Privacy
Policy

AUTO FIT AI LTD ("AutoFit", "we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use the AutoFit platform, mobile applications, and connected hardware devices (collectively, the "Service"). By using the Service, you agree to the practices described here.

We collect the following categories of information: • Biometric & Movement Data: Skeletal keypoint data, joint angles, movement velocity, and form scores generated by our computer vision system. This data is processed in real-time and may be stored to power personalised coaching. • Identity & Account Data: Full name, email address, phone number, date of birth, gender, fitness goals, and profile preferences you provide during registration. • Health & Fitness Data: Body metrics (weight, height, body composition where provided), workout history, session logs, exercise performance, caloric intake, and nutrition preferences. • Device & Usage Data: IP address, device type, operating system, browser/app version, session timestamps, feature interactions, and crash reports. • Camera & Sensor Data: Live video feed from AutoFit Portal devices for real-time skeletal tracking. This feed is processed locally on-device and is not stored or transmitted unless explicitly required for session review with your consent. • Communications: Messages you send to our support team, feedback forms, and survey responses.

We use your data to: • Provide, maintain, and improve the AutoFit Service, including AI coaching, form correction, and nutrition planning. • Personalise workout programmes, voice coaching, and recovery recommendations. • Monitor system safety — including joint stress detection and injury-risk alerts. • Process payments and manage your subscription. • Send service notifications, system updates, and (with your consent) marketing communications. • Conduct internal analytics to improve AI model accuracy and platform performance. • Comply with legal obligations and enforce our Terms of Service.

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases: • Contractual necessity: To deliver the Service you signed up for. • Legitimate interests: To improve our platform, detect fraud, and ensure system safety. • Consent: For biometric data processing, marketing communications, and optional analytics. • Legal obligation: Where required by applicable law. You may withdraw consent at any time by contacting us or through your account settings. Withdrawal of consent does not affect the lawfulness of prior processing.

AutoFit processes biometric data (skeletal/joint tracking) as a core part of the Service. This data is treated as sensitive personal data under applicable law. We apply the following protections: • Biometric processing occurs on AutoFit Portal devices or your mobile device — not on remote servers — wherever technically feasible. • We do not sell biometric data to third parties. • Biometric identifiers are not used for identity verification or surveillance. • You may request deletion of all biometric data associated with your account at any time.

We do not sell your personal data. We may share data with: • Service Providers: Cloud hosting (AWS / Google Cloud), analytics platforms, payment processors, and push-notification services — all bound by data processing agreements. • AI & Research Partners: Anonymised, aggregated movement datasets may be shared with fitness research institutions to improve biomechanical models. • Legal Authorities: Where required by law, court order, or to protect safety. • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. You will be notified in advance.

AUTO FIT AI LTD is registered in England & Wales. We operate infrastructure in the EU and MENA region. When personal data is transferred outside your country, we ensure adequate protection through: • Standard Contractual Clauses (SCCs) approved by the European Commission. • Adequacy decisions by the UK Information Commissioner's Office (ICO). • Contractual obligations with regional data processors.

We retain personal data for as long as your account is active or as needed to provide the Service. Specific retention periods: • Account data: Retained for the duration of your subscription plus 2 years. • Biometric session data: Retained for 12 months (unless you delete earlier). • Anonymised analytics: Retained indefinitely for service improvement. • Legal records: Retained as required by applicable law (typically 6–7 years for financial records). You may request deletion of your account and associated data at any time.

Depending on your jurisdiction, you may have the following rights: • Access: Request a copy of the personal data we hold about you. • Rectification: Correct inaccurate or incomplete data. • Erasure ("Right to be Forgotten"): Request deletion of your personal data. • Restriction: Ask us to limit processing of your data. • Portability: Receive your data in a machine-readable format. • Objection: Object to processing based on legitimate interests. • Withdraw Consent: Opt out of consent-based processing at any time. • CCPA (California): Right to know, delete, and opt out of sale of personal information. To exercise any of these rights, contact us at: privacy@autofit.ai

We implement industry-standard security measures including: • AES-256 encryption for data at rest. • TLS 1.3 for all data in transit. • Role-based access control for internal systems. • Regular penetration testing and security audits. • SOC 2 compliance roadmap for 2025. No system is completely secure. If you believe your account has been compromised, contact us immediately at security@autofit.ai.

AutoFit is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn we have inadvertently collected such data, we will delete it promptly. Users between 16 and 18 require verifiable parental consent to use features involving biometric data collection.

Our web platform uses cookies and similar technologies for: • Essential functionality (authentication, session management). • Performance analytics (anonymised usage statistics via privacy-first analytics). • Preference storage (language, theme settings). You can manage cookie preferences through your browser settings. We do not use third-party advertising cookies.

We may update this Privacy Policy periodically. When we make material changes, we will notify you via email or in-app notification at least 30 days before changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact: AUTO FIT AI LTD 80A Ruskin Avenue, Welling, DA16 3QQ, United Kingdom Email: privacy@autofit.ai Phone: +20 10 15536382 UK Data Protection Regulator (ICO): https://ico.org.uk