Privacy Policy

SPYKFIT (“we”, “us”) operates a fitness coaching platform that provides AI movement assessments and on-demand expert video reviews from certified strength coaches. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it.

You can reach us at support@spykfit.com for any privacy-related questions.

Account information. Name, email, password (hashed, never stored in plaintext), and optional Google account ID if you sign in with Google.

Profile data. Age, gender, height, weight, training experience, equipment, goals, and any injury notes you provide during onboarding.

Assessment data. Your numerical scores and answers across the five movement pillars (Push, Pull, Squat, Hinge, Core).

Workout videos. Videos you upload for coach review. Stored privately on Amazon Web Services (AWS) S3 in the United States. Accessible only by you, your assigned coach, and SPYKFIT administrators.

Coach feedback & communications. Written and timestamped feedback delivered to you, your follow-up questions, and any escalation issues you file.

Payment data. Card details are entered directly with Stripe and never stored on our servers. We retain only the Stripe customer ID, subscription status, and credit balance.

Usage data. Pages visited, actions taken, device type, browser, IP address (for security and abuse prevention).

• Deliver the SPYKFIT service (assessments, AI insights, coach reviews)
• Match you with the most suitable coach for your specific lifts and history
• Generate personalized AI movement profiles using your assessment scores plus the onboarding profile data you provided (age, gender, height, weight, training experience, equipment access, goals, and any injuries) via Anthropic's Claude API. We do not send your name or email to Anthropic. Anthropic does not train on or retain your data per their commercial agreements.
• Process payments via Stripe
• Communicate with you about your account, reviews, and product updates
• Detect and prevent fraud, abuse, or violations of our Terms
• Comply with applicable law

We do not sell your personal information. We do not share your videos with anyone outside SPYKFIT and your assigned coach. We do not train AI models on your data.

We use the following providers to deliver the service. Each handles only the minimum data needed for its function:

• Stripe — payment processing
• Amazon Web Services — video and database hosting (United States)
• Neon — managed PostgreSQL database
• Vercel — application hosting
• Anthropic (Claude API) — AI insight generation
• Google — optional Google Sign-In

Each provider operates under its own privacy policy. We have signed data processing agreements where applicable.

• Account & profile data: as long as your account is active.
• Workout videos & reviews: retained for the life of your account so you can revisit prior coach feedback.
• Payment records: retained for 7 years to meet tax and accounting obligations.
• Deleted accounts: personal data is removed within 30 days of deletion request, except where law requires retention.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information
• Delete your account and associated data
• Export your data in a portable format
• Object to processing for marketing purposes
• Withdraw consent where consent is the basis for processing

To exercise any of these rights, email support@spykfit.com. We will respond within 30 days.

We use industry-standard security including HTTPS in transit, encrypted databases at rest, hashed passwords (bcrypt), JWT-based authentication with secure cookies, and least-privilege access controls. No system is 100% secure; in the event of a data breach affecting your information, we will notify you in line with applicable law.

SPYKFIT is not intended for children under 13. We do not knowingly collect data from anyone under 13. Users between 13 and 18 should use SPYKFIT under the supervision of a parent or legal guardian, particularly when uploading workout videos involving load progression.

SPYKFIT operates from and stores data in the United States. If you access SPYKFIT from outside the US, your data will be transferred to and processed in the US.

We may update this policy from time to time. We will notify you of material changes by email or by an in-app notice at least 14 days before changes take effect. Continued use after that period constitutes acceptance.