Privacy Policy

Last updated: April 15, 2026

1. Who We Are

ARC Fitness ("ARC," "we," "us," or "our") operates the ARC mobile application, the website at getarcfit.com, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect:

Email address
Username and display name
Password (stored as a salted hash, never in plain text)
Profile photo (optional)

Health & Fitness Data

When you use ARC's tracking features, we may collect:

Workout logs (exercises, sets, reps, duration)
Meal logs and nutrition data
Body measurements (weight, height, body fat percentage)
Daily activity metrics (steps, active minutes, calories burned)
Progress photos

Third-Party Fitness Data

When you connect a third-party fitness service (such as Strava, Fitbit, Oura, Google Fit, Whoop, or Garmin), we receive activity and health data from those services according to the permissions you grant. This may include:

Activity data (runs, rides, workouts, GPS routes)
Heart rate data
Sleep data
Step counts and daily activity summaries
Calories burned

We only access data you explicitly authorize and you can disconnect any third-party service at any time from your ARC settings.

Usage Information

We automatically collect:

Device type, operating system, and browser
IP address and approximate location (city-level)
Pages visited and features used
Crash reports and performance data

Payment Information

Payments are processed by Stripe. We do not store your credit card number, bank account, or full payment details on our servers. We receive a Stripe customer ID and subscription status to manage your plan.

Website Analytics

Our marketing website at getarcfit.com uses standard web analytics to understand how visitors find and use the site. Specifically:

Google Analytics 4 — aggregate page views, navigation patterns, and referral sources.
Meta Pixel (Facebook/Instagram) — measures conversions from paid campaigns we may run on Meta platforms.

These tools collect the Usage Information listed above via cookies and similar technologies. They do not receive your health or fitness data, payment details, or account identifiers. You can opt out of Google Analytics via the official opt-out browser add-on, and you can manage Meta's use of tracking data at facebook.com/settings/ads.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Personalize your experience (AI workout plans, AI meal plans, food analysis)
Sync and display fitness data from connected third-party services
Process transactions and manage subscriptions
Send transactional emails (account verification, password resets, billing receipts)
Analyze usage patterns to improve the Service
Detect, prevent, and address fraud or technical issues
Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share information with:

Service providers who help us operate the Service (hosting, payment processing, analytics, AI model providers). These providers are contractually obligated to protect your data.
Other users only for features you explicitly enable (public profile, social posts, community features). You control your visibility settings.
Trainers you subscribe to, who can view your assigned workout and nutrition data to provide coaching.
Legal authorities when required by law, court order, or to protect the safety of our users.

5. Third-Party Integrations

When you connect third-party fitness services, your use of those services is governed by their own privacy policies. We encourage you to review the privacy policies of any third-party service you connect:

Strava: strava.com/legal/privacy
Fitbit: fitbit.com/legal/privacy-policy
Oura: ouraring.com/privacy-policy
Google Fit: policies.google.com/privacy
Whoop: whoop.com/privacy
Garmin: garmin.com/privacy

You can revoke ARC's access to any connected service at any time through your ARC settings or through the third-party service's own settings.

6. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS/HTTPS) and at rest
Secure authentication with hashed passwords
Row-level security policies on our database
Regular security audits
OAuth 2.0 with HMAC-signed state parameters for third-party connections

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Export your data in a portable format
Withdraw consent for data processing
Object to certain types of processing

To exercise any of these rights, contact us at privacy@getarcfit.com.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@getarcfit.com
Website: getarcfit.com