1. Introduction

This Privacy Policy describes how FitScore collects, uses, stores and protects your personal data, in compliance with the General Data Protection Law (LGPD - Law 13.709/2018).

2. Data Controller

The personal trainer who registers the student is the data controller. FitScore acts as data processor, providing the technology platform.

3. Data Collected

• Identification data: name, email, phone, date of birth
• Physical data: height, weight, body measurements
• Health data (sensitive): anamnesis, injuries, pain, medications, surgeries, family history, sleep quality
• Assessment data (sensitive): postural photos, exercise videos, skinfold measurements, biomechanical profiles
• Training data: workouts, progression, performance metrics

5. Legal Basis

• Explicit consent (Art. 11, II, a) — for health and sensitive data
• Contract execution (Art. 7, V) — for providing the training service
• Legitimate interest (Art. 7, IX) — for platform improvement and security

6. Your Rights (LGPD Art. 18)

• Confirm the existence of data processing
• Access your data
• Correct incomplete or outdated data
• Anonymize, block, or delete unnecessary data
• Revoke consent at any time
• Request deletion of personal data

7. Data Retention

Your data is retained while the service relationship exists. Upon account deletion or consent revocation, health data will be anonymized or deleted within 30 days, unless legal retention is required.

8. Data Security

We implement technical and organizational measures to protect your data, including encryption in transit (HTTPS), access control based on ownership, and audit logging for administrative actions.