Gram Fit is developed and operated by NIKO LABS PTE LTD ("we," "us," "our"). For the purposes of GDPR/UK GDPR, we are the data controller of your personal data processed in connection with the Services.
This Privacy Policy for Gram Fit ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services.
We collect your Personal Data in a number of ways and for various purposes, including:
| Purpose of Collection | Data Categories | Collection Method | Legal Basis |
|---|---|---|---|
| Account Creation & Management | Name, email, password, profile photo, age, gender, location | User provides directly | Contract performance |
| Health & Fitness Tracking | Body measurements, workout data, nutrition logs, health goals, biometric data | User provides + device integration | Explicit consent (Art. 9(2)(a) GDPR) |
| App Functionality | Device data, usage patterns, app interactions, crash reports | Automatic collection | Legitimate interest |
| Payment Processing | Payment information, billing data, subscription details | User provides + payment processor | Contract performance |
| Customer Support | Support communications, account information, feedback | User provides | Legitimate interest |
| Analytics & Improvement | Usage statistics, feature interactions, performance data | Automatic collection | Legitimate interest |
| Marketing Communications | Email preferences, engagement data | User provides + automatic | Consent |
| Health App Integration | Health metrics, activity data, biometrics | User consent + API integration | Explicit consent |
Special Category Health Data: We collect sensitive health information including:
We may collect biometric information including:
Consent for Health Data: We obtain explicit consent before collecting, processing, or sharing any health-related personal information. You can withdraw this consent at any time through the app settings or by contacting us.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
For Health Data: We rely on explicit consent (GDPR Article 9(2)(a)) for processing special category health data. You can withdraw this consent at any time.
For Biometric Data: We obtain explicit consent before collecting biometric information and comply with applicable biometric privacy laws such as Illinois BIPA.
In Short: We share your personal data only (a) with your direction, (b) with service providers that act on our behalf, (c) when required by law, or (d) in connection with corporate transactions.
We work with carefully selected third-party service providers to deliver our Services. Below is a list of our key service providers:
| Service Provider | Country | Purpose | Data Types | Retention Period |
|---|---|---|---|---|
| Amazon Web Services | United States | Cloud hosting and data storage | All personal data including health data | As long as necessary to provide services |
| Google Analytics | United States | Usage analytics and app performance | Device data, usage patterns, app interactions | 26 months (anonymized after 14 months) |
| Firebase | United States | App analytics and crash reporting | Device identifiers, crash logs, performance data | As long as necessary for service improvement |
Health Data Sharing Restrictions: We never share your health data for marketing or advertising purposes. Health data is only shared with your explicit consent or as required by law.
Our Services offer you the ability to register and log in using your third-party social media account details (like Google, Apple, or Facebook Login). Where you choose to do this, we will receive certain profile information about you from your social media provider.
In Short: We may transfer, store, and process your personal data outside your country/region. When we do, we use recognized safeguards and take steps to protect your data.
Where we transfer personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to countries that have not been found to provide an "adequate" level of protection, we rely on:
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
Health Data Retention: Health and fitness data is retained for the duration of your account plus 3 years for analytics and service improvement purposes, unless you request earlier deletion.
Biometric Data Retention: Biometric data is retained only as long as necessary to provide the Services and is automatically deleted when no longer needed.
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We implement a layered set of organizational and technical safeguards designed to protect personal data, including encryption in transit and at rest (where appropriate), access controls, role-based permissions, logging/monitoring, secure software development practices, and vulnerability management.
We implement additional security measures for health data including:
In Short: We do not knowingly collect data from or market to children under 18 years of age.
The Services are intended for adults (18+). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will take appropriate steps, including deletion where required.
If you reside in the European Economic Area, you have certain rights to the Personal Data that we have collected about you:
If you are a resident of Washington State, you have additional rights under the My Health My Data Act:
If you are a resident of California, we comply with CMIA requirements for medical information with HIPAA-like security measures.
If you are a resident of Nevada, you have rights under SB370 including explicit consent and consumer rights for health data.
If you are a resident of Connecticut, you have rights under CTDPA including access, correction, deletion, and portability of personal data.
If you are a resident of Illinois, we comply with BIPA requirements including written consent, retention schedule, and destruction policy.
If you are a resident of Texas, we comply with Texas biometric privacy requirements including consent, security, and destruction policies.
If you are a resident of Canada, you have rights under PIPEDA including access, correction, withdrawal of consent, and complaint filing.
If you are a resident of Brazil, you have rights under LGPD including access, correction, deletion, portability, and information rights.
If you are a resident of South Korea, we comply with Korean privacy laws including mandatory and optional information collection.
If you are a resident of Australia, you have rights under the Privacy Act including access, correction, and complaint rights.
Exercise your rights: To exercise your rights to your Personal Data, please contact our DPO at [email protected].
We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content.
| Cookie Type | Purpose | Data Collected | Retention |
|---|---|---|---|
| Essential Cookies | App functionality, security, authentication | Login status, security tokens, app preferences | Session or 1 year |
| Analytics Cookies | Usage analysis, performance monitoring | App usage patterns, feature interactions, crash data | 25 months |
| Marketing Cookies | Personalized content, advertising | Engagement data, preferences, device identifiers | 13 months |
| Health Integration Cookies | Health app connectivity | Health app permissions, sync status | Until revoked |
Important: We never use health data for advertising or marketing purposes. Health-related cookies are only used for app functionality, health app integration, and service improvement.
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Policy. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.
If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at [email protected], or contact us by post at:
NIKO LABS PTE LTD
Data Protection Officer
1 RAFFLES PLACE, #34-04
ONE RAFFLES PLACE
Singapore, Singapore 048616
Singapore
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
We respect your right to control your personal data. Subject to applicable laws and our Privacy Policy, you have the following rights regarding your data:
This Privacy Policy was last updated on October 29, 2025 and is reviewed regularly to ensure compliance with applicable data protection laws.