Privacy Policy

1.Summary

This Privacy Policy explains what information the Infitnite mobile app ("App") collects, why we collect it, how we use it, and the rights you have over it. We wrote it to be as direct as possible:

• We collect what we need to run the app and power your in-game progression.
• We do NOT sell your data.
• We do NOT use your data for advertising.
• Your health and fitness data stays scoped to your progression and personalization — never ads, never data mining.
• You can delete your account and all associated data from Settings → Account → Delete Account.

The sections below cover the details.

2.Who We Are

The App is operated by Infitnite LLC, 13813 65th Ave W, Edmonds, WA 98026, USA. For privacy questions, contact contact@fitnessfantasyrpg.com. For residents of the European Economic Area (EEA) and United Kingdom (UK), we are the data controller for personal data collected through the App.

3.Information We Collect

Account & identity

• Your Apple ID or Google account identifier (we do not store passwords — Apple and Google handle authentication).
• Display name and email address you associate with your sign-in provider.
• Apple identity token / Google OAuth token used to verify your sign-in (not used for any other purpose).

Profile & in-game data

• Avatar selections (race, class, role, specialization, appearance).
• Username, on-boarding answers, class / discipline selections.
• Progression data (levels, XP, skills, quests, inventory, achievements, login streaks).
• Subscription entitlement status.

Fitness & health data (only when you grant permission)

• Step counts, workout sessions, and related activity metrics from Apple HealthKit (iOS) or Android Health Connect.
• Manual workout, nutrition, and measurement logs you enter in the App.
• Meal photos you capture with the camera for meal-scan analysis.
• Self-reported injury and soreness flags (the "Tender Spots" feature). When you mark a body region as tender or recovering in the body-map injury manager, we store the region name, the time you marked it, and any optional note you write (capped at 120 characters). This is YOUR self-report — not a medical diagnosis, not a clinical record. We use it to route quest generation around the flagged regions. You can clear a flag any time from the same surface.

Voice input (optional)

• When you use voice dictation, the App accesses your microphone to turn your speech into text for logging meals, writing quest notes, and messaging your in-app companions. Audio is processed by the speech recognizer built into your device — Infitnite does not record or store the audio, only the text you choose to submit. Every field that supports dictation also accepts typed input.

Usage & device data

• Interactions with in-app features (which screens you visit, which quests you take).
• Crash reports and diagnostic logs.
• Device type, operating system version, app version, language, and time zone.
• A randomly generated device identifier for anti-abuse, session management, and push notification routing.

We do NOT collect: precise location; contacts; phone number; full payment card details (purchases are handled by Apple and Google); cross-app tracking identifiers (IDFA/AAID are not used for tracking).

4.How We Use Information

We use the information above to:

• Run the App and authenticate you.
• Track your in-game progression and convert real-world activity into XP, skills, and rewards.
• Personalize your experience (recommended quests, workouts, nutrition suggestions, difficulty scaling).
• Power AI-assisted features (meal scan analysis, combat performance analysis, workout and program generation).
• Deliver subscription entitlements.
• Detect fraud, cheating, and fabricated fitness data.
• Debug crashes, measure performance, and improve the App.
• Send optional push notifications (only if you grant permission).
• Comply with legal obligations and enforce our Terms of Service.

We do NOT use your information to build advertising profiles, target ads, or enrich third-party marketing datasets.

5.Health and Fitness Data

Health and fitness data — including anything sourced from Apple HealthKit, Apple Motion & Fitness, or Android Health Connect — is treated with an additional level of care:

• It is used ONLY to power in-app progression and personalization.
• It is NEVER used for advertising, marketing, cross-app attribution, or data mining.
• It is NEVER sold to third parties.
• It is NEVER stored in iCloud (we store data in Google Cloud / Firestore).
• We do not write false or fabricated data to HealthKit or Health Connect.
• You can revoke read or write permission at any time in your device settings; the App degrades gracefully.

These commitments align with Apple App Store Review Guideline 5.1.3 and equivalent Google Play policy.

6.AI Processing

Some features process your inputs through server-side AI models to produce analysis or personalized suggestions:

• Alchemy (meal scans and nutrition): meal photos and your nutrition inputs are sent to Google AI (Gemini) via secure cloud endpoints for image recognition and macro estimation.
• Combat analysis: your workout session data is analyzed to produce recommendations.
• Intellect: your training history informs personalized workout and multi-week program generation using Anthropic Claude (via Google Cloud Vertex AI).
• Magical Intelligence (MI) quest generation receives the LIST of regions you have flagged as tender or recovering (e.g. "lower-back, left-knee"), so it can avoid prescribing exercises whose primary movers include those regions. The optional free-text note you write on each region is NEVER sent to the AI provider; only the canonical region name is.

AI processing happens server-side; no API keys or model access live in the app you install. We do not send your name, email, or other direct identifiers to AI providers — only the input needed for the feature, associated with a pseudonymous ID. AI outputs are labeled in-app; you can report inappropriate AI output for review.

7.Legal Basis for Processing (EEA / UK)

If you are in the EEA or UK, we rely on the following legal bases:

• Performance of a contract — to provide the App and deliver the features you use.
• Consent — for health / fitness data access, push notifications, camera (meal scan), microphone (optional voice dictation), and optional AI-driven features (you can withdraw consent at any time).
• Legitimate interests — crash reporting, security, abuse prevention, and improving the App (balanced against your privacy interests).
• Legal obligations — to comply with tax, consumer protection, data protection, and law enforcement requirements.

8.Who We Share Information With

We share information only with the service providers ("processors") that help us run the App, and only to the extent each provider needs to perform its function:

• Google Firebase — authentication, Firestore database, crash metadata, App Check.
• Apple — Sign in with Apple; IAP purchase processing.
• Google Play Billing — IAP purchase processing on Android.
• RevenueCat — subscription entitlement and receipt validation.
• Sentry — crash and error diagnostics.
• OneSignal — push notification delivery (only if you grant push permission).
• Google AI (Gemini) and Anthropic (Claude via Google Vertex AI) — AI analysis features described above.
• Despia — native wrapper that packages the App for iOS and Android; handles device-level permissions, push registration, and purchase callbacks.

Supplement and food reference lookups: when a supplement or food name you type is not found in our internal verified database, that name is sent to U.S. government public reference services — the NIH Dietary Supplement Label Database and the U.S. National Library of Medicine's DailyMed — to retrieve the public product label for your reference. These reference lookups are used only to provide this feature, are not linked to your account or identity, and are not used for advertising, analytics, or sold.

We do NOT sell personal information. We do NOT share it with data brokers or advertising networks. We may disclose information if required by law, to protect our rights, or in connection with a business transfer (merger, acquisition, or sale of assets), in which case you will be notified of any material change in data handling.

9.Data Retention

We retain your personal data for as long as your account is active. When you delete your account (Settings → Account → Delete Account), we permanently delete your profile, avatar, progression, and associated data from our primary systems within a reasonable operational window. Some residual data may persist in encrypted backups, aggregated analytics (stripped of identifiers), or records required for legal, tax, security, or fraud-prevention purposes — retained only for as long as necessary and deleted thereafter.

10.Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Request deletion of your personal data ("right to be forgotten").
• Object to or restrict certain processing.
• Data portability (receive a copy of your data in a structured format).
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority (EEA / UK residents).

To exercise these rights, use the in-app tools (Settings → Account → Delete Account; Settings → Export My Data) or contact us at contact@fitnessfantasyrpg.com. We will respond within the time frame required by applicable law.

11.Account Deletion

You can permanently delete your Infitnite account from inside the App: Settings → Account → Delete Account. You will be asked to re-authenticate with Apple or Google to confirm. Deletion is immediate and cannot be undone. Your profile, avatar, progression, inventory, and associated personal data will be removed from our primary systems. If you cannot access the App (for example, because you lost the device or uninstalled it), email contact@fitnessfantasyrpg.com from the address associated with your sign-in and we will verify and execute the deletion on your behalf.

12.Children

The App is rated 12+ / Teen for content, but account creation requires users to meet the minimum age for digital consent in their jurisdiction (13+ in the United States, and the applicable minimum in other countries — for example 16 in Germany). We do not knowingly collect personal information from children below these thresholds. If you believe a child under the applicable age has signed up, contact contact@fitnessfantasyrpg.com and we will delete the account and any associated data. US users between 13 and 17 are subject to additional protections under the Children's Online Privacy Protection Act (COPPA)-informed best practices and applicable state child-privacy laws — we limit targeted profiling and do not use their data for advertising purposes regardless.

13.Security

We use industry-standard safeguards — TLS encryption in transit, encryption at rest for Firestore-hosted data, App Check for backend request validation, rate limiting, and least-privilege access controls — to protect your information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we work to reduce risk and will notify you and regulators of a data breach as required by applicable law.

14.International Data Transfers

Our primary infrastructure is hosted in the United States and other regions operated by Google Cloud. If you use the App from outside the United States, your information will be transferred to and processed in the United States and other jurisdictions. Where required by GDPR or UK GDPR, we rely on Standard Contractual Clauses and equivalent transfer mechanisms to protect your data.

15.California Residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, to access or delete it, to correct inaccuracies, and to opt out of "sale" or "sharing" of personal information. We do NOT sell or share personal information in the CCPA sense. We do NOT use sensitive personal information (including health data) for purposes other than those described in Section 4 of this Policy. To exercise any CCPA right, contact contact@fitnessfantasyrpg.com or use the in-app tools. We do not discriminate against users who exercise their rights.

16.European Economic Area and United Kingdom

If you are in the EEA or UK, Infitnite LLC is the data controller. You have the GDPR / UK GDPR rights listed in Section 10 above. The legal bases on which we rely are described in Section 7. If you have an unresolved concern, you have the right to lodge a complaint with your local data protection authority.

17.Analytics and Tracking

We use Firebase Analytics to measure feature usage and Sentry to capture crash reports. These providers process data on our behalf under data-processing agreements. We do NOT engage in cross-app or cross-website tracking, we do NOT use Apple's App Tracking Transparency (ATT) permission (because we do not track), and we do NOT use Google's AAID or Apple's IDFA for tracking purposes.

18.Notifications

If you grant push notification permission, we may send you reminders (e.g., "your bounty is ready"), progression notices, or live-event announcements via OneSignal. You can disable push notifications at any time in your device settings or in-app Settings → Notifications.

19.Changes to This Policy

We may update this Privacy Policy from time to time. When we make a material change, we will bump the version number and re-prompt you to accept the updated version via the in-app Tap-to-Enter Gate. The "Last Updated" date at the top of this document always reflects the current version. We encourage you to review it periodically.

20.Contact Us

For any privacy question or request:

• Email: contact@fitnessfantasyrpg.com
• Mail: Infitnite LLC, 13813 65th Ave W, Edmonds, WA 98026, USA

We are committed to protecting your privacy. Thank you for being part of the Infitnite community.