Privacy Policy

1. Who we are

This service is operated by Kode Pro LLC, a Utah limited liability company doing business as Kode Fit ("Kode Fit," "we," "us," "our"). You can reach us at [email protected] or by mail at 1174 N 1525 E, Payson, UT 84651.

2. What this policy covers

This Privacy Policy applies to the Kode Fit platform, including:

• The Kode Fit marketing website at kodefit.com.
• The Kode Fit coach dashboard at app.kodefit.com.
• Any gym-branded iOS app powered by the Kode Fit platform (collectively, the "Service").

If you use a gym-branded iOS app, the gym's name appears on the app, but the underlying technology, data storage, and platform operations are provided by Kode Fit. This policy explains how Kode Fit handles your data; the gym may have additional policies governing its own services.

3. Personal data we collect

3.1 kodefit.com visitors

When you visit kodefit.com, our servers automatically record your IP address, the browser and operating system you use, the pages you request, and the time of each request. We use these logs only for security, abuse detection, and operations. We retain them for approximately 30 days, then delete or rotate them.

3.2 Coaches using the dashboard (app.kodefit.com)

When a coach signs in to the Kode Fit dashboard, we collect:

• Account information: email address, name, hashed password, and the partner gym you work for.
• Session information: the IP address and timestamp of each sign-in.
• Content you create: messages drafted or sent to your gym's members, AI-suggested reply drafts, and your search and filter activity in the dashboard.

3.3 Members using a gym-branded iOS app

If you use the iOS app for your gym, we may collect the following depending on what you do in the app:

• Account information: email address, name, and (optionally) a profile photo.
• In-app content: the nutrition logs, workout logs, photos, and messages you create. The app stores these locally on your device first and syncs them to our servers when you have a network connection.
• HealthKit data, with your explicit permission: body weight, body fat percentage, lean body mass, activity (steps and active energy), heart rate and heart rate variability, sleep, and Apple workout sessions. You authorize each category in iOS individually; we read only the categories you authorize.
• Trainerize data, if your gym uses Trainerize: Kode Fit reads your workout program and writes back the body stats you log. Your gym's coach controls the connection on the gym's behalf.

4. How we use your data

We use the data described above to:

• Provide the Service: create your account, show you your workouts, log your nutrition, deliver messages between you and your coach, and sync your authorized HealthKit data so your coach can review it.
• Suggest reply drafts to your coach using AI processing of past messages (see "AI processing" below).
• Maintain the security and integrity of the Service, including detecting abuse and unauthorized access.
• Provide customer support when you contact us.
• Send service-related communications (account notices, security alerts).
• Send marketing communications about Kode Fit and related products, only to the extent permitted by applicable law and only with the ability to opt out at any time. We do not currently send marketing emails, but we reserve the right to do so in the future.

5. HealthKit data

Apple HealthKit is a framework that lets the iOS app read health and fitness data you choose to share. The following terms apply specifically to data accessed through HealthKit:

• We never sell HealthKit data.
• We never use HealthKit data for advertising or marketing of any kind.
• We share HealthKit data only with the gym you signed up under and the coach assigned to you, for the explicit purpose of providing fitness coaching.
• HealthKit data is stored on Kode Fit's servers in the United States, with the same security controls applied to the rest of your account data.
• You can revoke any HealthKit category at any time in iOS Settings → Privacy & Security → Health → [your gym's app]. The iOS app will stop reading the revoked category immediately. Data already synced to our servers is treated under "Your rights" below.

6. Who we share your data with

Kode Fit uses the following service providers ("sub-processors") to operate the Service. Each is bound by terms that limit their use of your data to providing services to Kode Fit.

• Supabase — hosted Postgres database, authentication, and object storage (United States).
• Cloudflare R2 — object storage for photos and other media files.
• Anthropic — AI processing for coach reply drafts; messages relevant to a draft are sent in a prompt and the response is returned. Anthropic does not train models on this data.
• Voyage AI — generates numeric embeddings of past messages for retrieval. Voyage does not train models on this data.
• Trainerize — only for gyms that have enabled the Trainerize integration. Workout programs are read from Trainerize, and body stats may be written back. The coach can disconnect Trainerize at any time.
• Apple HealthKit — Apple's on-device API for reading the health data you authorize. HealthKit is provided by Apple under Apple's privacy policy.

We also share your data with your partner gym: their coaches see the data they need to coach you, including your messages, logs, and authorized HealthKit data.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

7. AI processing

To help your coach respond to you faster, the dashboard suggests reply drafts using AI. Here's what happens:

• Your past message history is processed into numeric embeddings by Voyage AI. These embeddings are stored on our servers and used to find conversations similar to the one your coach is replying to.
• When the coach asks for a draft, the relevant retrieved messages plus a brief instruction are sent to Anthropic's Claude model.
• Claude returns a suggested reply. The coach reviews and edits the draft before sending it to you.

Neither Voyage nor Anthropic uses your messages to train their AI models, per the API terms we operate under.

8. Data retention

• While your account is active, we retain your data so the Service can function.
• If you delete your account or request deletion of your data, we delete it from our active systems within 30 days and from our backups within 90 days.
• kodefit.com server logs are rotated approximately every 30 days.
• Anthropic processes prompts transiently per its API terms and does not retain them long-term.

9. Security

We use commercially reasonable measures to protect your data:

• Connections to the Service use TLS encryption in transit.
• Stored data is encrypted at rest by our hosting providers.
• Per-row authorization in our database limits access so coaches see only their gym's members.
• Multi-factor authentication is available for coach accounts.

No security control is perfect; you are responsible for keeping your account credentials safe.

10. Your rights

Regardless of where you live, you can ask us to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and data (we honor deletion within 30 days; backups within 90 days).
• Export your data in a portable JSON format.
• Opt out of marketing communications (one-click unsubscribe in any marketing email; toggle in your dashboard).
• Revoke HealthKit categories at any time in iOS Settings.

To exercise any of these rights, email [email protected] from the email address tied to your account, or use the corresponding control in the Service. We respond within 30 days.

11. Children

The Service is not directed to children under 13. iOS app accounts require age 13 or older, and partner gyms agree contractually not to onboard members under 13. HealthKit usage requires age 16 or older.

If you believe a child under 13 has provided personal data through our Service, please email [email protected] and we will delete it.

12. International users

Kode Fit operates from the United States and stores data on US-based service providers. If you access the Service from outside the United States, your data is transferred to and processed in the United States. By using the Service, you consent to that transfer.

13. Changes to this policy

If we make material changes to this policy, we will post a notice in the Service and email active users at least 30 days before the change takes effect. Cosmetic edits are posted with an updated "Last updated" date at the top of this page. Previous versions remain available at URLs of the form kodefit.com/privacy/v1.

14. Contact

Questions about this policy or your data? Email us at [email protected] or write to us at: