Privacy Policy - CorpFit

Effective Date: January 2, 2026 | Last Updated: January 2, 2026

1. Introduction

Welcome to CorpFit ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal and health information.

CorpFit is a corporate wellness platform operated by Prime Vitality Consultancy FZ-LLC, a company registered in the Ras Al Khaimah Economic Zone, United Arab Emirates ("UAE"), with its registered address at Compass Building, Al Hulaila Industrial Zone – Free Zone, Ras Al Khaimah, United Arab Emirates.

This Privacy Policy explains how we collect, use, process, store, and share your data when you use our mobile application ("App"), website, and related services (collectively, the "Services").

We operate in strict compliance with the UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL) and Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology in Health Fields (ICT Health Law).

2. Definitions

To ensure transparency, we define key terms used in this policy:

"Personal Data": Any information referring to an identified or identifiable natural person (e.g., name, email).
"Health Data": Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status (e.g., heart rate, sleep data, workout logs).
"Sponsor": The corporate entity (your employer) that has provided you with access to CorpFit.
"Processing": Any operation performed on personal data, such as collection, recording, storage, adaptation, or erasure.

3. Our Role: Controller and Processor

CorpFit operates under two distinct capacities depending on how we receive your data:

As a Data Processor: When we handle basic employment information provided by your Sponsor (such as your work email) to verify your eligibility for the Services, we act on behalf of your Sponsor.
As a Data Controller: When you create your account, complete your profile, and sync your health data, CorpFit acts as the Data Controller. This means we are responsible for protecting your rights regarding this data.

4. Data We Collect

We collect data to provide a personalized wellness experience. The categories of data include:

4.1. Information You Provide

Registration Data: Name, email address (work/personal), password, date of birth, and gender.
Wellness Profile: Height, weight, fitness goals, dietary preferences, and self-reported health conditions.
User Content: Photos, comments, and posts in community challenges.

4.2. Information Collected Automatically

Device Information: IP address, device model, operating system version, and unique device identifiers.
Usage Logs: Details of your visits to our Service, traffic data, and the resources that you access.

4.3. Sensitive Health and Biometric Data

With your explicit, prior consent, we may collect data via your mobile device sensors or by integrating with third-party services (e.g., Apple HealthKit, Google Health Connect, Garmin, Fitbit). This includes:

Activity Data: Step count, distance traveled, calories burned, and active minutes.
Physiological Data: Heart rate, heart rate variability (HRV), resting heart rate.
Sleep Data: Sleep duration, sleep stages (REM, deep, light).
Activity Recognition: We use motion sensors to detect the type of activity you are performing (e.g., walking, running, cycling).

5. How We Use Your Data

We use your data for specific, lawful purposes:

5.1. Service Provision

To generate personalized workout plans, visualize your progress, and manage your account.

5.2. Corporate Reporting

We provide your Sponsor with aggregated, anonymized reports to demonstrate the value of the wellness program (e.g., "75% of employees are active").

                Strict Privacy Commitment: We do not share your individual health data, specific workout logs, location history, or sleep patterns with your Sponsor without your separate, explicit written consent. Your employer will not see your specific health metrics.
            

5.3. Improvements and Analytics

To analyze usage trends to improve the App's functionality and user experience.

5.4. No Marketing with Health Data

We never use data collected via HealthKit, Health Connect, or other health sensors for advertising, marketing, or data mining purposes. We do not sell your Health Data to third parties.

6. Data Storage and Localization

6.1. Residency within the UAE

Pursuant to Article 13 of the UAE ICT Health Law, all identifiable Health Data collected by CorpFit is stored on secure servers physically located within the United Arab Emirates. We utilize UAE-based cloud infrastructure to ensure data sovereignty.

6.2. Cross-Border Transfers

We generally avoid transferring identifiable Health Data outside the UAE. However, limited transfers may occur under the exemptions provided by Ministerial Decision No. 51 of 2021 (specifically Exception 5 for wearables), provided that:

The data is strictly necessary for the technical functioning of the service (e.g., processing by a wearable device manufacturer).
The data is encrypted using best-in-class standards (AES-256) or anonymized before transfer.
We have implemented adequate transfer mechanisms to ensure the data remains protected.

7. Data Retention

We retain your data only as long as necessary, subject to specific legal mandates:

General Account Data: Retained while your account is active plus a grace period of 12 months, or until you request deletion.
Health Data Archive: In accordance with Article 20 of the UAE ICT Health Law, certain records related to health services must be retained for a minimum period of 25 years. To balance this with your privacy, if you close your account, we will move your Health Data to a secure, "cold storage" archive where it is put beyond active use, accessible only for legal compliance purposes.

8. Data Security

We implement technical and organizational measures commensurate with the risks to your data, including:

Encryption: All Health Data is encrypted in transit (using TLS 1.2+) and at rest (using AES-256).
Access Control: Access to personal data is restricted to authorized personnel with a legitimate business need, subject to strict confidentiality obligations.
Audits: We conduct regular Data Protection Impact Assessments (DPIAs) and security audits.

9. Your Rights

Under the UAE PDPL, you have the following rights:

Right to Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request that we correct inaccurate or incomplete data.
Right to Erasure: You may request the deletion of your account. Note that some Health Data may be retained in our secure archive to comply with UAE law (see Section 7).
Right to Restrict Processing: You may ask us to limit how we use your data.
Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format to transfer to another service.
Right to Withdraw Consent: You may withdraw your consent for health data processing at any time via the App settings.

To exercise these rights, please contact our Data Protection Officer at support@superhuman.run. We will respond to valid requests within 30 days.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

11. Specific Platform Disclosures

11.1. Non-Medical Disclaimer

CorpFit is a wellness and lifestyle platform. We are not a healthcare provider or a medical device. The data and insights provided are for informational purposes only and are not intended to diagnose, treat, cure, or prevent any disease. Always consult a physician for medical advice.

11.2. Google Play Activity Recognition

To automatically track your steps and workouts, our App requires the "Activity Recognition" permission. This data is processed locally on your device and synced to our secure servers to update your wellness dashboard. It is not shared with third parties for marketing.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. We will notify you of significant changes via email or an in-app notification. Your continued use of the Services after such changes constitutes your acceptance of the new policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Prime Vitality Consultancy FZ-LLC
Email: support@superhuman.run
Address: Compass Building, Al Hulaila Industrial Zone – Free Zone, Ras Al Khaimah, United Arab Emirates