Legal

Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 1 May 2026  ·  Applies to: ByteFit Android App & bytefit.app

ℹ️
Plain-language summary: ByteFit collects your health and fitness data only to personalise your workout and nutrition plans. We never sell it. We never share it with advertisers. You can request deletion of your account and all data at any time by emailing us.

1 Who We Are

ByteFit is a personal fitness and wellness Android application developed and operated by ByteNext Technology Pvt. Ltd., a company incorporated in India.

In this Privacy Policy, "ByteFit", "we", "us", and "our" refer to ByteNext Technology Pvt. Ltd. "You" and "your" refer to any individual who downloads, installs, or uses the ByteFit app or visits bytefit.app.

This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it. It applies to the ByteFit Android application and the bytefit.app website.

2 What Data We Collect

We collect data in three ways: data you provide directly, data generated by your use of the app, and data from connected services you choose to enable.

2.1 Data You Provide Directly

DataWhy We Collect It
First nameTo personalise your in-app experience
Email addressAccount creation, authentication, and support
Password (hashed)Account security — we never store plaintext passwords
Date of birth / ageAge-appropriate content and calorie/macro calculations
GenderPersonalised workout and nutrition recommendations
Weight & heightBMI, TDEE, and training plan calibration
Fitness goalBuild muscle, lose weight, general fitness — drives plan generation
Experience levelBeginner / Intermediate / Advanced plan calibration
Training location & equipmentMatching exercises to your gym setup
Bench / squat / deadlift 1RMStrength baselines for intermediate and advanced users (optional)
Workout split preferencePPL, Bro Split, Full Body, Upper/Lower, custom
Food allergies / dietary preferencesNutrition plan filtering

2.2 Data Generated by App Use

DataWhy We Collect It
Workout logs (exercises, sets, reps, weights, duration)Progress tracking, adaptive suggestions, personal records
Nutrition / meal logsMacro tracking and nutrition plan personalisation
Water intake logsHydration tracking and daily habit dashboard
Sleep logs (duration, quality)Wellness dashboard and readiness scoring
Mood logsWellbeing tracking and readiness scoring
Habit check-insDaily habit dashboard and streak tracking
Body measurements (weight, body fat, waist, etc.)Body composition progress tracking
Goals and achievementsMotivation features and milestone tracking
In-app notification interactionsReminder effectiveness and personalisation

2.3 Data from Connected Services (Optional)

If you choose to connect Google Health Connect, we may read:

  • Daily step count
  • Active and total calories burned

This connection is entirely optional. You can disconnect it at any time from Profile → Settings → Health Connect. We do not write data back to Health Connect.

2.4 Camera

ByteFit requests access to your device camera only for the barcode scanner feature in the nutrition tracking section. When you tap the barcode scanner icon to look up a food product, the camera is activated to read the barcode.

  • The camera is never activated in the background
  • ByteFit does not capture, store, or transmit any photos or video from your camera
  • The camera feed is used only in real time to decode a barcode string — nothing is saved to your device or our servers
  • Camera access is only requested when you actively initiate a barcode scan
  • You can deny camera permission and still use all other features of ByteFit, including manual food search

3 Device Permissions

ByteFit requests the following Android permissions. Each permission is used only for the specific purpose stated below and is never used beyond that purpose.

PermissionWhy It's NeededRequired?
CAMERA Barcode scanner for food product lookup in nutrition tracking. No photos or video are captured or stored. Optional — manual food search works without it
POST_NOTIFICATIONS Sending workout reminders, hydration reminders, and meal reminders you configure in Notification Settings. Optional — core tracking works without it
SCHEDULE_EXACT_ALARM Delivering reminders at the precise time you set (e.g. 6:30 AM morning reminder). Without this, reminders may be delayed by the OS. Optional
RECEIVE_BOOT_COMPLETED Re-scheduling your workout reminders after your device restarts, so they continue to fire at the correct times. Optional
INTERNET Syncing your data to our servers and fetching your workout plan. The app functions offline without an active connection. Required for sync and account features
FOREGROUND_SERVICE Running the active workout session timer and rest timer reliably when the app is in the background. Required for active workout sessions
activity_recognition (Health Connect) Reading your daily step count and calories from Google Health Connect, only if you choose to connect it. Optional — only if you connect Health Connect

You can review and revoke any permission at any time from your device's Settings → Apps → ByteFit → Permissions. Revoking a permission only affects the specific feature that depends on it — it does not delete your account or data.

4 Health & Sensitive Data

🔒
We will never sell, rent, license, or share your health data with any third party for advertising, marketing, or commercial purposes — under any circumstances. Your health information exists in ByteFit solely to personalise your training and nutrition experience.

ByteFit collects a significant amount of health-related information, including body weight, body fat percentage, fitness performance, sleep quality, mood, and nutrition data. We treat all of this as sensitive personal data and apply the following protections:

  • Health data is stored on our secured backend servers hosted in the EU region via Railway
  • All data transmission between your device and our servers uses HTTPS/TLS encryption
  • Health data is never included in analytics events sent to PostHog or Firebase
  • Health data is never used to build advertising profiles or shared with data brokers
  • Access to health data within our team is limited to engineers who require it for debugging, and only with your explicit support request

The legal basis for processing your health data under India's Digital Personal Data Protection Act 2023 (DPDP Act) is your explicit consent, given when you create an account and complete the onboarding profile. You may withdraw this consent at any time by requesting account deletion.

5 How We Use Your Data

We use the data we collect for the following purposes only:

  1. Personalised workout plan generation — your goals, experience, equipment, and body stats are used by our AI to build a training plan matched specifically to you
  2. Personalised nutrition guidance — your caloric needs, macros, and dietary preferences drive meal recommendations
  3. Adaptive weight and volume suggestions — your workout history informs smart suggestions for your next session
  4. Progress tracking and analytics — charts, heatmaps, streaks, and personal records are computed from your logged data
  5. App functionality — authentication, notifications, syncing, and support
  6. Product improvement — anonymised, aggregated usage events (via PostHog and Firebase) help us understand how features are used and fix crashes. These events contain no health data, no names, and no identifiable information
  7. Legal compliance — we may process data as required by applicable Indian law
⚠️
We do not use your data for: targeted advertising, selling to third parties, building profiles for external companies, or any purpose not listed above.

6 Third-Party Services

ByteFit uses a small number of carefully chosen third-party services. Each one handles only the data necessary for its specific function. We do not share health data with any of them.

Railway Backend hosting & database
Privacy Policy ↗
RevenueCat Subscription & in-app purchase management
Privacy Policy ↗
Google Firebase (FCM) Push notification delivery
Privacy Policy ↗
Firebase Crashlytics Crash reporting (anonymised device info only)
Privacy Policy ↗
PostHog Product analytics (anonymised usage events only)
Privacy Policy ↗
Google Health Connect Steps & calories (only if you connect it)
Privacy Policy ↗
Google Play Billing Payment processing — we never see card details
Privacy Policy ↗

ByteFit never processes or stores payment card information. All billing is handled exclusively by Google Play Billing through your Google account.

7 Data Storage & Security

Your data is stored in two places:

  • On your device — ByteFit uses a local Room (SQLite) database to store your workout logs, meals, habits, and all other tracked data. This allows the app to function fully offline. This data is private to your device and protected by Android's app sandbox.
  • On our servers — your data is synced to our backend hosted on Railway when you have an internet connection. Railway servers are located in the EU region. Data is encrypted in transit (HTTPS/TLS) and at rest.

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include JWT authentication with automatic token refresh, encrypted credential storage on your device, and access controls on our backend.

No method of transmission over the internet is 100% secure. We will notify you promptly if we become aware of any breach affecting your personal data, as required under applicable law.

8 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the service.

  • Active accounts — data is retained for the duration of your account
  • Account deletion requests — upon receiving your deletion request at support@bytefit.app, your account and all personally identifiable data will be permanently deleted from our active systems within 30 days
  • Backup systems — residual copies in encrypted backups are purged within 90 days of the deletion request
  • Anonymised analytics — aggregated, non-identifiable product analytics data (PostHog / Firebase) that cannot be linked back to you may be retained indefinitely for product improvement purposes
  • Legal obligations — we may retain certain data for longer periods if required by Indian law (e.g. financial records for subscription transactions)

9 Your Rights

Under India's Digital Personal Data Protection Act 2023 (DPDP Act) and as a matter of our own commitment to your privacy, you have the following rights:

  • Right to access — request a copy of the personal data we hold about you
  • Right to correction — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your account and all associated personal data
  • Right to withdraw consent — withdraw your consent to data processing at any time (this will require account deletion as the app cannot function without it)
  • Right to grievance redressal — raise a complaint about how your data is being handled

To exercise any of these rights, email us at privacy@bytefit.app. We will respond within 30 days. We may need to verify your identity before acting on certain requests.

📧
To delete your account: email support@bytefit.app with the subject line "Account Deletion Request" from the email address associated with your ByteFit account. We will confirm receipt within 3 business days and complete the deletion within 30 days.

10 Children's Privacy

ByteFit is intended for users aged 16 and older. We do not knowingly collect personal data from children under the age of 16.

If you are under 16, please do not use ByteFit or provide any personal information to us. If you are a parent or guardian and believe your child under 16 has created a ByteFit account, please contact us immediately at privacy@bytefit.app and we will delete the account and associated data promptly.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the app's features, or applicable law. When we do:

  • We will update the "Last updated" date at the top of this page
  • For material changes, we will notify you via an in-app notification or email at least 14 days before the change takes effect
  • Continued use of ByteFit after the effective date constitutes acceptance of the updated policy

We encourage you to review this policy periodically. The current version is always available at bytefit.app/privacy.

12 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

ByteNext Technology Pvt. Ltd.

CountryIndia

We aim to respond to all privacy-related enquiries within 30 days of receipt.