Established: July 7, 2026 / Last updated: July 8, 2026
This English version is provided for reference only, as a courtesy translation of the original Japanese Privacy Policy. In the event of any discrepancy, the Japanese version shall prevail.
The Fitona Development Team ("we," "us," or "our") respects Japan's Act on the Protection of Personal Information ("APPI"), the EU General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), and other laws applicable to users, and handles information in connection with the iOS weight-tracking application "Fitona" (the "App") in accordance with this Privacy Policy (this "Policy"). This Policy covers the handling of information through the App and the website that we operate at https://fitona.knightages.com/ (including the contact form; the "Website"), and does not apply to our corporate site or any other sites or apps we operate separately.
We are the controller of information obtained in connection with the App (including where we qualify as a data controller under the GDPR). See Section 21 for contact details. Information that Google LLC ("Google") independently collects in connection with ad delivery is handled by Google as an independent controller (see Section 5).
The App has no account registration system and, within the App, never asks users to enter identifying information such as name, email address, or phone number (for information you enter in the contact form, see Section 13). This Policy explains the scope of information handled by the App and our handling practices on that basis.
The App itself (the program code created by us) handles the following information, all of which is stored only on the user's device and is never transmitted to our servers or any other external destination.
| Type of information | Weight, body fat percentage, lifestyle logs (five-level records for food, alcohol, bathroom, exercise, and outings), notes, profile information such as height and goal weight, and various settings |
|---|---|
| Storage location | On the user's device |
| External transmission | None (we do not transmit Record Data externally through the App's code) |
| Management information stored on the device | Information necessary for the App's operation (such as your consent status for the Terms and management of in-app notice display). Stored only on the device; we do not collect this information. |
We do not collect direct personal identifiers such as name, address, phone number, or email address through the App. We also do not embed our own analytics or crash-reporting tools in the App. For information collected through the contact form on this website, see Section 13.
In addition, the App communicates with external servers (our website and the hosting/CDN provider we use) in order to obtain configuration information such as the latest version of the Terms, in-app notices, and the minimum version required to operate. This communication involves only the technical requests necessary to obtain that configuration information; no Record Data is transmitted. For technical information that may be automatically logged during such communication, see Section 7.
However, as set forth in Section 5, Google AdMob (a third-party SDK) may independently collect information such as advertising identifiers for the purpose of ad delivery.
Record data entered into the App by the user, such as weight and body fat percentage ("Record Data"), is stored only on the user's device, and no third party — including us — can view or obtain it. We have no means of accessing Record Data.
Record Data may be lost due to loss, malfunction, initialization, or replacement of the device, uninstallation of the App, or similar events. We are not responsible for storing or backing up Record Data. If you need a backup, please use standard iOS features such as iCloud Backup (data handled through iCloud Backup is subject to Apple's privacy policy). Note that we do not implement any iCloud sync feature in the App. iOS iCloud Backup and the Health app's own data sync are under Apple's control, and we are not involved.
Only with the user's explicit permission, the App reads weight and body fat percentage data from Apple's Health app (HealthKit) and writes data recorded in the App to the Health app. This reading and writing is performed through on-device OS functions and does not pass through any server of ours.
Permission to access Health data can be reviewed, changed, or revoked at any time in the iOS Settings app (Health > Data Access & Devices > Fitona). You can also stop the integration entirely by turning off the "Apple Health sync" toggle in the App's settings screen. Even if you revoke permission, the App's core features (manual recording) remain available. If you delete a record in the App while integration is enabled, the data that the App wrote to the Health app for that day may also be deleted.
In accordance with Apple's guidelines, we do not use the weight and body fat percentage data obtained through HealthKit for any purpose other than recording and displaying it in the App (including advertising and marketing), nor do we sell or provide it to third parties. HealthKit data is never provided to the advertising SDK.
The App uses "Google AdMob," an advertising service provided by Google, to display advertisements within the App (such as banner areas at the bottom of screens and the save-confirmation screen), which covers the cost of operating the App.
Google AdMob (and the advertising network partners included in its SDK) may independently collect and use information such as the following for purposes including ad delivery, measurement, and fraud prevention.
This processing is carried out by Google as an independent controller, not by us. For details, please refer to the following Google policies.
The App itself does not perform any tracking of its own. Users can choose whether to receive personalized ads by the methods described in the next section.
When you first use the App, a dialog requesting "permission to track" is displayed based on Apple's App Tracking Transparency (ATT) framework. This is used to display ads tailored (personalized) to your interests.
If you do not allow tracking, personalized ads using the advertising identifier will not be served, and non-personalized (contextual) ads will be displayed instead. All features of the App remain fully available even if you do not allow tracking. You can change your tracking permission at any time in the iOS Settings app (Privacy & Security > Tracking).
For users residing in the European Economic Area (EEA), the United Kingdom, Switzerland, or other countries or regions where consent is required by law, we may obtain and manage consent for advertising in accordance with applicable law and Google's EU User Consent Policy, through a consent management mechanism (such as the Google User Messaging Platform). You may withdraw or change this consent at any time. To withdraw it, you must change your choice yourself in the iOS Settings (Privacy & Security > Tracking) or in the consent management screen.
The advertising SDK (Google AdMob) may automatically collect technical information such as OS version, device type, and approximate region for purposes such as ad delivery, impression measurement, and detection of fraudulent clicks. As stated in the preceding sections, this information is managed by Google and is not directly collected or held by us.
In addition, when the App communicates with external servers to obtain the configuration information described in Section 2, the access logs of the hosting/CDN provider we use may automatically record information such as IP address, access date and time, and user agent (device, OS, and app version information, etc.). These are recorded automatically by that provider for the purpose of stable operation of the Service and prevention of unauthorized access, and we do not use them for the purpose of identifying individuals. We (Fitona) ourselves do not store any anonymous identifiers (such as UUIDs) or consent history on a server.
The purposes for which information is handled in connection with the App, and the legal bases for processing where the GDPR or similar laws apply, are as follows.
| Processing | Storing and displaying Record Data on the device (the App's core functionality) |
|---|---|
| Purpose / legal basis | Providing the Service to the user (performance of a contract; GDPR Art. 6(1)(b)). We do not access this data. |
| Processing | Displaying personalized ads (processing of advertising identifiers and similar data by Google) |
|---|---|
| Purpose / legal basis | Operating a free service funded by advertising revenue (consent; GDPR Art. 6(1)(a), obtained via ATT and the consent management mechanism) |
| Processing | Displaying non-personalized ads; ad fraud prevention and measurement |
|---|---|
| Purpose / legal basis | Operating a free service funded by advertising revenue and preventing fraud (legitimate interests; GDPR Art. 6(1)(f)) |
| Processing | Responding to inquiries (information entered in the contact form) |
|---|---|
| Purpose / legal basis | Responding to inquiries and to requests to exercise rights (disclosure, correction, deletion, suspension of use, etc.) (legitimate interests or performance of a contract) |
Because we do not obtain users' Record Data through the App's code, we never provide it to third parties. We do not sell users' personal information to third parties.
As noted above, the collection and use of information by Google AdMob is carried out by Google as an independent controller. Otherwise, we will not provide personal data to third parties except where required by law, where necessary to protect a person's life, body, or property, or with the user's consent. Note that the only personal data we hold on a server is limited to information obtained through the contact form and similar.
Google is located in the United States of America, and some of the information processing related to AdMob may take place in the United States and other countries or regions. Although we ourselves do not transmit users' Record Data outside their country, we disclose here — in line with the intent of Article 28 of the APPI — that advertising-related information may be processed across borders by Google due to the technical design of the advertising SDK.
For users to whom the GDPR or similar laws apply, any transfer outside the EEA or the UK is carried out by Google on the basis of appropriate safeguards such as an adequacy decision by the European Commission (including the EU-U.S. Data Privacy Framework) or Standard Contractual Clauses (SCCs). Please refer to Google's Privacy Policy for details.
In addition, communication by the App to obtain configuration information passes through the hosting/CDN provider we use. That provider may have servers located around the world, and the technical information described above (such as IP addresses) may be processed outside Japan. In such cases, the provider handles the information on the basis of appropriate safeguards such as Standard Contractual Clauses (SCCs).
In addition, information submitted through the contact form on this website may be processed and stored on Zoho Forms servers as described in Section 13. Zoho Corporation implements safeguards for international data transfers based on Standard Contractual Clauses (SCCs).
Record Data and settings, as well as the management information described in Section 2 (information necessary for the App's operation), are stored on the user's device until the user deletes them in the App or uninstalls the App. Because they are not stored on our servers, we do not set or manage any retention period.
Note that weight and body fat percentage data that the App has written to the Health app may remain in the Health app even after you delete the App. To delete such data, please do so from the Health app.
The retention period for information collected by Google in connection with ad delivery is governed by Google's policies. Information provided to us through the contact form is deleted within a reasonable period after the inquiry is resolved (as a guideline, no later than one year after our response), except where retention is required by law.
The App is a native application and does not directly use web browser cookies; however, the advertising SDK may use identifiers similar to cookies (such as advertising identifiers and internal SDK identifiers). For the handling of these, please refer to the Google policies listed in Section 5.
This website does not currently use Google Analytics or any other third-party analytics tools. The contact form pages (Zoho Forms) may set cookies necessary for Zoho's own functionality; see Zoho's cookie policy for details. If we introduce web analytics tools in the future, we will update this Policy and notify you.
The contact form on this website uses "Zoho Forms," provided by Zoho Japan Co., Ltd. (the Japanese subsidiary of Zoho Corporation Pvt. Ltd.). When you submit the form, the name, email address, and inquiry details you enter are transmitted to and stored on Zoho's servers.
Submitting the form is voluntary, but if you do submit it, the information necessary to respond to your inquiry (name, email address, and the app in question) is required. Information obtained through the form is used solely for the purpose of responding to your inquiry and providing support, and is not used for any other purpose. Zoho Corporation offers a GDPR-compliant data processing addendum (DPA) and implements safeguards for international data transfers based on Standard Contractual Clauses (SCCs).
We do not collect or store retained personal data through the App that can identify users. Accordingly, if you make a request under the APPI for disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision, we will promptly review and respond within the scope of the data we hold; however, please note in advance that Record Data exists only on your device and cannot be viewed by us, and that advertising-related information is managed by Google. For your name, email address, and other information provided through the contact form, we will respond to requests for disclosure, correction, deletion, suspension of use, and similar requests to the extent of the data we hold.
You can delete Record Data yourself at any time by deleting records within the App or uninstalling the App.
Requests regarding advertising-related information collected by Google can be made through Google's channels or the ad settings page (https://adssettings.google.com/).
Users residing in the European Economic Area (EEA), the United Kingdom, or Switzerland have the following rights with respect to their personal data under applicable data protection laws.
Because we do not hold users' Record Data, the rights above relating to Record Data can be exercised directly by users on their own devices (by deleting records, uninstalling the App, etc.). Consent relating to advertising can be withdrawn by the methods described in Section 6 (changing the iOS tracking setting or updating your choices in the consent management screen). Rights relating to personal data managed by Google can be exercised directly with Google. For any other requests or questions, please contact us as described in Section 21.
We do not carry out automated decision-making, including profiling, that produces legal effects concerning users.
Where the CCPA/CPRA applies, users residing in the State of California have the right to know the categories of personal information collected and the purposes of use, the right to request deletion, the right to request correction, the right to opt out of the "sale" or "sharing" (provision for cross-context behavioral advertising purposes) of personal information, and the right not to be discriminated against for exercising these rights.
We do not sell users' personal information in exchange for money. Because the collection of advertising identifiers and similar data by the advertising SDK may constitute "sharing" under state law, the App provides a mechanism to opt out by declining tracking under ATT (which you can change at any time in iOS Settings > Privacy & Security > Tracking).
The categories of personal information collected through the App are limited to device identifiers and internet activity information collected by the advertising SDK (corresponding to categories (A) identifiers and (F) internet or other network activity under California law), and we ourselves do not access them. We do not sell users' personal information, and the "sharing" by the advertising SDK described above can be stopped by opting out under ATT. Even during the preceding 12-month disclosure period under the CCPA, we have not collected, sold, or shared any categories of personal information other than those described above.
Users to whom the privacy laws of other states apply (such as the Virginia CDPA or the Colorado Privacy Act) may also have similar rights under those laws. To exercise your rights, please contact us as described in Section 21. We will not change the Service in a discriminatory manner because you have exercised your rights.
Record Data is stored on the user's device under standard iOS security mechanisms (device encryption, app sandboxing, etc.). In developing and maintaining the App, our basic policy is to avoid collecting or retaining unnecessary information (data minimization) and to follow standard OS recommendations. However, we cannot accept responsibility for risks caused by factors beyond our control, such as loss or theft of the device itself or OS vulnerabilities. We recommend using device-side security features such as a passcode.
For information submitted through the contact form, Zoho Japan Co., Ltd. implements appropriate technical and organizational security measures. However, no method of transmission over the internet can be guaranteed to be 100% secure.
The App is not directed at children under 13 years of age (or, in the EU, EEA, and the United Kingdom, under the digital age of consent established by the GDPR (in principle 16, or between 13 and 16 depending on national implementing law), or under any higher age threshold otherwise established by the laws of your country or region), and we do not knowingly collect personal information from such children. If we learn that personal information of a child under the applicable age has been collected, we will promptly take appropriate measures such as deletion. If you are a parent or guardian and believe your child may be using the App, please contact us as described in Section 21. Because Record Data is stored only on the child's device, if you contact us we will delete the information we hold (such as inquiry information) and provide guidance on how to delete the on-device data (such as by uninstalling the App).
We may in the future add paid features (In-App Purchases). If the addition or change of features results in a change to the types or scope of information handled, we will revise this Policy and may provide notice on this website. In particular, if information handling changes materially — such as by synchronizing Record Data with servers outside the device — we will revise this Policy at that time, separately explain such handling, and obtain the user's consent where required by law.
We may change the content of this Policy due to amendments to laws, additions or changes to the App's features, or other circumstances. For material changes, we may provide notice through announcements on this website or similar means. The revised Policy takes effect when posted on this website. For changes that legally require the user's consent, we will obtain consent by a method specified by us.
For questions about this Policy, requests for disclosure, requests to exercise your rights, or other inquiries regarding the handling of personal information, please contact us via the contact form below. We may ask you for additional information for purposes such as identity verification. We respond only in Japanese and English. For statutory requests to exercise your rights, we will respond within the period prescribed by applicable law. For other general inquiries, we will respond as appropriate to the content, but we do not guarantee a response to every inquiry.
If you are not satisfied with our response to a consultation regarding the handling of personal information, you may also contact the Personal Information Protection Commission of Japan or, if you reside in the EEA or the UK, the data protection supervisory authority in your country.
Established: July 7, 2026
Last updated: July 8, 2026
Fitona Development Team