Privacy Policy
Last updated: June 10, 2026
At AI-Fit Counter, we take your privacy seriously. This policy describes what data we collect, how we use it, and what your rights are as a user.
1. Personal data collected
We collect the following categories of data depending on the source:
| Category | Data | Source |
|---|---|---|
| Account | Email, password (bcrypt hash) | Manual registration |
| OAuth | Email, display name, Google ID | Google OAuth (scopes: email, profile) |
| Profile | Birth date, country, gender, weight | User voluntarily |
| Exercise sessions | Exercise type, reps, accuracy, duration, calories, timestamp | App after each set |
| Subscription | Customer ID, subscription ID, variant, renewal date, status | Lemon Squeezy via webhooks |
| Analytics | Aggregated stats: daily/weekly/monthly totals, personal records, leaderboard position | Calculated from sessions |
2. Camera usage
🔒 Your visual privacy is completely protected
- • The camera is used ONLY for real-time pose detection via MediaPipe Pose Landmarker (WebAssembly).
- • All processing happens on your device. Not on our servers.
- • NO video is recorded, NO images are captured, NO frames are sent to any server.
- • The only data sent to the backend are the numerical session results: reps, accuracy, duration, and calories.
- • Camera access requires your explicit permission (getUserMedia API) and can be revoked at any time from your browser settings.
- • Pose data (3D coordinates of 33 body landmarks) exists ONLY in RAM during the session and is discarded when it ends.
3. Local storage (localStorage)
We use local storage in your browser for the following features:
| Key | Purpose | Data |
|---|---|---|
afc_access_token | Maintain user session | JWT token |
afc_guest_id | Identify unregistered user | Generated UUID |
afc_session_queue | Offline queue of pending sessions | Sessions with local UUID ID |
4. Third-party services
We use the following external services:
| Service | Use | Shared data |
|---|---|---|
| Google OAuth | Authentication | Email, name, photo (only scopes email+profile) |
| Lemon Squeezy | Payment gateway and subscriptions | Email, userId |
| MediaPipe (Google) | AI pose detection model | NONE — the model is downloaded and runs locally (WASM) |
5. Database and security
- • Data is stored in MongoDB hosted on a secure cloud infrastructure provider.
- • Passwords are hashed with bcrypt (10 salt rounds) and never stored in plain text.
- • The password field is configured with select: false, meaning it is not included in database queries by default.
6. Retention and deletion
- • Data is retained as long as your account is active.
- • You can request complete deletion of your account and all associated data (sessions, analytics) by emailing our support team. (support@aifitcounter.com)
- • Guest sessions are migrated when creating an account. Orphaned guest data is automatically deleted after 90 days.
7. User rights
As an AI-Fit Counter user, you have the right to:
- ✓ Access your personal data (via profile and app dashboard).
- ✓ Rectification (profile update).
- ✓ Deletion (request by email).
- ✓ Portability (data export — Premium feature).
- ✓ Revoke consent (delete account, revoke Google OAuth, revoke camera permission).
8. Minors
- • The minimum age to use AI-Fit Counter is 13 years, validated through the birth date provided during registration.
- • We do not intentionally collect data from children under 13. If we discover a user is under the minimum age, we will proceed to delete their account and associated data.
9. Applicable legislation
AI-Fit Counter is committed to complying with the following data protection regulations depending on the user's location:
- § Law 1581 of 2012 (Colombia) — General Data Protection Regime (Habeas Data).
- § GDPR (General Data Protection Regulation) — applicable to users in the European Union.
- § CCPA (California Consumer Privacy Act) — applicable to users residing in California, USA.
10. Contact
If you have questions about this privacy policy or wish to exercise your rights, you can contact us:
Data controller email: support@aifitcounter.com