Privacy Policy

Last updated: 2025

1. Introduction

TFC LLC (“The Fit Corp,” “we,” “us,” or “our”) operates a mobile fitness application designed for workplace wellness. We provide general wellness services rather than medical care and are not a HIPAA-covered entity.

2. Information We Collect

We collect the following categories of data:

  • Account details including name, email, and department
  • Encrypted passwords with multi-factor authentication
  • Activity metrics covering steps, GPS-based movement, and workouts
  • Device and diagnostic information
  • Precise GPS location data (user-enabled)
  • Customer support communications
  • Marketing preferences
  • Analytics through Google Analytics and Mixpanel
  • Data from Apple Health and Google Fit integrations

We do not collect sensitive health data such as medical conditions, weight, pregnancy information, or tax identifiers.

3. How We Use Information

Data processing supports core functionality including activity tracking, challenge participation, and team leaderboards. We use information for employer reporting, maintenance, customer support, and optional marketing communications.

4. Legal Bases for Processing (GDPR/UK GDPR/EEA)

Processing relies on contractual obligations, legitimate business interests in security and analytics, and explicit user consent for integrations and marketing.

5. Sharing of Information

Data sharing occurs with:

  • Employers (for challenge data)
  • Coworkers (through leaderboards)
  • Vendors including Supabase and AWS
  • Legal authorities when required

We do not sell personal information or health-related data.

6. International Data Transfers

Information may be stored in the United States and Canada, with Standard Contractual Clauses protecting EU/UK transfers.

7. Data Security

We employ AES-256 encryption at rest and TLS encryption in transit, multi-factor authentication, and role-based access controls. No system achieves complete security, but we are committed to protecting your data with industry-standard safeguards.

8. Data Retention

Activity data and diagnostics are retained for one year. Account information persists during active employer subscriptions.

9. Your Rights

You have the right to:

  • Access, correct, or delete your personal data
  • Export your activity information
  • Withdraw consent for integrations
  • Opt out of leaderboards
  • Unsubscribe from marketing communications

To exercise any of these rights, contact us at privacy@thefitcorp.com.

10. Children's Privacy

The App is not intended for individuals under the age of 16.

11. Updates to This Policy

Policy changes require at least 30 days' notice before they take effect.

12. Contact Us

Legal Email: legal@thefitcorp.com

Address: TFC LLC, 440 Monticello Avenue, STE 1802, Norfolk, Virginia 23510, USA