Privacy Policy

This Privacy Policy describes how Avega Inc. (“Avega”, “we”, “us”, or “our”) collects, uses, discloses, and protects your information when you use the Avega mobile application, website (avega.app), and related services (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Definitions

“Account” means a unique account created for you to access the Service. “Application” means the Avega mobile application available on iOS and Android. “Coach” means a fitness professional who provides workout plans, nutrition guidance, and community leadership through the Service. “Content” means text, images, videos, workout data, nutrition logs, progress photos, and other information you create, upload, or share through the Service. “Device” means any device used to access the Service, including smartphones, tablets, smartwatches, and computers. “Personal Data” means any information that relates to an identified or identifiable individual. “Service” means the Application, Website, and all related services, features, and content provided by Avega. “Usage Data” means data collected automatically when using the Service, including interaction data, device information, and performance metrics. “Wearable Data” means health and fitness data collected from connected wearable devices such as Apple Watch, Fitbit, Garmin, and Whoop. “You” or “your” means the individual accessing or using the Service.

2. Information We Collect

2.1 Information You Provide

When you create an account, use the Service, or communicate with us, you may provide the following information: Name, email address, and login credentials Date of birth, gender, height, weight, and body measurements Fitness goals, experience level, training preferences, and equipment availability Nutrition data including meal logs, food preferences, dietary restrictions, and macro targets Progress photos, body composition data, and transformation records Workout performance data including sets, reps, weights, personal records, and streaks Payment and billing information (processed securely by third-party payment processors) Communications with coaches, community members, and support Survey responses, questionnaire answers, and feedback

2.2 Information Collected Automatically

When you use the Service, we automatically collect: Device information (type, operating system, unique device identifiers, IP address) Usage data (pages visited, features used, session duration, interaction patterns) Location data (with your permission, for location-based features) App performance and crash data Referral source and marketing attribution data

2.3 Wearable Device Data

If you connect a wearable device (Apple Watch, Fitbit, Garmin, Whoop, or similar), we may collect heart rate data, calories burned, step count, sleep data, workout metrics, and other health-related data. This data is collected only with your explicit consent and can be disconnected at any time through your account settings.

2.4 Information from Third-Party Services

If you sign up or log in using Apple, Google, or Facebook, we may receive your name, email address, and profile information associated with that account. We do not access your password for any third-party service.

2.5 Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies on our website and in our app to collect usage data, personalize your experience, analyze traffic, and serve relevant content. You can manage cookie preferences through your browser or device settings.

3. How We Use Your Information

We use your information for the following purposes: To provide, maintain, and improve the Service, including matching you with coaches, generating personalized workout and nutrition plans, and tracking your progress To facilitate community features including group chats, leaderboards, challenges, and achievement badges To communicate with you about your account, workouts, coach updates, challenges, and streaks via push notifications, in-app messages, email, SMS, RCS, and other messaging channels (see Section 5 for details) To process payments and manage subscriptions To analyze usage patterns, improve features, and develop new functionality To personalize your experience, including content recommendations and coach suggestions To detect, prevent, and address fraud, security issues, and technical problems To comply with legal obligations and enforce our terms To send you marketing communications about new features, promotions, and content (with your consent, and with the ability to opt out at any time)

4. Health and Fitness Data

Avega collects and processes health and fitness data including workout performance, nutrition logs, body measurements, wearable device data, and progress photos. This data is used solely to provide and improve the Service, including personalized coaching, progress tracking, and community features. We do not sell your health and fitness data to third parties. We do not share your health and fitness data with advertisers. Your progress photos and body composition data are private by default and are only visible to you and your assigned coach unless you choose to share them with the community. You can request deletion of all health and fitness data at any time by contacting us at privacy@avega.app or through your account settings.

5. Communications, Messaging, and Consent

5.1 Types of Communications

Avega may communicate with you through the following channels: Push Notifications: Workout reminders, streak alerts, coach messages, challenge updates, leaderboard changes, and community activity Email: Account-related communications, marketing content, newsletters, feature announcements, and promotional offers SMS and RCS: Transactional messages (account verification, password resets, payment confirmations), workout reminders, and promotional messages In-App Messages: Coach communications, daily tips, challenge invitations, and feature announcements

5.2 Consent and Opt-In (TCPA Compliance)

By providing your phone number and opting in to receive SMS, RCS, or text messages from Avega, you expressly consent to receive recurring automated marketing and transactional messages at the phone number you provide. Consent is not a condition of purchase. Message and data rates may apply. Message frequency varies. You may opt in to receive promotional SMS/RCS messages through a clear, separate consent mechanism during account creation or through your account settings. Your consent to receive marketing messages is separate from your consent to receive transactional messages. We maintain records of all opt-in consents, including the date, time, method of consent, and the specific language presented at the time of consent.

5.3 Opt-Out and Unsubscribe

You can opt out of communications at any time through the following methods: SMS/RCS: Reply STOP to any message. You will receive a single confirmation message and no further promotional messages. Transactional messages (account security, payment confirmations) may continue as permitted by law. Email: Click the “Unsubscribe” link at the bottom of any marketing email. You will be removed from marketing emails within 10 business days. Transactional emails (receipts, security alerts) will continue. Push Notifications: Disable through your device settings or in-app notification preferences. You can selectively disable specific notification types (workout reminders, community updates, marketing) while keeping others active. In-App Messages: Manage through your account notification settings. We process all opt-out requests within 24 hours for SMS/RCS and push notifications, and within 10 business days for email. We maintain a suppression list of all opted-out numbers and email addresses and scrub against this list before every send.

5.4 Do Not Call and Quiet Hours

Avega does not make telemarketing calls. For SMS/RCS messages, we observe quiet hours and do not send promotional messages between 9:00 PM and 8:00 AM in the recipient’s local time zone, in compliance with TCPA guidelines. Transactional messages (security alerts, payment confirmations) are exempt from quiet hours.

5.5 TCPA Compliance Statement

Avega complies with the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and all applicable federal and state regulations governing electronic communications. We obtain prior express written consent before sending any marketing text messages. We honor all opt-out requests promptly. We do not use auto-dialers for voice calls. We maintain complete records of consent and opt-out history.

6. How We Share Your Information

We do not sell your Personal Data. We may share your information in the following limited circumstances: With Coaches: Your assigned coach can see your workout data, nutrition logs, progress, and messages you send them. Coaches are bound by confidentiality agreements. With Community Members: Information you voluntarily share in group chats, leaderboards, and challenges is visible to other community members. Your leaderboard ranking, streak count, and challenge participation are visible to members in the same coach community. With Service Providers: We share information with third-party service providers who help us operate the Service, including cloud hosting, analytics, payment processing, email delivery, push notification services, and customer support. These providers are contractually obligated to protect your data and use it only for the purposes we specify. For Legal Reasons: We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Avega, our users, or others. Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy. With Your Consent: We may share your information for other purposes with your explicit consent.

7. Data Retention

We retain your Personal Data for as long as your account is active or as needed to provide you the Service. If you delete your account, we will delete or anonymize your Personal Data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as fraud prevention or financial record-keeping). Usage Data is generally retained for a shorter period unless used for security or service improvement purposes. Workout history, nutrition logs, and progress data are retained as long as your account is active. You can request deletion of specific data categories at any time.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your Personal Data, including encryption in transit (TLS/SSL) and at rest, access controls, regular security audits, and secure data storage practices. However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

10. Your Rights

10.1 General Rights

Depending on your location, you may have the following rights regarding your Personal Data: Access: Request a copy of the Personal Data we hold about you. Correction: Request correction of inaccurate or incomplete data. Deletion: Request deletion of your Personal Data. Portability: Request your data in a structured, machine-readable format. Objection: Object to processing of your data for certain purposes. Restriction: Request restriction of processing in certain circumstances. Withdrawal of Consent: Withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at privacy@avega.app. We will respond within 30 days.

10.2 GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). We process your data based on consent, performance of a contract, legitimate interests, or legal obligations. You have the right to lodge a complaint with your local data protection authority.

10.3 CCPA Rights (California Residents)

If you are a California resident, you have the right to know what Personal Data we collect, request deletion, opt out of the sale of Personal Data (we do not sell Personal Data), and not be discriminated against for exercising your rights under the California Consumer Privacy Act (CCPA). To exercise these rights, contact privacy@avega.app.

11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from anyone under 18. If we become aware that we have collected data from a minor, we will take immediate steps to delete such information. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at privacy@avega.app.

12. Third-Party Links and Services

The Service may contain links to third-party websites, services, or content that are not operated by us. We have no control over and assume no responsibility for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email or in-app notification. The “Last Updated” date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us at: Avega Inc.

Email: connect@avega.app

For GDPR inquiries: connect@avega.app

For CCPA inquiries: connect@avega.app