We built Fytvio to help athletes understand and improve their own health. Being clear about what data we collect and why is fundamental to that trust.
Fytvio is operated by ValueSpring LLC ("we", "us", "our"), an AI-powered wellness and performance coaching application. When you use the Fytvio app or website at fytvio.com, we act as the data controller for the personal data described in this policy.
Fytvio is intended for informational, educational, wellness, and performance-coaching purposes only. Fytvio is a consumer wellness application and is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA).
For questions about this policy or your data, contact us at info@valuespringllc.com.
When you create an account, we collect:
To personalise your coaching, you may optionally provide:
Fytvio's core function is to analyse health and activity metrics from supported integrations that you explicitly connect. Available integrations may change over time as new providers are added or existing providers are removed.
| Data type | Source | Why we collect it |
|---|---|---|
| Heart rate variability (HRV) | Supported health integrations, where available | Readiness score, recovery coaching |
| Resting heart rate | Supported health integrations, where available | Readiness score, trend analysis |
| Blood oxygen (SpO2) | Apple Health, Health Connect | Health monitoring |
| Sleep data (stages, duration, score) | Supported health integrations, where available | Sleep debt calculation, recovery coaching |
| Steps, distance, floors climbed | Supported health integrations, where available | Activity tracking, load calculation |
| Active and basal calories | Supported health integrations, where available | Energy balance insight |
| VO2 max estimate | Supported health integrations, where available | Fitness trend tracking |
| Workout sessions (type, duration, HR zones, GPS) | Supported workout integrations, including Strava where connected | Training load, performance coaching |
| Body weight | Apple Health, Health Connect | Profile context for coaching |
Before the health conditions screen is shown, you must actively consent. You may optionally disclose relevant health conditions from a predefined list (for example: diabetes, hypertension, heart condition, asthma, current injury). These are stored as flags — not medical diagnoses — and are used only to shape the safety guardrails in your coaching responses. They are never shared with linked coaches or third parties.
If you connect Strava, we store an OAuth access token to sync your workout history and receive new activity events via Strava's webhook. Revoking the connection in-app also revokes the token with Strava.
We collect basic usage information including: coaching message counts, feature access events, and error logs. We do not use third-party analytics SDKs. We do not track behaviour across other apps or websites.
If you enable push notifications, we store your device's Firebase Cloud Messaging (FCM) token to send you coaching alerts and weekly summaries. You can revoke this by disabling notifications in your device settings.
We do not sell, rent, or broker your personal data to advertisers, data brokers, or any third party for commercial purposes.
We use the data we collect for the following purposes:
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing your account | Contract performance |
| Delivering your readiness score, insight cards, and dashboard | Contract performance |
| Generating personalised AI coaching responses | Explicit consent (health data) |
| Sending coaching alerts and weekly summaries via push notification | Legitimate interests / consent |
| Processing subscription payments | Contract performance |
| Detecting and preventing fraud or abuse | Legitimate interests |
| Complying with legal obligations | Legal obligation |
We do not use your health data for advertising, profiling, or for training any machine learning model. We do not make automated decisions that produce legal or similarly significant effects on you without human review.
Fytvio's coaching feature is powered by Claude, a large language model developed by Anthropic, PBC. When you send a coaching message, we construct a prompt that includes:
This prompt is sent to Anthropic's API over an encrypted connection. Anthropic processes the data to generate a response, which is returned to you in real time. AI-generated responses may occasionally be inaccurate, incomplete, or inappropriate despite the safety controls implemented within the platform.
Under Anthropic's API terms of service, Anthropic does not train its models on API customers' data. Your health data and coaching conversations are not used to train Claude or any Anthropic model. Anthropic may retain API request data for a limited period for safety and abuse-prevention purposes, subject to their own privacy policy.
If you use the BYOK feature, your API key is stored exclusively in encrypted on-device storage (iOS Keychain / Android EncryptedSharedPreferences). Your key is transmitted to our server only to make the AI API call on your behalf and is never persisted in our database. In BYOK mode, your coaching data is also governed by your chosen provider's privacy terms.
You can withdraw consent for health data processing at any time by deleting your account. This permanently removes all health data from our systems after a 30-day grace period.
Fytvio allows an athlete (person A) to grant a coach or trusted contact (person B) read-only access to their health dashboard. This feature requires explicit action from both parties and the following protections apply:
If a coach's subscription is downgraded, all linked-athlete access is automatically revoked and affected athletes are notified by email.
We use the following sub-processors to deliver our service. Each is contractually bound to process your data only as instructed and to maintain appropriate security measures.
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Database and file storage | All stored user and health data | AWS us-east-1 |
| Anthropic | AI coaching (Claude API) | Health context prompts, message text | USA |
| Resend | Transactional email | Name, email address | USA |
| Firebase (Google) | Push notifications | Device FCM token | USA / EU |
| Apple App Store | Payment processing (iOS) | Purchase receipt verification — Apple handles payment directly, we store only subscription status | USA |
| Google Play | Payment processing (Android) | Purchase token verification — Google handles payment directly, we store only subscription status | USA |
| Strava | Workout sync | OAuth token, workout data | USA |
| Render | Server hosting | All request data passing through the API | USA |
| OpenAI / Google Gemini | AI coaching (BYOK mode only) | Health context prompts, message text (only when you supply your own key) | USA |
We do not share your data with any parties not listed above, except as required by law.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at info@valuespringllc.com. We will respond within 30 days.
We take the security of health data seriously and implement the following technical measures:
Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to info@valuespringllc.com.
Fytvio is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at info@valuespringllc.com and we will delete it promptly.
Fytvio is based in the United States. If you access our service from the European Economic Area, United Kingdom, or other regions with data protection laws, your data may be transferred to and processed in the United States and other countries.
Where required, we rely on contractual and legal transfer mechanisms provided by our service providers to support international data transfers. Individual providers may maintain their own transfer mechanisms and safeguards, and links to their documentation are available on request.
We may update this privacy policy from time to time. When we make material changes — particularly changes that affect how we use health data or share data with third parties — we will notify you by email and by an in-app notice at least 14 days before the change takes effect. The updated policy will be posted at fytvio.com/privacy with a new effective date.
Continued use of Fytvio after the effective date constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account before the effective date.
If you have any questions about this privacy policy or how we handle your data, please reach out:
We aim to respond to all privacy enquiries within 5 business days and to fulfil all data subject requests within 30 days.