Last Updated: April 1, 2026 Effective Date: April 1, 2026

Data Controller

The data controller responsible for your personal data is:

Sole Innovations Org. nr. 934 026 306 Thorvald Meyers Gate 23a, 0555 Oslo, Norway Email: sebastian@soleinnovations.com

Introduction

This Privacy Policy explains how Sole Innovations (“Fitbull,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards your information when you use our mobile application and associated website. We are committed to protecting your privacy and handling your data in compliance with the EU General Data Protection Regulation (GDPR), the Norwegian Personal Data Act (Personopplysningsloven), the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws.

Information We Collect

Information You Provide

Account Information: Email address, display name, and profile details when you create an account.
Workout Data: Exercises, sets, reps, weights, and workout history you log in the app.
Nutrition Data: Meals, foods, macronutrient data, and recipes you save.
Goals & Preferences: Fitness goals, experience level, body metrics (if provided), and app preferences you set.
AI Coach Interactions: Messages and queries you send to the AI Coach (Pro feature).
Support Correspondence: Emails and messages you send to our support team.

Information Collected Automatically

Device Information: Device model, operating system version, and unique device identifiers.
Usage Data: App interaction data, feature usage patterns, and crash reports.
Analytics: Anonymized usage statistics to help us improve the app.

Apple HealthKit Data

Fitbull may request access to Apple HealthKit to read and write workout data (such as workouts, active energy, and body measurements) with your explicit permission. HealthKit data is never shared with third parties, used for advertising, or sold. HealthKit data is not sent to AI processing services. HealthKit data is only used to sync your fitness data between Fitbull and the Health app. You can revoke Fitbull’s access to HealthKit at any time through your device’s Settings > Privacy & Security > Health. Revoking access will not delete data previously synced to Fitbull.

Health and Fitness Data (Special Category Data)

Some of the data you provide - including workout data, nutrition data, body metrics, and data synced via Apple HealthKit - may constitute health-related data under GDPR Article 9, which is subject to additional protections as “special category data.”

We process this data only with your explicit consent, which we obtain when you first set up your Fitbull account and, where applicable, when you enable HealthKit integration or activate the AI Coach feature. You may withdraw your consent at any time by disabling the relevant feature in Settings, deleting your data, or contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

We have conducted a Data Protection Impact Assessment (DPIA) for our health data processing and AI-powered features, in accordance with GDPR Article 35 and Datatilsynet’s guidance on processing activities requiring a DPIA.

Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6(1):

Processing Activity	Legal Basis
Providing the Fitbull app and its core features (workout tracking, nutrition logging, stats)	Performance of a contract (Art. 6(1)(b))
Managing your account and authentication	Performance of a contract (Art. 6(1)(b))
Processing your subscription	Performance of a contract (Art. 6(1)(b))
Responding to support requests	Performance of a contract (Art. 6(1)(b))
AI Coach personalized recommendations (Pro)	Explicit consent (Art. 6(1)(a)) and Art. 9(2)(a) for health data
Apple HealthKit data sync	Explicit consent (Art. 6(1)(a)) and Art. 9(2)(a) for health data
Analytics and app improvement (anonymized)	Legitimate interest (Art. 6(1)(f)) - our interest in improving the service, balanced against minimal impact on your privacy due to anonymization
Service-critical notifications	Legitimate interest (Art. 6(1)(f)) - necessary operational communications
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interest, we have conducted a balancing test and concluded that our interests do not override your fundamental rights. You may request details of these assessments by contacting us.

How We Use Your Information

To provide and maintain the Fitbull app and its features.
To personalize your experience, including AI Coach recommendations (Pro).
To process your subscription and manage your account.
To send service-critical notifications about the service.
To analyze usage patterns and improve the app (using anonymized data).
To respond to your support requests.
To comply with legal obligations.

AI Coach Processing (Pro Feature)

If you activate the AI Coach, the following data may be sent to OpenAI, Inc. (based in the United States) to generate personalized recommendations:

Your workout history (exercises, sets, reps, weights)
Your nutrition data (meals, macronutrients)
Your fitness goals and experience level
Your body metrics (age, weight, height, if provided)
Your messages to the AI Coach

HealthKit data is not sent to OpenAI.

We have a Data Processing Agreement (DPA) with OpenAI under which they process your data solely to provide the AI Coach service on our behalf. For more information about OpenAI’s data handling, see their privacy policy at openai.com/privacy.

AI-generated content may be inaccurate, incomplete, or unsuitable for your individual circumstances. You should independently verify AI Coach recommendations before acting on them.

You may opt out of AI Coach data processing at any time by not using the AI Coach feature or by downgrading from Pro.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

We may share data with the following categories of recipients:

Cloud Infrastructure: We use cloud hosting providers for data storage and backend services. We have Data Processing Agreements in place with all providers.
AI Processing (OpenAI): As described above, for Pro subscribers who use the AI Coach.
Analytics: We use analytics tools to collect anonymized usage statistics. These providers receive anonymized data only.
Payment Processing: Subscription payments are processed entirely by Apple (App Store) and Google (Play Store). We do not receive or store your payment card information.
Legal Requirements: When required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property.

We have entered into Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf, in accordance with GDPR Article 28.

A current list of our sub-processors, including their names and locations, is available upon request by contacting sebastian@soleinnovations.com.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. Specifically:

AI Coach (OpenAI): If you use the AI Coach, your data is sent to OpenAI’s servers in the United States. This transfer is protected by appropriate safeguards, including EU Standard Contractual Clauses (SCCs) approved by the European Commission and/or the EU-US Data Privacy Framework.
Cloud Hosting: Our servers are hosted by cloud infrastructure providers. Where data is transferred outside the EEA, we rely on EU Standard Contractual Clauses or applicable adequacy decisions.

You may request a copy of the applicable safeguards by contacting us at sebastian@soleinnovations.com.

Data Retention

Account and fitness data: Retained for the duration of your active account. Deleted within 30 days of an account deletion request.
Payment records: Transaction records may be retained as required by applicable tax and accounting laws. Note: payment transactions are processed and stored by Apple or Google; we do not store payment card information.
Analytics data: Anonymized and aggregated; retained indefinitely as it cannot be linked back to you.
Support correspondence: Retained for 12 months after resolution.
AI Coach interaction logs: Processed in real-time; not retained by Fitbull after the session. Refer to OpenAI’s data retention policies for their processing.
Backup systems: Deleted data may persist in encrypted backups for up to 90 days before being automatically purged.

You can request deletion of your account and all associated data at any time by contacting us at sebastian@soleinnovations.com or through the App.

Data Security

We use industry-standard encryption (TLS in transit, AES-256 at rest) to protect your data. We implement appropriate technical and organizational measures to safeguard your personal data. However, no method of electronic transmission or storage is 100% secure.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities (including Datatilsynet) as required by GDPR Article 33 and applicable law. Notification will be provided without undue delay.

Tracking Technologies

Fitbull may use analytics SDKs and local device storage to collect usage data and improve app performance. We obtain your consent before activating any non-essential tracking or analytics, in compliance with the Norwegian Electronic Communications Act (Ekomloven). Essential local storage required for the app to function does not require consent.

You may control analytics and tracking through the app’s privacy settings and your device’s privacy settings.

Automated Decision-Making and Profiling

The AI Coach feature uses automated processing of your workout and nutrition data to generate personalized recommendations. This processing does not produce decisions with legal or similarly significant effects on you. All AI-generated suggestions are informational only and require your independent judgment. You may request human review of any AI-generated recommendation by contacting us.

Your Rights

All Users

You have the right to:

Access your personal data.
Correct inaccurate data.
Delete your data.
Export your data in a portable format.
Opt out of analytics collection.

If you are located in the European Economic Area or Norway, you have the following rights:

Right of access (Art. 15): Obtain confirmation of whether we process your data and request a copy.
Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): Request deletion of your data in certain circumstances.
Right to restriction of processing (Art. 18): Request that we limit how we process your data.
Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (e.g., JSON or CSV).
Right to object (Art. 21): Object to processing based on legitimate interests, including analytics. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds.
Right to withdraw consent (Art. 7(3)): Where processing is based on consent (including health data and AI Coach), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You can withdraw consent via Settings > Privacy in the app, or by contacting us.
Rights related to automated decision-making (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, contact us at sebastian@soleinnovations.com. We will respond within one month of receiving your request, as required by GDPR Article 12(3). This period may be extended by two further months where necessary.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. Our lead supervisory authority is:

Datatilsynet (Norwegian Data Protection Authority) Postboks 458 Sentrum, 0105 Oslo, Norway Phone: +47 22 39 69 00 Email: postkasse@datatilsynet.no Website: www.datatilsynet.no

You may also contact the supervisory authority in your country of residence.

Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

Categories of personal information we collect:

Identifiers: Email address, display name, device identifiers.
Internet or electronic network activity: Usage data, app interaction data, analytics.
Health-related information: Workout data, nutrition data, HealthKit data - this may constitute “sensitive personal information” under CPRA.
Inferences: AI Coach recommendations derived from your data.

Your rights:

Right to know what personal information we collect, use, and disclose.
Right to delete your personal information.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising.
Right to limit the use and disclosure of sensitive personal information.
Right to non-discrimination for exercising your rights.
Right to designate an authorized agent to submit requests on your behalf.

How to exercise your rights: Submit a request by emailing sebastian@soleinnovations.com. We will verify your identity before processing your request. We will respond within 45 days, which may be extended by an additional 45 days if reasonably necessary.

Additional US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have additional rights including:

Right to access, correct, and delete personal data.
Right to data portability.
Right to opt out of targeted advertising, sale of personal data, and profiling.
Right to appeal a denial of a privacy request.

Sensitive data: Under several state laws, health and fitness data is considered “sensitive data.” We process this data only with your consent, which you provide when you create an account and input this information. You may withdraw consent at any time by deleting the relevant data or your account.

Universal opt-out signals: We honor Global Privacy Control (GPC) signals where required by applicable law.

Right to appeal: If we deny your privacy rights request, you may appeal by contacting us at sebastian@soleinnovations.com with the subject line “Privacy Rights Appeal.” We will respond to your appeal within 60 days. If we deny your appeal, we will provide information on how to contact your state’s attorney general.

Fitbull processes health and fitness data that may be considered “sensitive” under applicable privacy laws (GDPR Article 9, CPRA, Virginia CDPA, and others). By creating an account and voluntarily providing workout data, nutrition data, or connecting Apple HealthKit, you affirmatively consent to the processing of this data as described in this Privacy Policy. You may withdraw your consent at any time by deleting the relevant data, disabling the feature, or deleting your account.

Children’s Privacy

Fitbull is not directed to children. You must be at least 16 years of age to create an account or use Fitbull, as stated in our Terms of Service.

We do not knowingly collect personal information from anyone under the age of 16. If we learn that we have collected personal data from a user under 16 without verifiable parental consent, we will take steps to delete that information and terminate the associated account as soon as reasonably practicable.

For children under 13, our practices comply with the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13.

If you believe that a user under 16 has provided us with personal information, please contact us immediately at sebastian@soleinnovations.com.

Communications

We may send you transactional emails related to your account (e.g., password resets, subscription confirmations, subscription reminders, policy updates). These are necessary for the operation of your account. If we send promotional communications in the future, you will be able to opt out at any time via an unsubscribe link in each message or by contacting us. We will honor opt-out requests within 10 business days.

Data Protection Contact

We have not appointed a Data Protection Officer, as this is not currently required for our processing activities based on our assessment of scale. For all privacy-related inquiries or to exercise your data protection rights, contact us at sebastian@soleinnovations.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect, via email or in-app notification. Where changes affect processing based on your consent, we will seek your renewed consent before applying those changes. The “Last Updated” date at the top of this policy indicates when it was most recently revised.

If you do not agree with the updated policy, you may delete your account before the changes take effect.

Contact Us

If you have questions about this Privacy Policy, please contact us at sebastian@soleinnovations.com.

Privacy Policy