ITBG Fit
 ← Back to site
Legal · 01

Privacy
Policy.

Effective 27 April 2026 Version 1.0 Jurisdiction Australia

ITBG Fit is built by one person who hates getting tracked. This policy spells out exactly what data we hold, why we hold it, and what you can do about it. No dark patterns, no marketing list, no resale.

01Who we are

ITBG Fit is operated by ITBG LABS PTY LTD, an Australian proprietary limited company based in Perth, Western Australia (in this policy, "we", "us", "our"). We are the data controller for personal information collected through the ITBG Fit web app, progressive web app (PWA), and the marketing site at itbglabs.fit.

For privacy questions, contact privacy@itbglabs.fit.

02What this policy covers

This policy applies to:

  • The marketing website at itbglabs.fit and any related subdomains.
  • The ITBG Fit progressive web app, including offline use and local caching.
  • Email correspondence you send us about your enquiry, account, or training.

It does not apply to third-party sites or services that ITBG Fit links to. When we connect to a third party on your instruction (for example Garmin Connect or Apple Health), their own privacy policy governs how they handle your data on their end.

03Data we collect

Account data

  • Name, email address, and the password hash issued by our authentication provider.
  • Login timestamps, device type, and IP address recorded by the auth provider for security purposes.

Enquiry data

  • Information you submit through the access enquiry form: name, email, primary use case, interest in a custom programme, and any free-text notes.

Training data

  • Workouts, sets, weights, reps, rest durations, programmes, exercise notes, gym location names, and any tags you assign.
  • Body composition entries you log: weight, tape measurements, optional progress photos.
  • Timer presets and session history (BitTimer rounds, intervals, cardio sessions).

Device and usage data

  • Browser type, operating system, screen size, and the routes you visit inside the app, used for debugging and performance monitoring.
  • Crash reports and error stack traces (no payload data, no full request bodies).

Optional data via integrations

  • If you connect Garmin Connect or Apple Health, we pull only the metrics you authorise (typically heart rate, sleep, daily activity, body composition).

04Why we collect it

We only collect personal information that is reasonably necessary to provide ITBG Fit and its related services. Specifically:

  • To run your account. Authenticate you, sync your data across devices, and send service emails (password resets, important security notices).
  • To deliver the product. Show you your training history, calculate volume and progression, run timers, generate session summaries.
  • To keep it working. Diagnose bugs, monitor performance, and improve the app based on aggregate usage.
  • To respond to enquiries. Process your access request, decide whether to invite you, and reply to your email.
  • To meet legal obligations. Respond to lawful requests from Australian authorities and to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

We do not use your data to train AI models. We do not sell your data. We do not run a mailing list or remarketing pixel.

05Health and sensitive information

Body composition, training load, and health metrics from connected wearables can constitute sensitive information under the Privacy Act 1988 (Cth). By creating an account and using the relevant features, you consent to us collecting and handling that information for the purposes set out in this policy.

In plain English

You can use ITBG Fit without entering any body or health data. Those features are optional. If you do log them, that data lives in your account, encrypted in transit and at rest, and is never shared without your instruction.

06Third-party integrations

ITBG Fit relies on a small set of vetted infrastructure providers. We have data processing arrangements with each, and we only share the minimum data needed for the service to work.

ProviderPurposeData sharedRegion
SupabaseDatabase, auth, file storageAccount, training, body dataSydney, AU
VercelWeb hosting, edge functionsRequest logs, IP, user-agentSydney, AU (region pinned)
CloudflareCDN, DDoS protectionRequest metadata, IPGlobal
Sentry (optional)Error monitoringStack traces, route, user IDEU
Garmin Connect (opt-in)Health data importMetrics you authorisePer Garmin
Apple Health (opt-in)Health data importMetrics you authoriseOn-device

This list is current as of the effective date above. If we add or change a provider, we will update this table and, where the change is material, notify you by email.

07Cookies and similar tech

ITBG Fit uses cookies and local storage for two narrow purposes:

  • Strictly necessary. Authentication tokens, your dark-mode preference, and the offline cache that lets the PWA work without a connection. These are essential and cannot be disabled.
  • Analytics (opt-in). Privacy-friendly aggregate analytics (page views, anonymised device class). No third-party trackers, no advertising IDs. You can opt out at any time using the cookie banner or the link in our footer.

We do not use Google Analytics, Meta Pixel, or any cross-site advertising network.

08Where data is stored

Your account and training data is stored in the Supabase Australia (Sydney) region. Backups are stored in the same region. Where a provider operates a global edge network (for example Cloudflare), edge nodes may temporarily process request metadata in other regions, but the database of record stays in Australia.

09Disclosure of personal information

We disclose personal information only:

  • To the infrastructure providers listed in section 06, under contract.
  • To you, on request.
  • Where required by Australian law, court order, or a lawful authority's request.
  • If ITBG LABS PTY LTD is sold, merged, or restructured, in which case we will notify you in advance and your rights under this policy carry over.

We do not sell, rent, or lease personal information. We do not share data with advertising or analytics networks beyond what is set out above.

10Retention and deletion

We keep personal information only for as long as we need it for the purposes set out in this policy, plus a short buffer for backups and legal compliance.

  • Account and training data. Retained while your account is active. If you delete your account, we delete it from production within 30 days and from backups within 90 days.
  • Enquiries. Retained for up to 12 months from the date of last contact, then deleted.
  • Server logs. Retained for 30 days, then rotated.
  • Financial records. If you become a paying customer, we retain billing records for 7 years as required by Australian tax law.

11Security

We protect your data using:

  • TLS 1.2+ for all data in transit.
  • Encryption at rest on the database and storage layers.
  • Row-level security policies that restrict your data to your account.
  • Hashed passwords (we never see them in plaintext).
  • Two-factor authentication, available to all accounts.
  • Principle of least privilege for any human admin access.

No system is perfectly secure. If a notifiable data breach occurs, we will tell you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.

12Your rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate, out of date, or incomplete.
  • Export your training data in a machine-readable format (CSV / JSON) at any time, from inside the app.
  • Delete your account and the associated personal information.
  • Withdraw consent for optional features (analytics, integrations).
  • Lodge a complaint with us, and if we cannot resolve it, with the OAIC.

To exercise any of these rights, email privacy@itbglabs.fit. We will respond within 30 days.

13Children

ITBG Fit is not intended for anyone under 16. We do not knowingly collect personal information from children. If you believe a child has created an account, contact us and we will delete it.

14Changes to this policy

We may update this policy from time to time. The effective date at the top of the page tells you when it was last revised. If a change is material (for example a new category of data, a new third-party processor, or a change to your rights) we will notify account holders by email at least 14 days before the change takes effect.

15Contact and complaints

ITBG LABS PTY LTD
Perth, Western Australia
Email: privacy@itbglabs.fit

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).