: privacy@evos.fit
We will respond to your request within 30 days.
16. Additional Information
Data Processing for AI Features
When generating meal plans, we send dietary preferences and nutritional goals to AI providers (OpenAI, Anthropic, and/or Google Gemini). We:
- Do not include your name, email, or other identifying information in AI requests
- Cannot control how AI providers process or retain data sent to their APIs
- Recommend reviewing OpenAI's Privacy Policy, Anthropic's Privacy Policy, and Google's Privacy Policy for details
Email Tracking
Our transactional emails may include tracking pixels that record:
- Whether an email was opened
- Links clicked within the email
- Time and location of opens
This data helps us ensure email delivery and improve communications.
This Privacy Policy was last reviewed on February 23, 2026.