Skip to main content
Legal

Privacy Policy

Last updated: May 12, 2026

Short version: We collect health data (weight, calories, meals, body measurements, cycle data) to provide adaptive TDEE calculation and personalized insights. This is special category data under GDPR Article 9 and requires your explicit consent. You can export or permanently delete all your data at any time from the Settings page.

1. Who We Are

The TDEE Calculator is operated by FitnessVolt.com ("we", "us", "our"). We are the data controller for personal data collected through this service.

Contact: https://fitnessvolt.com/contact/

2. What Data We Collect

We collect the following categories of personal data when you create an account and use our service:

Account Data

  • Email address and display name (provided at registration via WordPress)
  • Account preferences (unit system, notification settings)

Health Data (Special Category under GDPR Article 9)

The following data is classified as health data under GDPR Article 9 and requires your explicit consent before we collect it:

  • Body weight - logged daily or on check-ins
  • Calorie intake - daily calorie targets and actual intake
  • Meal logs - foods, macronutrients, and meal timing
  • Body measurements - body fat percentage, muscle mass, and body composition metrics
  • Menstrual cycle data - cycle length and phase (collected only when you enable Cycle Tracking; female users only)
  • Physical characteristics - height, age, biological sex, and activity level (used for TDEE calculation)
  • Training data - exercise type, frequency, and intensity
  • Goal data - weight loss, maintenance, or muscle gain targets

Usage Data

  • Feature usage events (e.g., check-in completed, export downloaded) - stored with your account for app memory and product improvement, then purged after 90 days
  • AI coaching interactions - prompts and responses cached for 168 hours

3. Legal Basis for Processing

We rely on the following legal bases under GDPR:

Data Type Legal Basis GDPR Article
Health data (weight, calories, meals, body composition, cycle data) Explicit consent Article 9(2)(a)
Account data (email, name) Contract performance Article 6(1)(b)
AI coaching data Explicit consent (separate toggle) Article 9(2)(a)
Usage events Legitimate interest (product improvement) Article 6(1)(f)
Population benchmark contribution Explicit consent (opt-in only) Article 9(2)(a)

You may withdraw consent at any time via Settings > Data & Privacy. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. How We Use Your Data

  • Adaptive TDEE calculation - your weight and calorie logs are used to calibrate a personalized calorie target using physics-based metabolic modeling
  • Weekly check-in analysis - progress tracking, trend detection, and plateau identification
  • Personalized insights - contextual recommendations based on your logged patterns
  • AI coaching - when enabled, your recent logs are sent to an AI model to generate personalized coaching reports (see Third-Party Services below)
  • Cycle-adjusted TDEE - menstrual cycle phase is used to adjust calorie targets during follicular, ovulatory, luteal, and menstrual phases
  • Anonymous benchmarks - with explicit consent, your anonymized data may contribute to population-level TDEE benchmarks shown to other users

5. Third-Party Services

We use the following sub-processors. Each has been assessed for GDPR compliance:

Stripe (Payment Processing)

Payment collection is paused while free mode is active. If paid plans launch later, Stripe, Inc. will process subscription payments and act as the data controller for payment card data. We do not store card numbers.

Privacy policy: stripe.com/privacy

OpenRouter (AI Coaching)

When you enable AI coaching features, recent log data is sent to OpenRouter's API to generate personalized coaching responses. Data sent includes recent weight logs, calorie logs, and your stated goals. No data is used to train AI models. Responses are cached on our servers for 168 hours, then deleted.

AI coaching is OFF by default. You must explicitly enable it in Settings.

Privacy policy: openrouter.ai/privacy

USDA FoodData Central (Food Database)

Food search queries are sent to the USDA FoodData Central API. No personal data is included in these requests. The USDA is a US federal agency.

Open Food Facts (Food Database)

Barcode scanning queries are sent to the Open Food Facts API. No personal data is included in these requests. Open Food Facts is a non-profit organization based in France.

WordPress.com (Hosting Infrastructure)

The site is hosted on WordPress infrastructure. Server logs may include IP addresses for security and error monitoring purposes.

6. Data Retention

Data Type Retention Period
Daily logs, check-ins, meal logs Until account deletion
Body composition records Until account deletion
Cycle tracking data Until you disable cycle tracking or delete account
AI coaching cache 168 hours (7 days) after generation
Usage events 90 days, then automatically purged
Payment records 7 years (legal requirement for financial records)
Consent records Until account deletion (audit trail)

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights:

  • Right of access (Article 15) - request a copy of all data we hold about you
  • Right to rectification (Article 16) - correct inaccurate data
  • Right to erasure (Article 17) - permanently delete all your data ("right to be forgotten")
  • Right to data portability (Article 20) - download your data in machine-readable JSON format
  • Right to withdraw consent (Article 7(3)) - withdraw consent for health data processing at any time
  • Right to object (Article 21) - object to processing based on legitimate interest
  • Right to lodge a complaint - you may lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France)

8. Exercising Your Rights

You can exercise most rights directly from the app:

  • Export your data: Settings > Data & Privacy > Export My Data (downloads JSON)
  • Delete all your data: Settings > Data & Privacy > Delete All My Data
  • Manage consent: Settings > Data & Privacy > Privacy Preferences

For requests you cannot complete in the app, contact us at: https://fitnessvolt.com/contact/

We will respond to rights requests within 30 days.

9. Data Security

  • All data is transmitted over HTTPS/TLS
  • Passwords are hashed using WordPress bcrypt (never stored in plaintext)
  • Health data is stored in dedicated database tables with user-scoped access controls
  • API endpoints require authentication and nonce verification
  • We do not sell personal data to any third party

10. International Data Transfers

Our servers are located in the United States. If you are in the EEA or UK, your data is transferred to the US under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

11. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided health data, contact us and we will delete it.

12. Changes to This Policy

We will notify registered users by email of material changes to this policy. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after notification constitutes acceptance of the updated policy.

13. Contact

Data Controller: FitnessVolt.com
Contact form: https://fitnessvolt.com/contact/

Back to TDEE Calculator

This tool provides estimates for informational purposes only. It is not medical advice. Consult a healthcare professional before making dietary changes, especially if you have a medical condition, eating disorder history, or are pregnant/nursing.