โ Back to Fitness Command Center
Summary: We collect health and fitness data from your wearable devices to power your personal dashboard. We do not sell your data. We do not share your data with advertisers. You can delete your data at any time.
1. Introduction
Fitness Command Center ("FCC", "we", "our", "us") is a health optimization platform operated by dundunn. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our web application at dundunn.com and any associated mobile applications.
By using FCC, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Display name (optional)
- Authentication credentials (managed by Firebase Authentication โ we do not store passwords)
2.2 Health & Fitness Data
When you connect a wearable device or health platform, we collect data including but not limited to:
- Biometric data: Heart rate, heart rate variability (HRV), resting heart rate, SpO2, respiration rate, stress levels, body battery
- Sleep data: Sleep duration, sleep stages, sleep quality scores
- Activity data: Steps, calories burned, distance, workout details, running metrics (cadence, stride, ground contact time, power)
- Body composition: Weight, body fat percentage, muscle mass, BMI
2.3 Data You Manually Enter
- Nutrition data: Meals, macronutrient values (protein, fat, carbs, calories), ingredients
- Supplement tracking: Supplement names, dosages, timing, adherence
- Habits: Custom habit definitions and daily tracking values
- Blood work: Lab panel results and biomarker values
- Notes: Personal notes on supplements, meals, or other tracked items
2.4 Third-Party Integrations
We integrate with the following third-party services to collect health data:
- Garmin Connect: Via the Garmin Connect Developer Program Health API. When you connect your Garmin account, we receive daily health summaries, activity details, and body composition data. You authorize this connection through Garmin's OAuth authentication flow.
- Apple Health (via HealthKit): With your explicit permission, our mobile app reads health data from Apple Health on your iOS device.
- Google Health Connect: With your explicit permission, our mobile app reads health data from Health Connect on your Android device.
We only access the data types you authorize. You can revoke access at any time through your device or account settings.
3. How We Use Your Data
We use your data exclusively to:
- Display your health metrics on your personal dashboard
- Calculate readiness scores, adherence percentages, and habit streaks
- Generate AI-powered insights and digests analyzing your health trends
- Estimate nutritional content of meals you describe
- Identify correlations between your habits, supplements, and biometric outcomes
- Track your progress toward personal health goals
We do NOT:
- Sell your personal data to any third party
- Share your data with advertisers
- Use your data for purposes other than providing the FCC service to you
- Access your Garmin, Apple Health, or Health Connect credentials โ we only receive authorized data through official APIs
4. AI-Powered Features
FCC uses Anthropic's Claude AI models to provide:
- Nutritional estimation from meal descriptions
- Daily, weekly, and monthly health digests
- Correlation analysis between your health metrics
When using these features, aggregated and anonymized health data is sent to Anthropic's API for processing. Anthropic does not retain this data for training purposes per their data usage policies. No personally identifiable information (name, email) is included in AI requests โ only numerical health metrics and supplement/meal descriptions.
5. Data Storage & Security
- Database: Your data is stored in a PostgreSQL database hosted on Railway (cloud infrastructure provider) with encrypted connections.
- Authentication: User authentication is handled by Google Firebase Authentication. We do not store your password.
- Encryption: All data transmitted between your browser/device and our servers uses HTTPS/TLS encryption.
- Access Control: All API endpoints require valid Firebase authentication tokens. Data is isolated per user โ you can only access your own data.
- Credentials: All third-party API keys and credentials are stored in server-side environment variables, never in client-facing code.
6. Data Retention
We retain your health and fitness data for as long as your account is active. This is necessary to provide trend analysis, historical comparisons, and long-term correlation insights.
You may request deletion of your data at any time (see Section 8).
7. Data Sharing
We do not sell, rent, or trade your personal data. We may share data only in these limited circumstances:
- Service Providers: We use Railway (hosting), Firebase (authentication), and Anthropic (AI features) as service providers. These providers process data on our behalf under their respective privacy policies and data processing agreements.
- Legal Requirements: We may disclose data if required by law, legal process, or government request.
- With Your Consent: We will not share your data with any other party without your explicit consent.
8. Your Rights
You have the right to:
- Access: View all data we hold about you through your FCC dashboard
- Correction: Edit or correct any data through the dashboard interface
- Deletion: Request complete deletion of your account and all associated data by contacting us at the email below
- Portability: Request an export of your data in a machine-readable format
- Revoke Access: Disconnect any wearable device integration at any time through your account settings or through the device manufacturer's settings
- Opt Out: Disable AI-powered features while continuing to use the core tracking functionality
9. Children's Privacy
FCC is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Cookies & Tracking
FCC uses minimal browser storage for authentication state (Firebase session tokens) and user preferences. We do not use third-party tracking cookies, advertising pixels, or analytics scripts that track you across other websites.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of FCC after changes constitutes acceptance of the revised policy.
12. Contact Us
For questions about this privacy policy, data requests, or concerns about your data:
13. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. As stated above, we do not sell personal information. To exercise your CCPA rights, contact us at the email above.
14. European Residents (GDPR)
If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing your data is your consent (provided when you create an account and connect your devices). To exercise your GDPR rights, contact us at the email above.