Skip to content
Back to Home

Legal

Privacy Policy

Effective:
April 29, 2026
Last updated:
April 29, 2026

This Privacy Policy explains how DerMo Technologies Inc., an Ontario corporation operating under the brand name Fitlyze (“Fitlyze”, “we”, “us”, or “our”), collects, uses, shares, and protects personal information when you use our mobile applications and related services (collectively, the “Service”).

This Policy applies to Users in Canada and the United States, where the Service is currently offered. The Policy includes specific sections for residents of Canada (with additional rights for Quebec residents under Law 25) and the United States (with additional rights for California, Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws).

By using the Service, you confirm that you have read this Policy. If you do not agree, do not use the Service.

1. Who We Are

The data controller and the entity responsible for your personal information is:

DerMo Technologies Inc. (d/b/a Fitlyze) 2300 Yonge Street, Suite 1600 Toronto, ON, Canada, M4P 1E4 Email: info@fitlyze.app

For privacy-related inquiries, contact us at info@fitlyze.app with the subject line “Privacy Request”.

2. Geographic Availability

The Service is currently available only in Canada and the United States. We do not offer the Service in the European Union, the United Kingdom, or other jurisdictions, and we do not target marketing or services to residents of those jurisdictions. If you are accessing the Service from outside Canada or the United States, please discontinue use.

3. Information We Collect

We collect the following categories of information.

3.1 Information You Provide

  • Account information: name, email address, password (stored in hashed form), and date of birth (used to confirm you are 18+).
  • Profile and health information: sex assigned at birth, height, weight, age, fitness goals, activity level, dietary preferences, allergies, and self-reported medical considerations you choose to share.
  • Conversations with the AI: messages, prompts, and inputs you submit to the AI features, and the responses the AI generates.
  • Calorie and activity tracking: food logs, meals, exercise entries, photos of food (if you choose to upload them), and related metadata.
  • Communications: support messages, survey responses, and other content you send to us.

We do not collect or store payment card information. All Subscription payments are processed through Apple’s In-App Purchase system (on iOS) or Google Play Billing (on Android), which act as merchants of record. See Section 7 for details on what information Apple and Google share with us.

3.2 Information Collected Automatically

  • Device and usage data: device model, operating system, language, time zone, app version, IP address, crash reports, and interactions with the Service (e.g., features used, screens viewed, session length).
  • Identifiers: device identifiers, advertising identifiers (where consented), and similar technologies.
  • Approximate location: derived from IP address. We do not collect precise GPS location unless you explicitly opt in for a feature that requires it.

3.3 Information from Third Parties

  • App stores: Apple and Google share limited information with us about your purchase, including your subscription status, transaction identifier, and product purchased. They do not share your full name, billing address, or payment card information with us.

4. Sensitive Information

Some information you provide is considered sensitive personal information under applicable laws — particularly health- and fitness-related information, dietary information, and biometric measurements (such as weight). We process this information only for the purposes described in this Policy and only with your consent, which you provide by submitting it to us.

You may withdraw consent at any time by deleting the relevant information or your account; however, this may limit your ability to use the Service.

5. How We Use Your Information

We use your information to:

  • Provide the Service, including generating AI workout and nutrition plans, tracking calories and activity, and personalizing your experience;
  • Manage your subscription status based on data received from Apple or Google;
  • Operate, secure, and improve the Service, including debugging, fraud prevention, and analytics;
  • Train and improve our prompts, configuration, and product using de-identified or aggregated data. We do not use your raw conversations, content, or health data to train third-party AI foundation models;
  • Communicate with you, including service announcements, updates, and (with consent where required) marketing;
  • Comply with legal obligations, including tax, accounting, and regulatory requirements;
  • Enforce our Terms and protect our rights, property, or safety, or that of our Users or others.

6. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising (as defined under California law).

We share information only with the following categories of recipients:

6.1 Sub-Processors and Service Providers

RecipientPurposeLocation
OpenAI, L.L.C.AI inference (generating workout/nutrition plans and chat responses)United States
Apple Inc.App Store distribution and In-App Purchase as merchant of recordUnited States and other Apple regions
Google LLCGoogle Play distribution and Google Play Billing as merchant of record; transactional email delivery via Google Workspace (Gmail SMTP relay)United States
DigitalOcean, LLCCloud hosting, object storage (Spaces), CDN, and infrastructureToronto, Canada (primary); other DigitalOcean regions for object storage and CDN
Sendinblue SAS (d/b/a Brevo)Transactional email delivery (fallback to Google Workspace)France (European Union)

We have data processing agreements (or equivalent contractual protections) in place with each of these providers that restrict their use of your information to providing services to us.

We do not currently use third-party analytics or crash-reporting providers. If we add such providers in the future, we will update this Policy and the table above before doing so.

Important — OpenAI: when you interact with the AI features, we send your prompts and relevant context (which may include health and fitness information) to OpenAI for processing. We use OpenAI’s API under terms that prohibit OpenAI from using your data to train OpenAI’s models. OpenAI retains data only as long as needed to provide the service or as required by law.

Important — Apple and Google: Apple and Google act as merchants of record for Subscriptions purchased through the App Store and Google Play. They process your payment, collect and remit applicable taxes, and handle refunds. Their handling of your payment information is subject to their own privacy policies, which we do not control.

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with a law, regulation, court order, subpoena, or government request;
  • Enforce our Terms or investigate potential violations;
  • Detect, prevent, or address fraud, security, or technical issues; or
  • Protect the rights, property, or safety of Fitlyze, our Users, or others.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your information is handled.

We may share information with third parties for any other purpose with your consent.

7. Payment Processing and Billing Data

Because Subscriptions are processed through Apple’s In-App Purchase or Google Play Billing, we do not collect or store your payment card information. The payment method on file with your Apple ID or Google account is charged by Apple or Google, who then remit the net amount (after their service fee and applicable taxes) to us.

We receive from Apple or Google only:

  • A transaction identifier
  • The product purchased
  • The subscription status (e.g., active, expired, in trial)
  • The transaction date and amount (in some cases)

We do not receive your full name, billing address, payment card number, or other payment-method details. For information about how Apple and Google handle your payment information, see Apple’s Privacy Policy and Google’s Privacy Policy.

8. International Data Transfers

We are based in Canada. Your information may be transferred to, stored, and processed in Canada and the United States, where data protection laws may differ from those in your country of residence within North America. Some of our sub-processors (such as Brevo) may also process limited information in the European Union under contractual safeguards. By using the Service, you consent to these transfers.

For transfers from Quebec, we conduct privacy impact assessments where required under Law 25 prior to transferring personal information outside Quebec.

9. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy, or as required by law. Specifically:

  • Account data: retained while your account is active and for up to 24 months after account closure, unless a longer period is required by law (e.g., 7 years for tax records under Canadian law).
  • Conversations and AI inputs/outputs: retained for up to 24 months for service operation and quality monitoring, then deleted or de-identified.
  • Subscription records: retained for the period required by tax and accounting laws (typically 7 years).
  • Backups: rolling encrypted backups are retained for up to 90 days before being overwritten.
  • De-identified or aggregated data: may be retained indefinitely.

You may request deletion of your account and personal information at any time (see Section 12).

10. Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, secure development practices, and routine security testing. However, no system is completely secure. You are responsible for keeping your password confidential. If you believe your account has been compromised, contact us immediately at info@fitlyze.app.

11. Cookies and Tracking Technologies

On our website, we use cookies and similar technologies for:

  • Strictly necessary purposes (authentication, security, load balancing);
  • Functional purposes (remembering preferences);
  • Analytics (understanding aggregate usage); and
  • Marketing (only where you have consented).

If you are in Quebec, we ask for your consent before placing non-essential cookies, in accordance with Law 25. You can change your preferences at any time through our cookie banner or your browser settings. In the mobile app, you can manage tracking through your device’s privacy settings (e.g., Apple App Tracking Transparency, Google Ads ID controls).

12. Your Privacy Rights

Subject to applicable law and verification of your identity, you have the rights described below. To exercise any right, email info@fitlyze.app with the subject line “Privacy Request” and a description of your request. We respond within the timeframes required by law (generally 30 days; up to 45 days for some U.S. states). We will not discriminate against you for exercising your rights.

12.1 All Users

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your account and associated personal information (subject to legal retention requirements);
  • Withdraw consent where processing is based on consent.

12.2 Canadian Residents (PIPEDA)

You have the rights described above and may file a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca).

12.3 Quebec Residents (Law 25)

In addition to the rights above, you have:

  • The right to be informed of any automated decision-making that affects you;
  • The right to data portability;
  • The right to file a complaint with the Commission d’accès à l’information du Québec (https://www.cai.gouv.qc.ca).

Our designated Person in Charge of the Protection of Personal Information under Law 25 is reachable at info@fitlyze.app.

12.4 California Residents (CCPA/CPRA)

If you are a California resident, you have the rights to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share;
  • Delete personal information;
  • Correct inaccurate personal information;
  • Limit the use and disclosure of sensitive personal information to those purposes that are necessary to provide the Service;
  • Opt out of the sale or sharing of personal information for cross-context behavioral advertising. We do not sell or share your personal information as those terms are defined under the CCPA;
  • Non-discrimination for exercising your rights.

You may submit requests through info@fitlyze.app. You may also designate an authorized agent to act on your behalf. We will verify your identity before responding.

Categories of personal information collected, sources, purposes, and recipients are set out in Sections 3, 5, and 6 above.

12.5 Other U.S. State Residents

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights of access, correction, deletion, portability, and the right to opt out of certain processing. Submit requests to info@fitlyze.app.

13. Children’s Privacy

The Service is not directed to or intended for anyone under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a person under 18 has provided us information, contact info@fitlyze.app.

14. Automated Decision-Making and AI

The Service uses AI to generate workout and nutrition suggestions based on the inputs you provide. These outputs are suggestions for your consideration, not binding decisions, and they do not produce legal or similarly significant effects on you. You are free to disregard them, and we encourage you to consult a qualified professional before acting on them.

We do not use the AI to make eligibility, pricing, or other automated decisions that significantly affect you.

15. Data Breach Notification

In the event of a personal data breach that creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada (or relevant Quebec or U.S. state authority) as required by law. Under PIPEDA, breach notification to the regulator must occur as soon as feasible after determining the breach has occurred.

16. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or in-app notice at least 30 days before the changes take effect, or as otherwise required by law. The “Last Updated” date at the top reflects the most recent version. Continued use after the effective date constitutes acceptance.

17. Contact

For questions, concerns, or requests:

DerMo Technologies Inc. (d/b/a Fitlyze) 2300 Yonge Street, Suite 1600 Toronto, ON, Canada, M4P 1E4 Email: info@fitlyze.app