Book a 1-on-1 consultation with our teamBook a Demo →

This Privacy Policy outlines the practices of DEMOTU Inc. ("Company," "we," "us," or "our") with respect to how we collect, use, share, and protect your personal information. Our commitment to safeguarding your data extends to all our Services, which include:

  • The use of our mobile application (DEMOTU) and other applications linked to this Privacy Policy
  • Engagement with our Services through marketing, sales, and events

We value your trust and are committed to protecting your privacy. Please read this Privacy Policy carefully to understand our data practices and your rights. If you have any questions, do not hesitate to reach out to us at support@demotuapp.com.



1. Scope

This Privacy Policy applies to personal information processed by DEMOTU Inc. across our websites, mobile applications, and any related online or offline platforms (collectively referred to as "Services"). By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, you should cease using the Services immediately.



2. Changes to Our Privacy Policy

From time to time, we may update this Privacy Policy to reflect changes in our practices, technological advancements, or applicable laws. Significant updates will be accompanied by a notification, such as an email or an alert within our Services. The "Last Updated" date at the top of this document indicates the most recent revision. Continued use of our Services following such changes signifies your acceptance of the updated Privacy Policy.



3. Personal Information We Collect

We collect personal information to provide, improve, and tailor our Services to meet your needs. This information may be collected directly from you, automatically through your use of our Services, or from third-party sources.

A. Information You Provide Directly:

  • Account Information: Details such as your name, email address, username, and password when you create an account.
  • Assessment Data: Metrics, motion recordings, and other movement assessment data collected through our mobile application.
  • Health and Body Composition Data: Body composition metrics (such as weight, body fat percentage, and muscle mass) collected through integrations with third-party devices and services. This may also include health-related information provided during consultation intake forms, such as injury history, fitness goals, and physical limitations.
  • Consultation Data: Information you provide during consultation sessions, including responses to intake questionnaires and custom forms created by your trainer or practitioner.
  • Purchases: Payment information processed securely through third-party vendors.
  • Communication Data: Your email address, phone number, and the content of any inquiries or messages sent to us.
  • Survey Responses and Contest Entries: Data you provide when participating in surveys, sweepstakes, or contests.

B. Information Collected Automatically:

  • Device Data: Technical information, such as your device type, operating system, browser type, and IP address.
  • Usage Data: Information about how you interact with our Services, including pages viewed and actions taken.
  • Cookies and Tracking Technologies: Data collected through cookies, pixel tags, and similar tools to enhance user experience and track analytics.

C. Information from Third Parties:

  • Social Media Platforms: Data shared with us when you log in through or interact with social media accounts linked to our Services.
  • External Vendors: Information provided by third-party services we collaborate with to improve our offerings.


4. How We Use Your Information

We use the information collected to:

  • Provide, maintain, and improve our Services
  • Facilitate secure account access and transactions
  • Communicate important updates, marketing offers, and policy changes
  • Process payments and maintain transaction records
  • Ensure the security and integrity of our platforms
  • Analyze broad usage trends to enhance user experience
  • Comply with applicable legal and regulatory obligations

We may also anonymize and aggregate data for purposes such as research, reporting, and service optimization.

Legal Basis for Processing (GDPR / LGPD):

For users in jurisdictions that require a legal basis for processing personal data, we rely on the following:

  • Contractual Necessity: Processing your account information, assessment data and workout programs is necessary to deliver the Services you signed up for.
  • Explicit Consent: We process health and body composition data, which is considered a special category of personal data, only with your explicit consent. This data is provided voluntarily by you or by your trainer or practitioner on your behalf. We also process other data based on your explicit consent, such as document signatures and screening waivers. For users in the European Economic Area or United Kingdom, marketing communications are also processed based on your explicit consent, which you will be asked to provide separately. Users outside the EEA and UK consent to marketing communications by creating an account and may opt out at any time. You may withdraw consent at any time by contacting us, though this may limit certain features of the Services.
  • Legitimate Interest: We process limited technical data for error monitoring, platform security, and service improvement, where our interests do not override your rights and freedoms.
  • Legal Obligation: We may process data as required to comply with applicable laws and regulations.


5. AI and Automated Processing

Our Services use artificial intelligence (AI) and machine learning technologies provided by third-party services to deliver personalized features, including:

  • Generating personalized workout programs and exercise recommendations based on your assessment data, body composition, and consultation responses
  • Producing consultation summaries, progress reports, and actionable insights from your health and fitness data
  • Analyzing movement assessment results to identify areas for improvement

To provide these features, relevant data (such as body composition metrics, assessment scores, consultation responses, and fitness goals) is sent to third-party AI service providers for processing. We take steps to minimize the personally identifiable information sent to these services, such as removing names, email addresses, and other direct identifiers before processing.

AI-generated outputs are provided to trainers and practitioners as professional tools to support their decision-making. All AI-generated content is reviewed, and may be edited or rejected, by a qualified trainer or practitioner before being delivered to clients. No automated decisions with legal or similarly significant effects are made about you solely by AI without human oversight. AI-generated outputs are not a substitute for professional medical advice.

Your data is not used by third-party AI providers to train their models.



6. Sharing Your Information

We may share your personal information with the following categories of recipients:

  • AI and Machine Learning Providers: Third-party AI services that process your data to generate personalized workout programs, consultation summaries, and other AI-powered features as described in Section 5.
  • Cloud Infrastructure Providers: Services that host and store your data securely.
  • Payment Processors: Third-party services that securely handle payment transactions.
  • Error Monitoring and Analytics: Services that help us identify and fix technical issues and understand usage patterns. These services may receive limited technical and usage data.
  • Body Composition Integrations: Third-party device and service providers that transmit body composition data to our platform at your direction.
  • Legal Authorities: When required by law, subpoena, or to protect our legal rights.
  • Business Transfers: In connection with mergers, acquisitions, or other corporate changes.

We require all third-party service providers to handle your data in accordance with applicable data protection laws and our contractual obligations.



7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. If you request deletion of your account or personal data, we will delete or anonymize your information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements).

To request deletion of your data, contact us at support@demotuapp.com.



8. Your Data Rights

You have certain rights concerning your personal information, depending on your jurisdiction. These may include:

  • The right to access, correct, or delete your personal information
  • The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format (data portability)
  • The right to know which third parties your personal data has been shared with
  • The right to withdraw consent where processing is based on consent
  • The right to object to or restrict processing under certain circumstances

Under the GDPR, you may submit a Data Subject Access Request (DSAR) to obtain a copy of the personal data we hold about you, learn how it is processed, and exercise any of the rights listed above. To submit a DSAR or exercise any of your data rights, contact us at support@demotuapp.com. We will respond to your request within 30 days.



9. International Data Transfers

Your data is stored and processed in the United States. If you are accessing our Services from outside the United States, including from the European Economic Area (EEA), United Kingdom, or other jurisdictions, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

Where required by the General Data Protection Regulation (GDPR) or UK GDPR, we ensure that appropriate safeguards are in place for these transfers. Specifically, our third-party service providers — including our cloud infrastructure, error monitoring, and AI processing providers — have entered into Data Processing Agreements with us that incorporate the European Commission's Standard Contractual Clauses (SCCs) as approved under Commission Implementing Decision (EU) 2021/914. For transfers subject to the UK GDPR, the International Data Transfer Addendum issued by the UK Information Commissioner's Office is applied alongside the SCCs.

In addition, we rely on your explicit consent and the necessity of the transfer for the performance of our contract with you as supplementary legal bases for these transfers. By creating an account and using our Services, you consent to the transfer of your information to the United States. You may withdraw your consent at any time by contacting us, though this may affect your ability to use certain features of the Services.



10. Security Measures

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments. However, no system is completely secure, and we cannot guarantee the absolute security of your personal information.



11. Health Information and HIPAA

Our Services are not covered by the Health Insurance Portability and Accountability Act (HIPAA) by default. While our platform may be used to collect and store health-related information, HIPAA-compliant data handling is available only to organizations that have executed a Business Associate Agreement (BAA) with DEMOTU Inc.

Users who are HIPAA-covered entities (such as healthcare providers, clinics, or other organizations subject to HIPAA) must not submit Protected Health Information (PHI) through our Services without first executing a BAA with us. Submitting PHI without an executed BAA is a violation of our Terms of Service, and the submitting party assumes all responsibility for any resulting regulatory exposure.

To inquire about HIPAA-compliant services or to request a BAA, please contact us at support@demotuapp.com.



12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact our Privacy Team:

For users in the EEA or UK, this contact serves as our privacy point of contact for purposes of the GDPR. For users in Brazil, this contact serves as our person in charge (Encarregado) under the LGPD.