Legal // REF_DOC-001
Privacy Policy
Last update: 2026-05-04 · Fit-bot by Geron Labs · geronlabs.ru
[SEC-01]
Who We Are
Fit-bot is a Telegram-based fitness management application developed and operated by Geron Labs (geronlabs.ru). This Privacy Policy explains how we collect, use, and protect your personal data when you use the Fit-bot service.
By using Fit-bot, you agree to the terms described in this policy.
[SEC-02]
Data We Collect
- Telegram user ID and public profile data (name, username) — obtained via HMAC-validated Telegram WebApp auth
- Fitness data you enter: workout logs, weights, measurements, body composition
- Nutrition data: food diary entries, calorie and macronutrient records
- Photos you voluntarily submit for food recognition (not stored permanently)
- Trainer-client relationships and session activity
[SEC-03]
How We Use Your Data
- To provide the Fit-bot service: display your workouts, track progress, notify your trainer
- To process food photos for nutrition estimation (photo sent to recognition API, not stored)
- To calculate achievements and weekly statistics
- To send push notifications via Telegram about workouts and progress
- We do not sell, rent, or share your personal data with third parties for marketing purposes
[SEC-04]
Third-Party Services
- Telegram — authentication and push notifications. Telegram's Privacy Policy applies.
- FatSecret Platform API — food recognition and nutrition database. Photos are sent for analysis and not retained after the response. platform.fatsecret.com
- Paddle — payment processing. Paddle acts as Merchant of Record. Paddle's Privacy Policy applies to payment data.
- Vercel / hosting infrastructure — server hosting and content delivery.
[SEC-05]
Data Retention
Your data is retained for as long as your account is active. If you stop using the service, data is retained for up to 12 months unless you request deletion. Daily backups are maintained with 7-day retention.
[SEC-06]
Your Rights
- Request a copy of your personal data
- Request correction or deletion of your data
- Withdraw consent at any time by contacting us
- Data portability — request export in machine-readable format
[SEC-07]
Security
All Telegram authentication uses HMAC signature validation. Data is transmitted over HTTPS. No plaintext credentials are stored. We conduct daily backups with zero data-leak track record.