Privacy Policy

Last Updated: December 19, 2025

This Privacy Policy describes how Gourav Rajwani, trading as FitAstra (hereinafter referred to as "FitAstra", "we", "our", or "us"), collects, uses, shares, protects, and otherwise processes your personal information and data through our website fitastra.co, mobile application, and related services (collectively, the "Platform").

This Privacy Policy is published in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

We do not offer products or services outside India. Your personal data will be stored and processed in India in accordance with Indian laws.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree, please do not use the Platform.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

When you register, use the Platform, or interact with our services, we collect:

  • Personal Identifiers: Name, email address, phone number, date of birth, gender
  • Profile Information: Profile picture, fitness goals, fitness level, fitness interests, bio/description
  • Account Credentials: Username, password (encrypted), security questions
  • Physical Information: Height, weight, body measurements (if voluntarily provided)
  • Session Notes: Specific health concerns, injuries, or preferences you share with Trainers
  • Communication Data: Messages, chat history, reviews, and feedback

1.2 Automatically Collected Information

We automatically collect certain technical and usage data when you use the Platform:

  • Device Information: Device type, operating system, browser type, unique device identifiers
  • Usage Data: Pages visited, features used, time spent on Platform, clickstream data
  • Location Data: Approximate location based on IP address (we do NOT track precise GPS location without consent)
  • Cookies & Tracking: We use cookies, pixels, and similar technologies to enhance user experience and analyze Platform usage

1.3 Financial Information

For wallet top-ups and transactions:

  • We DO NOT store your credit/debit card numbers, CVV, UPI PIN, or bank account passwords
  • Payment processing is handled securely by licensed payment gateway partners (PhonePe, Razorpay, Paytm)
  • We collect and store: Transaction IDs, transaction amounts, payment status, wallet balance
  • Trainers: We collect PAN number and bank account details for payout compliance and tax purposes

1.4 Information from Third Parties

We may receive information from third-party sources:

  • Payment Gateways: Transaction confirmations and payment status
  • Social Media: If you link social media accounts, we may collect public profile information
  • Referral Partners: If you join through a referral, we may receive referrer information

1.5 Sensitive Personal Information

With your explicit consent, we may collect sensitive personal data:

  • Health Information: Pre-existing medical conditions, injuries, physical limitations (voluntarily shared for Trainer guidance)
  • Biometric Data: NONE — We do not collect fingerprints, facial recognition data, or any biometric information
  • Financial Data: Bank account details and PAN for Trainers only (for payouts)

2. HOW WE USE YOUR INFORMATION

2.1 To Provide Platform Services

  • Create and manage your account
  • Facilitate session bookings, package purchases, and video consultations
  • Process payments and manage FitAstra Wallet transactions
  • Enable chat and video communication between Clients and Trainers
  • Send transactional notifications (booking confirmations, payment receipts, reminders)

2.2 To Improve & Personalize Services

  • Analyze usage patterns to enhance user experience
  • Recommend Trainers based on your fitness goals and preferences
  • Customize Platform content and features
  • Conduct surveys, research, and quality assessments

2.3 For Safety & Security

  • Detect and prevent fraud, abuse, and illegal activities
  • Verify Trainer and User identities
  • Enforce Terms of Service and resolve disputes
  • Protect against security threats and data breaches

2.4 For Marketing & Communication

  • Send promotional offers, newsletters, and Platform updates (you can opt-out anytime)
  • Notify you about new features, Trainers, or special programs
  • Conduct marketing campaigns via email, SMS, or in-app notifications

2.5 Legal & Regulatory Compliance

  • Comply with legal obligations under Indian laws
  • Respond to lawful requests from government authorities or courts
  • Maintain financial records for tax and audit purposes
  • Enforce legal rights and defend against legal claims

3. DATA SHARING & DISCLOSURE

3.1 Information Shared with Trainers

When you book a session or interact with a Trainer, we share:

  • Your name, profile picture, and age
  • Fitness goals, fitness level, and interests from your profile
  • Session notes or specific concerns you provide
  • Chat messages exchanged with that Trainer

Trainers do NOT have access to:

  • Your email address, phone number (unless you choose to share)
  • Your wallet balance or payment details
  • Personal data of other Trainers you interact with

3.2 Trainer Data Handling Obligations

Trainers are contractually bound to:

  • Use your data ONLY to provide fitness services
  • NOT share, sell, or publicly disclose your personal information
  • Delete your data upon written request, subject to legal record-keeping requirements
  • Maintain confidentiality and comply with data protection standards

If a Trainer violates these obligations, please report immediately to support@fitastra.co.

3.3 Service Providers & Third Parties

We share data with trusted third-party service providers to operate the Platform:

  • Payment Gateways (PhonePe, Razorpay, Paytm): For processing payments
  • Cloud Hosting Providers: For secure data storage and server infrastructure
  • Analytics Services: For usage tracking and performance monitoring (anonymized data)
  • Communication Tools: For email, SMS, and push notification delivery
  • Video Infrastructure: For facilitating video calls (real-time, not recorded)

These third parties are bound by confidentiality agreements and can use your data ONLY for specified purposes.

3.4 Legal & Regulatory Disclosures

We may disclose your information if required by law:

  • In response to valid legal requests (court orders, subpoenas, government agencies)
  • To comply with tax, audit, or regulatory obligations
  • To protect FitAstra legal rights, prevent fraud, or ensure Platform safety
  • In connection with a business merger, acquisition, or asset sale (users will be notified)

3.5 Marketing Partners (Opt-In Only)

We may share anonymized or aggregated data with marketing partners for promotional campaigns. We will NEVER share identifiable personal data without your explicit opt-in consent.

4. VIDEO & AUDIO PRIVACY

4.1 No Recording Policy

FitAstra prioritizes your privacy during live video sessions:

  • We do NOT record, store, or archive video or audio from sessions
  • Video/audio is processed in real-time solely to transmit the call
  • Session data is NOT retained on our servers after the call ends
  • Neither Users nor Trainers are permitted to record sessions without explicit consent (violation may result in account termination)

4.2 Third-Party Video Infrastructure

Video calls are facilitated through third-party video infrastructure providers. These providers may temporarily process video/audio data to enable real-time communication but are contractually prohibited from storing or using the data.

5. PAYMENT & WALLET PRIVACY

5.1 What We Collect

  • FitAstra Wallet balance and transaction history
  • Payment gateway transaction IDs and status
  • Purchase history (sessions, packages, subscriptions)

5.2 What We DO NOT Collect or Store

  • Credit/debit card numbers, CVV, or expiry dates
  • UPI PIN, VPA credentials, or bank account passwords
  • Net banking login credentials

5.3 How Payment Data is Protected

  • All payments are processed through PCI-DSS compliant payment gateways
  • Payment credentials are entered directly on the payment gateway secure interface (not on FitAstra)
  • We receive only transaction confirmation and reference IDs
  • Wallet balances are encrypted and stored on secure servers

6. COOKIES & TRACKING TECHNOLOGIES

6.1 Types of Cookies We Use

  • Essential Cookies: Required for Platform functionality (login, session management)
  • Analytics Cookies: To analyze usage patterns and improve performance
  • Marketing Cookies: For personalized ads and promotional content (opt-out available)
  • Preference Cookies: To remember your settings and preferences

6.2 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may affect Platform functionality.

7. DATA SECURITY

7.1 Security Measures

We implement industry-standard security practices to protect your data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access; employees access data on a need-to-know basis
  • Secure Servers: Firewalls, intrusion detection, and regular security audits
  • Password Protection: Passwords hashed and salted using bcrypt
  • Regular Backups: Encrypted backups stored securely

7.2 Your Responsibilities

  • Keep your password confidential; do not share with others
  • Log out after using shared devices
  • Report suspicious activity or security breaches immediately

7.3 Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security against unauthorized access, hacking, or data breaches. You use the Platform at your own risk.

8. DATA RETENTION & DELETION

8.1 How Long We Retain Data

  • Account Data: Retained as long as your account is active
  • Transaction Records: Retained for 7 years for tax and legal compliance
  • Chat Messages: Retained for 365 days or until account deletion
  • Usage Logs: Retained for 90 days for analytics and troubleshooting

8.2 Account Deletion

You have the right to request deletion of your account and personal data:

  • Deletion Request: Contact support@fitastra.co or use the in-app account deletion feature
  • Grace Period: 30-day grace period during which you can restore your account
  • Data Hidden: Personal information immediately hidden from other users
  • Permanent Deletion: After 30 days, deletion is permanent and irreversible
  • Legal Retention: Financial transaction records may be retained in anonymized form for legal compliance

8.3 Data Shared with Trainers

Upon account deletion, Trainers are required to delete your personal data. However, they may retain anonymized session notes for professional record-keeping. Report non-compliance to support@fitastra.co.

9. YOUR RIGHTS & CHOICES

9.1 Access & Update

You can access and update your personal information anytime through Platform settings. For assistance, contact support@fitastra.co.

9.2 Opt-Out of Marketing

You can opt-out of promotional emails and notifications:

  • Click "Unsubscribe" in marketing emails
  • Disable push notifications in device settings
  • Update communication preferences in account settings

Note: Transactional notifications (booking confirmations, payment receipts) cannot be disabled.

9.3 Data Portability

You can request a copy of your personal data in a machine-readable format by contacting support@fitastra.co. We will provide the data within 30 days.

9.4 Withdraw Consent

You may withdraw consent for specific data processing activities (e.g., marketing, location tracking). Withdrawing consent may affect your ability to use certain Platform features.

10. CHILDREN'S PRIVACY

The Platform is intended for users aged 18 and above. We do not knowingly collect personal information from children under 18 without parental consent.

If you are between 13–17 years old:

  • Parent/guardian must create the account using their credentials
  • Photo ID verification required for parent/guardian
  • Parent must be present during all video sessions
  • Special privacy protections apply under POCSO Act and IT Rules 2021

If we discover that a child under 13 has provided personal data, we will delete it immediately. Parents can contact support@fitastra.co to request deletion.

11. THIRD-PARTY LINKS

The Platform may contain links to third-party websites or services (e.g., social media, payment gateways). We are not responsible for the privacy practices or content of these third parties. Your interactions with third-party sites are governed by their respective privacy policies.

12. CHANGES TO PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time to reflect:

  • Changes in data protection laws or regulations
  • New features or services introduced on the Platform
  • Changes in data processing practices

Material changes will be notified via email or in-app notification 15 days in advance. The "Last Updated" date at the top of this policy will reflect the revision date.

Continued use of the Platform after changes constitutes acceptance. If you do not agree, please stop using the Platform.

13. CONSENT

By using the Platform, you consent to the collection, use, storage, and disclosure of your information as described in this Privacy Policy.

If you provide personal data of others (e.g., emergency contacts), you represent that you have obtained their consent and have the authority to share their information with us.

14. GRIEVANCE REDRESSAL

14.1 Grievance Officer

For privacy-related complaints, concerns, or data requests, contact our Grievance Officer:

Name: Gourav Rajwani

Email: support@fitastra.co

Address: G 118, Street No 08, Ward No 20, Sriganganagar, Sri Ganganagar, Rajasthan – 335001, India

Response Time: Complaints will be acknowledged within 24 hours and resolved within 30 days.

14.2 Complaint Process

  • Step 1: Email support@fitastra.co with details of your privacy concern
  • Step 2: We will acknowledge receipt within 24 hours
  • Step 3: Investigation and resolution within 30 days
  • Step 4: If unresolved, you may escalate to data protection authorities or consumer forums

15. CONTACT US

For questions, feedback, or privacy requests:

Email: support@fitastra.co

Address: G 118, Street No 08, Ward No 20, Sriganganagar, Sri Ganganagar, Rajasthan – 335001, India

By using FitAstra, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.