This Privacy Policy explains how Inertia Technologies Limited ("we", "our", or "us") collects, uses, shares, and protects your personal data when you use the LetsGxo mobile application. We are registered with the UK Information Commissioner's Office (ICO). Health and biometric data is classified as Special Category Data under UK GDPR and receives the enhanced protections required under Article 9, and it is processed only with your explicit consent and is never sold to any third party.

1. Introduction and Who We Are

LetsGxo is a fitness tracking and social fitness platform operated by Inertia Technologies Limited, a company incorporated in England and Wales (Company Number: 16919325).

We are the data controller for personal data collected through the LetsGxo mobile application (the "App"). We are registered with the Information Commissioner's Office (ICO) under reference number ZC184337.

This Privacy Policy applies to all users of the App worldwide, including those using LetsGxo on iOS and Android devices. By creating an account you confirm that you have read and understood this Policy.

Our contact details for privacy matters:


2. Key Definitions

"Personal Data" means any information that identifies or could identify a living individual.

"Special Category Data" means particularly sensitive personal data that receives additional legal protection under UK GDPR Article 9, including health and biometric data.

"AI Coach" means the artificial intelligence coaching and analysis feature available to premium subscribers.

"Wearable Device" means a smartwatch, fitness tracker, or similar connected device you link to the App.

"Social Features" means the community features within the App, including posting activities, sharing photographs, following other users, and commenting.

"UK GDPR" means the UK General Data Protection Regulation as retained in UK law by the European Union (Withdrawal) Act 2018, as amended.


3. Data We Collect About You

We collect data you provide directly, data generated by your use of the App, and data imported from third-party platforms you choose to connect. We are transparent about the purpose for each type of data we collect.

3.1 Account and Profile Data

3.2 Activity and Fitness Data

3.3 Health and Biometric Data (Special Category)

Where you connect a Wearable Device or enable health tracking we may collect:

This data is classified as Special Category Data under UK GDPR Article 9 and is collected only with your explicit consent. You may withdraw consent at any time via your account settings. Full details are set out in Section 6.

3.4 Location Data

Where you use GPS-based activity tracking we collect:

GPS tracking is optional and can be disabled at any time in your device settings or within the App.

3.5 Photographs and Media

3.6 Wearable and Connected Device Data

If you connect a supported platform or device, we receive data from: Garmin (via Garmin Connect), Suunto (via the Suunto App), Polar (via Polar Flow), COROS (via the COROS App), Apple (via Apple HealthKit), and Google (via Google Fit / Google Health Connect). Data received is limited strictly to the permissions you grant within those platforms. Connecting a wearable is entirely optional and you can disconnect any integration at any time via Account Settings > Connected Apps. We encourage you to review the privacy policies of those platforms for details of data they hold independently.

Apple HealthKit: Data received via Apple HealthKit is used solely to provide the fitness tracking and AI coaching features you have requested. HealthKit data is never used for advertising or marketing purposes, is never sold to any third party, and is not shared with third parties except as required to provide the features you have explicitly requested.

Google Health Connect: Data received via Google Health Connect is used only to provide the specific functionality you have requested within LetsGxo, including activity tracking and AI coaching. It is not used for advertising and is not sold.

3.7 AI Coaching and Analysis Data

To power the AI Coach we process your historical activity and performance data, health metrics from connected wearables (where consent has been given), your stated training goals and self-reported fitness level, physique photographs (where you have provided explicit consent for physique analysis), and your ratings and feedback on AI coaching recommendations. AI Coach outputs, including training plans, insights, and recommendations, are retained as part of your account history for the duration of your subscription and account.

3.8 Social and Community Data

If you use Social Features we collect activity posts you share (together with your chosen visibility settings), comments, kudos, and reactions you give or receive, photographs and captions you publish to your profile or feed, your followers and following list, private messages exchanged between users, and content reports you make regarding other users or posts.

3.9 Subscription and Payment Data

Payments for the AI Coach subscription are processed exclusively by Apple App Store or Google Play billing. We do not receive or store your payment card details. We receive only subscription status (active, lapsed, or cancelled), subscription tier and renewal date, and transaction reference numbers for support and account verification purposes.

3.10 Technical and Usage Data

We automatically collect device type, manufacturer, model, and operating system version; App version number; IP address (used to determine approximate country for legal compliance and security purposes only); device advertising identifier (IDFA on iOS; GAID on Android), where permitted by your device settings; session timestamps, feature usage logs, and in-app event data; and crash reports and performance diagnostics.

3.11 Communications Data

If you contact our support team we retain your name, email address, and the content of your query or complaint; our responses and any follow-up correspondence; and supporting files or screenshots you choose to provide.


4. How and Why We Use Your Data

PurposeData UsedLegal Basis
Creating and managing your accountAccount dataContract performance
Providing activity tracking featuresActivity data, location dataContract performance
Delivering AI Coach (subscribers only)All fitness and health data; photos (with consent)Contract performance + Consent (health/biometric data)
Enabling Social FeaturesActivity posts, photos, profile dataContract performance + Legitimate interests
Wearable and platform integrationWearable dataContract performance + Consent (health data)
Service notifications (goal alerts, account security)Account data, activity dataContract performance + Legitimate interests
Marketing communications (optional)Email address, preferencesConsent (unsubscribe at any time)
Analytics and App improvementTechnical data, usage dataLegitimate interests
Security and fraud preventionTechnical data, account dataLegitimate interests + Legal obligation
Complying with legal obligationsAny relevant dataLegal obligation

5. Legal Basis for Processing (UK and EU GDPR)

Under UK GDPR (and EU GDPR for EU residents) we must identify a lawful basis for each type of processing. We rely on the following:

5.1 Contract Performance (Article 6(1)(b))

Processing necessary to deliver the services you have contracted with us to receive, including account management, activity tracking, Social Features, and the AI Coach subscription.

5.2 Legitimate Interests (Article 6(1)(f))

We process certain data on the basis of our legitimate interests in operating, improving, and securing the App, where those interests are not overridden by your rights and freedoms. We have conducted Legitimate Interests Assessments for each applicable purpose. You have the right to object to this processing at any time (see Section 14).

5.3 Consent (Articles 6(1)(a) and 9(2)(a))

For Special Category Data (including health metrics, biometric data, and physique photographs) and for optional features such as marketing communications and advertising identifiers, we rely on your explicit, freely given, and specific consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5.4 Legal Obligation (Article 6(1)(c))

We process data where required to comply with applicable law, including responding to lawful requests from courts, regulators, or law enforcement authorities.


6. Special Category (Health and Biometric) Data

Health and biometric data (including heart rate, sleep data, and physique photographs submitted for analysis) constitutes Special Category Data under UK GDPR Article 9, which receives enhanced legal protection. We process this data only with your explicit, freely given, specific, and informed consent, and to the extent strictly necessary to provide the specific feature or service you have requested.

Special Category Data is subject to the following commitments:

Physique photographs submitted for AI Coach analysis are processed automatically. They are not viewed or reviewed by human employees except in exceptional circumstances, such as where safety enforcement, legal compliance, or resolution of a complaint you have raised requires it.

You may withdraw consent for health and biometric data processing at any time by disconnecting the relevant device or health platform under Settings > Connected Devices > Watch and Health Apps, or by contacting privacy@letsgxo.com. Withdrawal will limit access to certain features but will not affect your use of the App's core functionality.


7. AI Coaching, Automated Analysis and Profiling

7.1 How the AI Coach Works

The AI Coach analyses your fitness data, health metrics, training history, and (where consented) physique photographs to generate personalised training plans, performance insights, and actionable recommendations. This involves automated processing of your personal data, including profiling. AI features are powered by an AI language model accessed via our secure backend. All requests to our AI provider are transmitted over encrypted channels (TLS 1.2 or higher) and are processed only for the purpose of generating your requested response. Your data is subject to our AI provider's data processing agreement, under which the provider does not use your data to train its models and does not retain it beyond limited trust-and-safety purposes permitted under that agreement.

LetsGxo is not a medical device. AI Coach outputs are not medical advice and must not be treated as a substitute for the advice of a qualified medical or fitness professional. AI language models can and do produce outputs that are inaccurate, inconsistent, or unsuitable for your individual circumstances. All AI-generated content should be reviewed critically before you act on it.

7.2 Automated Decision-Making

Recommendations generated by the AI Coach are advisory in nature and are intended to support, not replace, your own judgement and that of any qualified fitness or medical professional you may consult. We do not make legally significant or similarly consequential decisions about you based solely on automated processing without human oversight. Where UK GDPR Article 22 applies, you have the right to: (a) request human review of any automated output that affects you; (b) express your point of view; and (c) contest the output. To exercise this right contact us at privacy@letsgxo.com.

7.3 Profiling

We create a fitness profile based on your activity history, health data, and stated training goals in order to personalise your AI Coach experience. You have the right to object to this profiling at any time (see Section 14).

7.4 Physique Analysis

If you choose to use the AI physique analysis feature:

7.5 What the AI Coach Remembers

To provide continuity across sessions, the AI Coach has access to context stored in your account, including your goal profile, training preferences, and coaching style settings; recent AI Coach conversation messages (stored in your account as described in Section 11); and activity history, check-in data, and recovery metrics you have logged or synced. The AI Coach does not have access to information outside LetsGxo. Conversation history is retained for the duration of your account and is subject to the retention periods in Section 11. You may delete your AI Coach conversation history at any time via Coach Settings > Data > Clear conversation history. Deletion removes the history from the AI Coach's active context immediately for future conversations. Encrypted backup copies are purged on a rolling schedule as described in Section 11.


8. Social Features: What Others Can See

8.1 Visibility Controls

You control who can see your activities and posts. Each piece of content can be set to one of three levels: Public (visible to all LetsGxo users), Followers Only (visible to users you have approved as followers — default for new accounts), or Private (visible only to you).

8.2 Information Visible to Other Users

Depending on your settings, other users may be able to see your username and profile photograph, activities and posts you have chosen to share, your follower and following count (this list can be made private), and comments and reactions you make on other users' shared content.

8.3 Blocking and Reporting

You may block any user at any time, preventing them from viewing your content or interacting with you. You may also report content or user behaviour that you believe violates our Community Guidelines. Reports are reviewed by our moderation team.


9. Sharing Your Data with Third Parties

We do not sell your personal data to third parties under any circumstances.

9.1 Service Providers

We share data with carefully selected third-party service providers acting as data processors on our behalf, bound by written data processing agreements, and only to the extent necessary for them to deliver their services:

ProviderPurposeLocation
Google LLCCloud infrastructure, database, file storage, user authentication, analytics, crash reporting, fitness data integration, and app billingUSA
Apple Inc.HealthKit health data integration; App Store billingUSA
Anthropic, Inc.AI language model processing for coaching analysis, plan generation, physique analysis, and meal scanningUSA
OpenAI, L.L.C.Text embedding for coaching knowledge retrievalUSA
Pinecone Systems, Inc.Vector search infrastructure for coaching knowledge retrievalUSA
RevenueCat, Inc.Subscription and premium access managementUSA
Garmin LtdActivity data importUSA / Global
Suunto (Amer Sports)Activity data importFinland / EU
Polar Electro OyActivity data importFinland / EU
COROS Wearables Inc.Activity data importUSA / China*
Email hosting providerEmail support management (support@letsgxo.com)USA

* By connecting a COROS device you acknowledge that your activity data may be processed in China. Appropriate transfer safeguards apply as described in Section 10.

9.2 Business Transfers

If we are involved in a merger, acquisition, restructuring, or sale of business assets, your personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy, and you will retain the right to request deletion of your account and data.

9.3 Legal Requirements

We may disclose personal data to law enforcement, the ICO, courts, or other regulatory bodies where required or permitted by law, where necessary to protect the safety of any person, or where necessary to enforce our legal rights.

9.4 Aggregated and Anonymised Data

We may share aggregated, anonymised statistics (such as average training distances by region or seasonal activity trends) with partners, researchers, or the public. Such data cannot reasonably be used to identify any individual.


10. International Data Transfers

We are a UK-based business. Some of our service providers operate outside the United Kingdom and the European Economic Area (EEA). Where we transfer personal data internationally we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V:

You may request a copy of the relevant transfer mechanism for any specific provider by contacting us at privacy@letsgxo.com.


11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by applicable law.

Data TypeRetention Period
Account and profile dataDuration of account, plus up to 30 days post-deletion to allow account recovery, then permanently deleted
Activity and fitness dataDuration of account; deleted with account
Health and biometric dataDuration of consent or account (whichever ends first); deleted within 30 days of consent withdrawal or account closure
Physique photographsUntil you delete them or close your account; deleted within 30 days of withdrawal or closure
AI Coach history and recommendationsDuration of account; deleted with account
Social posts, comments, and mediaDuration of account, or until you delete the content
Technical and usage logsUp to 24 months on a rolling basis
Support communications3 years from the date the query is resolved
Financial and subscription records7 years (legal obligation under UK tax law)

When you delete your account we remove or anonymise your personal data within 30 days, except where we are legally required to retain certain records. Encrypted infrastructure backups maintained for disaster recovery purposes are purged on a rolling cycle and do not extend the retention periods above for recoverable personal data.

11.1 Anonymisation and Use of Data for AI Coaching Improvement

When you delete your account, certain fitness and training data is permanently anonymised rather than deleted. Specifically, the following categories of data are processed through our anonymisation procedure:

Anonymisation means we permanently and irreversibly replace your user identifier with a randomly generated identifier that bears no connection to you. A temporary technical mapping between your account and the anonymous identifier is retained solely to complete the erasure process across all our systems, and is itself permanently destroyed within 7 days. After this, no mapping exists anywhere in our systems and re-identification is not possible.

We additionally retain records of question topics our knowledge base could not adequately answer. These records are stored without any user identifier and are used solely to improve our coaching knowledge base.

Because anonymised data can no longer be linked to an identifiable individual, it falls outside the scope of UK GDPR (consistent with ICO guidance on anonymisation). We may retain it indefinitely and use it to improve our AI coaching systems, for example to identify training patterns that lead to better performance outcomes, to improve the accuracy of training load recommendations, or to refine the coaching models that generate plans for future users.

All data that remains personally identifiable, including your profile, activity records, health metrics, posts, messages, and coaching conversations, is permanently deleted within 30 days of account closure. You cannot request deletion of genuinely anonymised data as it no longer relates to an identifiable individual and is therefore outside the scope of data protection law.


12. Security

We implement appropriate technical and organisational security measures to protect your personal data, including encryption of all data in transit using TLS 1.2 or higher; encryption of data at rest using AES-256; role-based access controls limiting data access to authorised personnel on a strict need-to-know basis; regular security reviews and assessments; formal data breach response and incident management procedures; data protection practices and responsibilities as part of onboarding and system access processes; and audit logging of access to sensitive data systems.

No method of data transmission over the internet or electronic storage is entirely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and report to the ICO without undue delay, and in any event within 72 hours of becoming aware, as required under UK GDPR Article 33.

If you have identified a potential security vulnerability, please report it to security@letsgxo.com. We follow responsible disclosure principles and will aim to acknowledge reports within 48 hours. Please do not publicly disclose potential vulnerabilities before giving us a reasonable opportunity to investigate and address them.


13. Children's Privacy

LetsGxo is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18, and users must confirm they are 18 or over at the point of account creation.

The App involves the collection of health and biometric data, AI-generated coaching, physique analysis features, and social functionality. These features are not appropriate for minors, and the minimum age of 18 reflects both the nature of the Service and the direction of applicable UK law regarding children's access to online platforms and AI features.

If you believe we have inadvertently collected personal data from a person under 18, please contact us immediately at privacy@letsgxo.com and we will take prompt steps to delete it.


14. Your Rights

14.1 UK and EU GDPR Rights

Under UK GDPR (and EU GDPR for EU residents) you have the following rights in relation to your personal data:

RightWhat This Means for You
Right of Access (Subject Access Request)Request a copy of all personal data we hold about you. We will respond within one calendar month.
Right to RectificationAsk us to correct any personal data we hold that is inaccurate or incomplete.
Right to Erasure (Right to be Forgotten)Request deletion of your personal data, subject to our legal retention obligations.
Right to Restriction of ProcessingAsk us to pause processing of your data in certain defined circumstances.
Right to Data PortabilityReceive your personal data in a structured, machine-readable format (e.g. JSON) and have it transferred to another provider where technically feasible.
Right to ObjectObject to processing based on legitimate interests, or to processing for direct marketing or profiling purposes.
Rights re. Automated Decision-MakingRequest human review of decisions affecting you made solely by automated means; express your view; and contest the outcome.
Right to Withdraw ConsentWithdraw consent at any time for consent-based processing, including health data collection and marketing. Withdrawal does not affect the lawfulness of prior processing.

To exercise any of these rights, use the in-app privacy settings or contact us at privacy@letsgxo.com. We will respond within one calendar month of receipt. We may need to verify your identity before processing your request. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.

14.2 California Residents (CCPA / CPRA)

If you are a California resident you have additional rights under the CCPA as amended by the CPRA, including the right to know (the categories and specific pieces of personal information we collect, our purposes, and the categories of third parties we share with); the right to delete; the right to correct; the right to opt-out of sale or sharing (we do not sell your personal information and do not share it with third parties for cross-context behavioural advertising without your prior consent); the right to limit use of sensitive personal information; and the right to non-discrimination. Contact us at privacy@letsgxo.com to submit a request. We will respond within 45 calendar days.

14.3 Australian Residents

If you are an Australian resident you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Unresolved complaints may be lodged with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14.4 Canadian Residents

If you are a Canadian resident you have rights under PIPEDA and applicable provincial legislation. Unresolved complaints may be referred to the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.


15. Analytics, SDKs and Tracking Technologies

As a mobile application, LetsGxo uses software development kits (SDKs) rather than browser cookies to collect analytics and operational data.

Analytics and Crash Reporting (Google): We use analytics and crash reporting SDKs to monitor App performance and improve the user experience. Data collected includes screen views, feature usage patterns, session duration, crash reports, and error logs. This data is associated with a persistent device identifier. You may object to analytics data collection at any time by contacting privacy@letsgxo.com. You can also limit device-level tracking via your operating system settings (iOS: Settings > Privacy and Security > Tracking; Android: Settings > Privacy > Ads).

Device Advertising Identifiers: With your permission we may use your device's advertising identifier (IDFA on iOS; Google Advertising ID on Android) to measure the effectiveness of our user acquisition campaigns. We do not use this for serving targeted advertisements within the App. You can reset or opt out via iOS: Settings > Privacy and Security > Tracking, or Android: Settings > Privacy > Ads.

Subscription and Entitlement Tracking: We use a third-party subscription management SDK to verify subscription status and manage access to premium features. This SDK receives your anonymised user identifier and subscription entitlement data.

We do not serve third-party advertisements within the App, and we do not engage advertising networks to serve targeted or behavioural advertising to our users.


16. Third-Party Links and Services

The App may display links to third-party websites or integrate with third-party platforms and wearable ecosystems. We are not responsible for the privacy practices, content, or security of those third parties. Please review their privacy policies before sharing your data with any external service. The following third-party privacy policies are directly relevant to LetsGxo integrations:


17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other legitimate operational reasons. We will notify you of any material changes by displaying a prominent notice within the App before the change takes effect and/or sending an email notification to the address associated with your account, where required by applicable law. The "Last Updated" date at the top of this document will always reflect the most recent revision. For minor or non-material changes we will update the date and policy text without a separate notification. Your continued use of the App following the effective date of any change constitutes your acceptance of the updated Privacy Policy. Previous versions of this Privacy Policy are available upon request by contacting us at privacy@letsgxo.com.


18. Contact Us and Complaints

If you have any questions, concerns, or requests in connection with this Privacy Policy or our handling of your personal data, please contact us:

We aim to respond to all privacy enquiries within 30 calendar days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

JurisdictionSupervisory Authority
United KingdomInformation Commissioner's Office (ICO) — www.ico.org.uk | Helpline: 0303 123 1113
European UnionYour local EU Data Protection Authority — directory
United States (California)California Privacy Protection Agency (CPPA) — cppa.ca.gov
AustraliaOffice of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
CanadaOffice of the Privacy Commissioner of Canada — www.priv.gc.ca

© 2026 Inertia Technologies Limited. All rights reserved. This is Version 1.1 of the LetsGxo Privacy Policy. For previous versions contact privacy@letsgxo.com.