FitRize Privacy Policy
Effective Date: December 09, 2025
1. Introduction
FitRize (hereinafter referred to as "the App") is a fitness service application developed and operated by Ninzbao LLC (hereinafter referred to as "we" or "us"). This Privacy Policy aims to clearly and transparently inform you about how we collect, use, store, protect, and share your personal information when you use the App's services, as well as details about your relevant rights and how to exercise them.
This Privacy Policy strictly complies with Google Play's Developer Distribution Agreement, User Data Policy, Children's Data Protection Guidelines, as well as relevant international and regional legal standards such as the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), California Consumer Privacy Act (CCPA, California Civil Code Sections 1798.100 et seq.), and California Privacy Rights Act (CPRA). We adhere to the three core principles of "data minimization", "purpose limitation", and "informed consent".
By downloading, installing, registering, or using the App, you indicate that you have fully read, understood, and agreed to all terms of this Privacy Policy and any subsequent revisions. If you do not agree to any content of this Privacy Policy, please do not download, install, or use the App; if you have already started using it, you must immediately cease use.
We may revise this Privacy Policy in light of business function adjustments, technological iterations, or updates to laws and regulations. If the revised content involves changes to your core rights and interests (including but not limited to expansion of data collection scope, changes in usage purposes, adjustments to sharing methods, etc.), we will notify you in a prominent manner (such as in-app pop-ups, push notifications) at least 7 natural days prior to the effective date of the revision, and clearly indicate the effective date of the revised policy. Your continued use of the App after the revision constitutes your acceptance of the revised Privacy Policy; if you do not agree to the revised content, you should cease using the App and apply for account cancellation.
2. Collection and Use of Information
We strictly adhere to the principle of "data minimization" and only collect information necessary to provide the App's core services. We do not collect Advertising IDs (Android Advertising ID, AAID), unique device identifiers (such as IMEI, MEID, MAC address), location information, contact lists, text messages, or other non-essential data. All information collection and use are solely for the purpose of implementing service functions and ensuring service quality, as detailed below:
2.1 Information You Voluntarily Provide
This information is voluntarily submitted by you when using the App's core functions, for purposes such as account management, content publishing, and personalized services:
• Account Information: The App adopts an express registration model. No personal information is required during registration, and there is no need to bind an email address or mobile phone number. After registration, the system will automatically generate an anonymous account identifier for identifying your account and displaying your personal homepage. You may optionally supplement your nickname, avatar (you can choose a system default or custom upload), and personal profile to facilitate other users in identifying your published content; failure to supplement this information will not affect the use of core functions.
• Content Publishing Information: Images uploaded by you through the training publishing page (such as training scenes, achievement displays), edited training titles/descriptions, selected training categories (such as strength training, aerobic exercise), and tags (such as #Beginner #HomeWorkout) are displayed in the training square for other users to browse and interact with, enabling fitness experience sharing among users.
• Consultation Information: Consultation content sent by you through the AI Personal Trainer Assistant, including preset questions (such as "How to create a fat loss plan") and custom text/voice messages, is used by the AI system to analyze your fitness needs and generate personalized training guidance, movement correction suggestions, and dietary reference plans.
• Feedback Information: Text content, voice messages, or screenshots of functional abnormalities submitted by you through the "Settings - Feedback & Suggestions" function are used by us to troubleshoot App malfunctions, optimize function design (such as interface interaction, functional logic), improve service quality, and resolve issues you encounter during use.
2.2 Automatically Collected Information
When you use the App, our servers automatically record certain device and usage data. Such data has been anonymized and de-identified, and cannot be linked to a specific individual alone or in combination with other information. It is only used to ensure the stable operation of the App and optimize the user experience:
• Basic Device Data: Including device model (e.g., Samsung Galaxy S23), Android operating system version (e.g., Android 14), Android ID (only used for unique device identification, not linked to personal identity), App version number (e.g., V2.1.0), and device operating status (e.g., memory usage). This is used to optimize the App's compatibility across different devices, troubleshoot and fix App crashes, freezes, and other issues, and ensure stable service operation.
• In-App Usage Data: Including function usage records (such as browsing the training square, initiating AI consultations, completing training check-ins, publishing/liking/commenting on content), usage duration (such as single-use duration, daily/monthly cumulative usage duration), and click paths (such as the operation trajectory from the homepage to the training square and then to specific content). This is used to analyze user behavior habits, identify frequently used functions and functions requiring optimization, and target improvements to the service experience (such as adjusting function entry positions, optimizing content recommendation logic).
• Check-In Data: Records such as your training check-in date, check-in items (e.g., "30-minute jog", "15-minute core training"), consecutive check-in days, and cumulative check-in times are used to generate a personal check-in calendar, calculate medal unlocking conditions (e.g., "Unlock Newbie Medal by checking in for 7 consecutive days"), and provide check-in reminders and incentive services to help you stick to your fitness plan.
2.3 Permission-Related Information
The App only requests device permissions necessary to implement core functions. All permissions require your active authorization when using the corresponding functions; we do not request permissions by default or force authorization. You can revoke authorization at any time through "Settings - Apps - FitRize - Permissions", but revocation may result in the corresponding functions being unavailable. Specific permission usage instructions are as follows:
• Camera and Photo Library Permissions: Used exclusively for uploading images when publishing content and changing profile pictures in the personal center. Permissions are only requested when you actively use these features. We do not access your photo library or camera in the background.
• Microphone Permission: Used exclusively for the voice feedback feature. Permissions are only requested when you actively use voice input. We do not activate the microphone or collect audio data in the background.
Note: The App will not request permissions unrelated to core services such as phone calls, text messages, location, contact lists, or calendars, nor will it obtain information corresponding to such permissions through any indirect means.
3. Storage and Protection of Information
3.1 Storage Method, Location, and Duration
• Storage Location: User information is stored in [Specified Compliant Data Center, e.g., AWS Singapore Data Center/Azure Southeast Asia Data Center], which has obtained ISO 27001 Information Security Management System certification and SOC 2 compliance certification, and complies with relevant laws and regulations on cross-border data transmission (including GDPR cross-border data transmission requirements) and Google Play data storage specifications.
• Storage Method: All user information is encrypted using TLS 1.3 during transmission and AES-256 during storage to ensure the security of data transmission and storage; anonymized and de-identified data is stored separately from personally identifiable data.
• Storage Duration: We follow the principle of "minimum necessary storage duration" and only store user information for the shortest period required to achieve the purpose of the service:
Account information, check-in data, medal records, published training content, etc., will be retained during the existence of your account;
• Content actively deleted by you (such as published training posts, AI consultation records, feedback information) will be immediately removed from the front-end display, and cached data in the background will be completely cleared within 30 natural days;
• Anonymized information such as automatically collected device data and usage data will be retained until the purpose of collection is achieved (e.g., usage data for function optimization is retained for 6 months, and will be deleted in advance if there is no subsequent optimization need);
• After account cancellation, we will completely delete or anonymize all personal data within 30 natural days (except as required by laws and regulations, such as relevant data that needs to be retained to respond to potential legal disputes, which will be deleted immediately after the dispute is resolved).
3.2 Security Protection Measures
We attach great importance to the security of user information and have established a sound information security management system, adopting dual technical and management safeguards to prevent the leakage, tampering, loss, or unauthorized access of user information:
• Technical Protection: Adopt technical measures such as access control (Role-Based Access Control, RBAC), data encryption (dual encryption for transmission and storage), firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) to provide full-lifecycle security protection for data; regularly conduct security scans and vulnerability repairs on servers and databases to ensure system security and stability.
• Management Specifications: Establish strict information security management systems, clarify the information access rights of internal personnel, and only authorized personnel can access user information within the necessary scope. Access behavior requires multiple identity verification (such as account password + dynamic verification code) and operation log recording; regularly conduct information security training and compliance assessments for employees to enhance their awareness of data protection; establish a security audit mechanism to regularly investigate data security risks, with audit logs retained for at least 1 year.
• Emergency Response: Formulate a "Data Security Incident Emergency Response Plan". In the event of a security incident such as leakage, tampering, or loss of user information, we will immediately activate the emergency response mechanism, take remedial measures (such as blocking unauthorized access accounts, repairing security vulnerabilities, and cleaning up leaked data), and notify affected users through in-app pop-ups, push notifications, etc., within 72 hours, explaining the cause of the incident, scope of impact, and subsequent handling measures; if the incident involves significant user rights and interests, we will simultaneously report to the relevant regulatory authorities.
4. Data Sharing and Disclosure of Information
We promise not to sell, rent, or lend your personal information to any third party. We will only share or disclose your information in the following strictly limited scenarios, based on your authorization or legal requirements, and will take necessary measures to ensure information security:
4.1 Third-Party Service Providers
To implement the App's core service functions (such as data storage, crash statistics, AI computing), we may share necessary information with third-party service providers that have passed compliance reviews. The shared information has been anonymized, desensitized, or encrypted, and third parties may only use the information within the scope of providing services to us and shall not use it for any other purposes:
• Scope of Sharing: Only share the minimum necessary information to implement services. For example: share encrypted content data (such as images you publish) with cloud storage service providers (e.g., AWS S3) for storage; share anonymized device data and crash logs with crash statistics service providers (e.g., Firebase Crashlytics) to troubleshoot App malfunctions; share your anonymized consultation content with AI technology service providers to generate fitness guidance suggestions.
• Compliance Requirements: All third-party service providers have passed our strict compliance reviews to confirm their compliance with Google Play platform data policies and relevant laws and regulations (such as GDPR, CCPA), and have signed a Data Processing Agreement (DPA) clarifying their data protection obligations, liability division, and breach handling methods. We will regularly supervise the information processing activities of third-party service providers; if we find that they violate the agreement, we will immediately terminate cooperation and require them to delete all obtained information.
4.2 Legal and Public Order Requirements
We may disclose your information without prior consent in the following circumstances:
• Disclose necessary user information in response to legitimate requests from judicial authorities, administrative regulatory departments (such as courts, procuratorates, public security organs, data protection agencies), or in accordance with legal documents such as subpoenas, investigation letters, and search warrants, to comply with laws and regulations and cooperate with regulatory investigations;
• Disclose necessary information within a reasonable scope to protect public interests, social security (such as responding to terrorism, major public health incidents), or to protect our legitimate rights and interests, as well as the safety or property of users (such as responding to fraud, account theft, service abuse, dissemination of illegal information, etc.);
• In the event of corporate asset transactions such as mergers, acquisitions, or bankruptcy liquidation, if user information transfer is involved, we will require the transferee to continue to comply with the requirements of this Privacy Policy and relevant laws and regulations to ensure the security of user information, and will notify you in a prominent manner in advance, with you having the right to choose whether to continue using the service.
5. User Rights
In accordance with the requirements of laws and regulations in different countries and regions, including the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), UK Data Protection Act 2018 (compatible with GDPR), U.S. federal and state regulations (CCPA/CPRA, Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), etc.), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Australian Privacy Act 1988 and Australian Privacy Principles (APPs), Indian Digital Personal Data Protection Act (DPDP Act, 2023), etc., you have the right to access, correct, delete, export your personal information, withdraw consent, restrict processing, data portability, complain, and other rights. We provide convenient channels for you to exercise these rights, and clarify the special rules for core European and American markets and other regions as follows:
5.1 Right of Access and Correction
You can view all your personal data (including account information, published training content, check-in records, AI consultation history, feedback records) at any time through the App's "Personal Center" function, with free access and no restrictions on the number of times. If you find any errors, incompleteness, or inaccuracies in the information, you can directly edit and modify it on the corresponding page (such as modifying your nickname, deleting incorrect check-in records), with modifications taking effect immediately.
Regional Special Rules: 1. EU (GDPR) and UK (UK GDPR): You have the right to request us to provide a copy of your personal information in a clear and easy-to-understand format. If you believe the information processing is illegal, you may simultaneously request us to explain the legal basis, purpose, third-party sharing status, and data retention period of the information processing; UK users may seek additional advice from the Information Commissioner's Office (ICO). 2. U.S. (State Privacy Laws): Users in California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other states have the right to obtain a free personal information access report for the past 12 months, including information categories, sources, usage purposes, and third-party sharing details; correction requests must be responded to within 15-45 business days, with one extension (up to 45 days) allowed. 3. Canada (PIPEDA): You have the right to request us to confirm whether we hold your personal information and obtain a complete record of information processing, including the name and region of the data recipient; if the information processing involves cross-border transmission, we must explain the legal basis for the transmission to you. 4. India (DPDP Act): You have the right to request us to confirm whether your personal data is being processed and obtain relevant details of the data processing (including information about the data recipient). 5. Australia (APPs): We must respond to your access request within 30 business days; if an extension of the response period is required, it shall not exceed 60 business days at most, and we must notify you of the reason for the extension and the expected time in advance.
5.2 Right to Data Export
You can submit an export application through "Settings - Privacy Center - Data Export" and request to export all your personal data (including supplementary account information, check-in records, published content, AI consultation records, etc.) in JSON format (or other machine-readable format specified by you). We will complete data collation within 30 business days of receiving your application and provide you with a download link through in-app message push. The exported data is only accessible to you, and we will not retain the exported files, with the export service provided free of charge.
Regional Special Rules: 1. EU (GDPR) and UK (UK GDPR): You have the right to data portability and may request us to transmit your personal data directly to another data controller in a structured, commonly used, and machine-readable format. If technically feasible, we will complete the data transmission directly without your intermediation; data transmission for UK users must comply with UK GDPR cross-border transmission rules. 2. U.S. (State Privacy Laws): Users under California CPRA and Virginia VCDPA may request us to export all personal data in a machine-readable format, with clear indication of data sources; California users have the right to request us to stop sharing personal information with third parties for targeted advertising (the App has no advertising functions, so this right corresponds to restrictions on data sharing). 3. Canada (PIPEDA): Data export must comply with cross-border data transmission requirements. If the recipient is located outside Canada, we must ensure the recipient has an equivalent level of data protection, or adopt supplementary measures such as encryption and signing data processing agreements. 4. India (DPDP Act): Data export must comply with relevant Indian government regulations on cross-border data transmission. If you request export to an entity outside India, you must ensure the recipient meets the compliance requirements of the DPDP Act. 5. Australia (APPs): You may request us to provide a copy of the data in a format suitable for your use; if there are reasonable difficulties, we may provide a data summary or arrange for you to inspect the original data.
5.3 Right to Erasure ("Right to Be Forgotten")
You have the right to erasure (referred to as the "right to be forgotten" under EU GDPR), which can be exercised in the following ways:
• Deletion of Individual Content: For published training content, AI consultation records, and feedback information, you can click the "Delete" button on the corresponding content page to complete deletion immediately, with no possibility of recovery after deletion;
• Deletion of All Data: Submit an account cancellation application through "Settings - Privacy Center - Account Cancellation" or contact us to cancel your account. After account cancellation, we will completely delete or anonymize all your personal data within 30 natural days in accordance with Section 3.1 of this Policy (except as required by laws and regulations);
• Batch Deletion Request: If you need to batch delete specific types of data (such as all check-in records, all consultation records), you can submit a request through in-app feedback or the contact email, specifying the type and scope of data to be deleted. We will complete processing and feedback results within 15 business days.
Regional Special Rules: 1. EU (GDPR) and UK (UK GDPR): You may request immediate deletion of data in the following circumstances: the data is no longer necessary for the purpose of collection, you withdraw consent, our processing is illegal, deletion is required by law, or you object to processing based on public interest. If we have shared the data with third parties, we will notify the third parties to stop processing and delete the data (unless otherwise required by law or the third party has an independent basis for processing). 2. U.S. (State Privacy Laws): Users under California CCPA/CPRA, Virginia VCDPA, and other states have the "right to deletion" (similar to the right to be forgotten) and may request deletion of all personal information held by us. We must complete deletion within 45 business days, with one extension (up to 45 days) allowed; we must notify third parties with whom the data was shared to stop use and delete the data (if feasible). 3. Canada (PIPEDA): If the data is inaccurate, incomplete, or irrelevant to the purpose of processing, you may request deletion or correction; if we have shared incorrect data with third parties, we must notify the relevant parties to make corrections or delete the data. 4. India (DPDP Act): If you believe the data processing violates the DPDP Act or the data collection did not obtain your valid consent, you may request immediate deletion of the data. We must complete deletion and issue a deletion certificate within 7 business days of receiving the request. 5. Australia (APPs): If the data is inaccurate, outdated, or irrelevant to the purpose of processing, you may request deletion. We must handle the deletion request simultaneously with the access request; if deletion would affect other legitimate rights and interests, we must explain the reason to you and provide an alternative solution.
5.4 Right to Withdraw Consent
You may unconditionally withdraw your consent to information collection, use, and permission authorization at any time. After withdrawing consent, we will immediately cease the collection and use of relevant information, but this will not affect the legality of information processing conducted based on your prior consent. Specific methods are as follows:
• Withdrawal of Permissions: Revoke storage, camera, microphone, and other permissions through "Settings - Apps - FitRize - Permissions" on your device. After revocation, the corresponding functions will be unavailable, and we will no longer collect information corresponding to these permissions;
• Withdrawal of Information Use Consent: If you no longer want us to use your usage data, consultation information, etc., you can submit a withdrawal request through in-app feedback or the contact email, specifying the type of information for which consent is withdrawn. We will immediately cease the use of relevant information and delete or anonymize it as required;
• Full Withdrawal of Consent: If you wish to fully withdraw your consent to this Privacy Policy, you must cancel your account. After the account cancellation process is completed, it will be deemed that all consents have been fully withdrawn.
Regional Special Rules: 1. EU (GDPR) and UK (UK GDPR): The method of withdrawing consent must be as simple as the method of giving consent. You can withdraw consent at any time through the contact methods specified in this Policy. We must make the withdrawal effective immediately upon receiving the request and record the withdrawal time; withdrawal of consent does not affect the validity of information processing conducted based on valid prior consent. 2. U.S. (State Privacy Laws): For users under Virginia VCDPA and Colorado CPA, after withdrawing consent, we must confirm the processing result within 10 business days and stop subsequent information collection and use; California CPRA requires us to clearly record the acquisition and withdrawal of consent for at least 3 years. 3. Canada (PIPEDA): You may withdraw consent at any time, and we must stop data processing within a reasonable period (no more than 30 days); if withdrawal of consent will affect service provision, we must clearly notify you of the consequences in advance. 4. India (DPDP Act): After you withdraw consent, we must immediately stop data processing. If the data has been used for service provision and cannot be separated, we must delete the relevant data unless otherwise required by law. 5. Australia (APPs): We must clearly inform you of the method and consequences of withdrawing consent, and shall not set unreasonable obstacles. After withdrawal, we must confirm the processing result within 10 business days.
5.5 Right to Complain and Consult
If you have questions, objections, or believe your rights have been infringed regarding the processing of your personal information, you can contact us through the methods specified in Section 9 of this Policy (in-app feedback, contact email, contact address). We will verify and reply to the processing result within 30 business days of receiving your feedback; for urgent matters (such as data leakage affecting your legitimate rights and interests), we will give priority to processing within 7 business days.
Regional Special Rules: 1. EU (GDPR) and UK (UK GDPR): If you are dissatisfied with our processing result, you can file a complaint with the data protection authority (DPA) of your member state or the UK Information Commissioner's Office (ICO). Complaints can be submitted online or offline, and the data protection authority will handle your complaint free of charge and issue an opinion; you may also file a lawsuit with the court or request us to assume liability for infringement if eligible. 2. U.S. (Federal and State): At the federal level, you can file a complaint about data violations with the Federal Trade Commission (FTC); California users can file a complaint with the California Attorney General's Office or the California Privacy Protection Agency (CPPA), and CPRA grants users the right to class action lawsuits (for "intentional or reckless" violations); users in Virginia, Colorado, and other states can file complaints with the state attorney general's office. 3. Canada (PIPEDA): You can file a complaint with the Office of the Privacy Commissioner of Canada (OPC). The OPC will conduct an investigation and issue an investigation report. If a violation is identified, it may order us to make corrections, and in serious cases, recommend criminal prosecution. 4. India (DPDP Act): You can file a complaint with the Data Protection Commission of India (DPC). The complaint must include a written application and relevant evidence. The DPC will complete the investigation and make a decision within 60 business days of receiving the complaint. If we are found to have violated the law, the DPC will order corrections and may impose fines. 5. Australia (APPs): You can file a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC will assess the complaint and promote mediation. If mediation fails, it will initiate an investigation process, and the investigation result will be made public (unless it involves personal privacy). You may also file a civil lawsuit with the court in accordance with the Australian Consumer Law.
5.6 Explanation on Exercising Rights
To ensure the security of your information and prevent others from exercising rights in your name, we may require you to complete account identity verification when you exercise the above rights. Verification methods include but are not limited to: verifying account login status, confirming key operation records in the account (such as the last check-in time, published content), answering preset security questions, etc. After successful verification, we will process your application immediately, and no additional personal information will be collected during the verification process.
Regional Special Rules and Supplementary Explanations: 1. EU (GDPR) and UK (UK GDPR): Our identity verification measures must comply with the "principle of proportionality" and shall not set unreasonable obstacles to your exercise of rights. If you cannot complete online verification, you can provide written identification documents (such as a copy of your passport or ID card) for offline verification. We will keep the documents strictly confidential and delete them immediately after verification is completed; verification for UK users must comply with ICO's identity verification guidelines. 2. U.S. (State Privacy Laws): For users in California, Virginia, and other states, our verification measures shall not be excessively cumbersome, and verification and feedback results must be completed within 10 business days; we shall not require users to create an account or provide irrelevant information as a condition for verification. 3. Canada (PIPEDA): Verification must be based on the principle of "reasonableness and necessity", only collecting the minimum information necessary to achieve the verification purpose, and the verification data will be deleted immediately after verification is completed. 4. India (DPDP Act): Verification must comply with relevant Indian government regulations on identity verification, and Aadhaar authentication (if voluntarily provided by you) or other equivalent verification methods may be adopted, with the verification process ensuring the security of your identity information. 5. Authorized Exercise of Rights: If you authorize others to exercise rights on your behalf, you must provide a written power of attorney (including the scope of authorization, authorization period, and identity information of both parties) and identity documents of both parties. We will process the request after verification. The processing cycle for authorized requests shall not exceed 45 business days; users in the EU and California, U.S. may authorize agents to exercise rights, with the agent required to provide a written power of attorney. 6. Principle of Free Service: Except as otherwise required by laws and regulations, the exercise of the above rights is free of charge. We will not charge any fees in any form, nor require you to purchase paid services as a condition for exercising rights; California CPRA explicitly prohibits restricting users' exercise of rights through "differential pricing".
In addition, in accordance with EU GDPR, UK GDPR, and Canadian PIPEDA, you also have the right to restrict processing: If you dispute the accuracy of the data, the processing is illegal but you do not request deletion, or we no longer need the data but you need it for legal disputes, you may request us to restrict data processing (only retaining the data without using, sharing, or performing other operations); Canadian users may also request us to suspend sharing data with third parties until the restriction conditions are lifted. During the restriction period, we will suspend all data processing activities except storage until the restriction conditions are lifted, and promptly notify you of changes in the restriction status. In accordance with California CPRA, you also have the right to opt out (the App has no third-party data sales/sharing behavior, so this right corresponds to restricting the use of data for non-essential service scenarios), and may request us to stop using your personal data for scenarios beyond the original collection purpose.
6. Third-Party Service Instructions
The App may contain a small amount of content related to third-party services, including third-party SDKs and third-party links. The information processing rules of third-party services are formulated by the third parties themselves and are unrelated to us. We are not liable for the information security and compliance of third-party services, and recommend that you carefully read the third parties' privacy policies:
• Third-Party SDKs: To implement core service functions, the App integrates a small number of third-party SDKs that have passed compliance reviews. All SDKs do not collect non-essential information, as detailed below:
Firebase Crashlytics (Google LLC): Used to collect anonymized App crash logs and device data to help us troubleshoot malfunctions. Its privacy policy is available at: https://policies.google.com/privacy;
Third-Party Links: The App may contain a small number of third-party links (such as links to fitness knowledge references, compliance policy references). Clicking such links will redirect you to third-party websites or applications. The information processing behavior of third parties is subject to their own privacy policies, and we are not responsible for their content or information security. We recommend that you visit with caution.
We have conducted strict compliance reviews on all integrated third-party SDKs to ensure they comply with Google Play platform data policies and relevant laws and regulations and do not collect information unrelated to services. If we subsequently find that a third-party SDK collects information in violation of regulations, we will immediately terminate the integration and require the third party to delete all obtained information.
7. Protection of Children's Privacy
The App strictly complies with Google Play's Children's Data Protection Guidelines and relevant laws and regulations such as GDPR and the Children's Online Privacy Protection Act (COPPA) of the United States. The App is not intended for children under the age of 18, and we will not intentionally collect or store any personal information of children under the age of 18:
• If you are a child under the age of 18, please do not download, install, or use the App; if we discover that we have inadvertently collected personal information of a child under the age of 18, we will immediately initiate a data deletion process, completely delete all relevant data within 7 natural days, and terminate the provision of services;
• If you are a minor between the ages of 18 and 18, you must read this Privacy Policy under the guidance of a guardian and obtain the guardian's explicit consent before downloading, installing, or using the App; guardians may contact us to exercise the right to access, correct, delete, etc., the minor's personal information.
8. Disclaimer
Please understand that although we have taken reasonable security and service guarantee measures, there are still the following risks that are beyond our full control. In such cases, we shall not be liable:
• AI Service Disclaimer: Fitness guidance, movement correction suggestions, nutritional reference plans, etc., provided by the AI Personal Trainer Assistant are only reference information generated based on general fitness knowledge and user consultation content, and do not constitute medical diagnosis, treatment advice, or professional fitness guidance. You should use this information rationally in combination with your own health status (such as whether you have underlying diseases, sports injuries), and consult professional medical personnel or fitness coaches when necessary. You shall bear full responsibility for any health risks (such as sports injuries, physical discomfort) arising from the use of such suggestions.
• Information Security Disclaimer: We have adopted the security protection measures specified in Section 3.2 of this Policy, but cannot completely avoid interception or attacks during network transmission, or information leakage, tampering, or loss caused by force majeure (such as earthquakes, floods, wars), third-party malicious acts (such as hacking, virus infections), or other factors beyond our control. We shall not be liable for such situations, but will make every effort to cooperate with relevant departments in investigation and handling and assist you in reducing losses.
• Service Quality Disclaimer: The App is provided "as is". We strive to ensure the stability and continuity of the service, but do not guarantee that the service will be uninterrupted or error-free (such as temporary service interruptions caused by server maintenance, network failures, technological iterations, etc.). We shall not be liable for indirect losses caused to you by service interruptions or errors (such as delays in training plans). If the service interruption lasts for more than 24 hours, we will notify you in a prominent manner.
• User Behavior Disclaimer: Your content published through the App and interactions with other users must comply with laws and regulations and the App's User Agreement. You shall bear full legal responsibility for any legal liability arising from your publication of illegal information, infringement of others' rights and interests, abuse of services, or other acts. We have the right to delete illegal content, suspend, or cancel your account in accordance with relevant regulations.
9. Contact Us
If you have any questions regarding this Privacy Policy, need to exercise relevant rights, or have any complaints or suggestions, you can contact us through the following methods:
• Contact Email: elecscapcor3331@gmail.com
• In-App Feedback: Submit information through the "Personal Center - Feedback & Suggestions" function in the App. We will review and process it promptly.
• Contact Address: 418 BROADWAY NUM 6041, ALBANY, NY 12207
• Response Timeframe: We will complete verification and reply with the processing result within 30 business days after receiving your email or in-app feedback. For complex issues, the timeframe may be extended appropriately, but we will notify you in advance of the reason for the extension and the expected reply time.
Data Controller
The personal information processing activities of this App are the responsibility of Ninzbao LLC as the Data Controller. This Privacy Policy is an important part of the User Agreement and has the same legal effect as the User Agreement. In the event of any inconsistency between this Privacy Policy and the User Agreement, this Privacy Policy shall prevail. Should this Privacy Policy conflict with relevant laws and regulations, the laws and regulations shall prevail. The final interpretation of this Privacy Policy belongs to Ninzbao LLC.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) who is responsible for supervising the compliance of the App's personal information processing activities and responding to user inquiries, complaints, and requests regarding personal data rights. The Data Protection Officer is Alex Johnson. You may contact us using the email address provided above (please indicate "DPO Inquiry/Complaint" in the email subject line).