Privacy Policy

1. Introduction

MarqFit is a strength tracking and community fitness application built exclusively for the Marquette University community. We built MarqFit to help you track your Squat, Bench Press, and Deadlift progress, calculate your DOTS score, maintain training streaks, and connect with fellow athletes across campus clubs — all in one place.

We understand that sharing personal fitness data requires trust. This Privacy Policy is our commitment to you: a clear, honest, and complete explanation of how we handle your information. We do not hide behind legal jargon. If something is unclear, please reach out to us directly.

By using MarqFit, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. Information We Collect

We collect only what is necessary to provide you with a personalized, accurate, and community-connected experience. Here is exactly what we collect and why:

2.1 Account Information

• Full name — to personalize your profile experience.
• Username — your public identity within the MarqFit community.
• Marquette email address (@marquette.edu) — required to verify you are part of the Marquette University community and to secure your account.
• Password — stored only as a securely hashed value via Firebase Authentication. We never store your plain-text password.
• Gender, age, height, and weight — used exclusively to calculate your DOTS score (a body-weight-adjusted strength metric). This data is never used for advertising or shared with third parties.

2.2 Strength & Fitness Data

The core of MarqFit is your strength journey. We collect and store:

• Personal records (PRs) for Squat, Bench Press, and Deadlift.
• Workout logs and complete training history over time.
• DOTS score history and progress trends.
• Training streaks and workout completion records.

This data belongs to you. We use it only to display your progress, calculate your rankings within clubs, and surface meaningful insights about your training journey.

2.3 Club & Community Data

• Club memberships and roles (member, leader, admin).
• Workout posts you choose to share with your club.
• Notification preferences for daily check-ins and club activity.
• Auto-post settings — always opt-in and controllable in Settings.

2.4 Technical & Usage Data

To keep the app running reliably, we may collect:

• Device type and operating system version.
• App version in use.
• Aggregated, anonymized usage patterns to improve features.
• Timestamps of sessions and activity.

We do not track your precise GPS location at any time.

3. How We Use Your Information

Every piece of data we collect serves a specific, user-focused purpose. We do not engage in surveillance, behavioral profiling, or targeted advertising. Here is exactly how your data is used:

• Account Authentication: To verify your identity at login and keep your account secure.
• DOTS Score Calculation: Your body metrics are used solely to compute your strength-to-bodyweight ratio. This calculation happens internally and is never shared with advertisers.
• Progress Tracking: To display your personal records, workout history, streaks, and improvement over time — all for your benefit.
• Club Features: To enable club memberships, leaderboards within clubs, auto-posting of workout completions (if you choose), and community interaction.
• Email Verification: A one-time email is sent to your @marquette.edu address to verify your account during signup and for password resets upon your request.
• Push Notifications: Sent only for events you have opted into (e.g., club activity, daily workout reminders). Fully disabled at any time in Settings.
• App Improvement: Aggregated, anonymized usage patterns help us identify bugs and prioritize features. Individual users are never singled out.
• Legal Compliance: To comply with applicable laws and enforce our Terms of Service when necessary.

4. How We Protect Your Data

We employ multiple layers of protection to ensure your information is safe at all times:

• Encrypted Passwords: Your password is hashed using Firebase Authentication's industry-standard secure protocol. It is never stored or transmitted in plain text.
• TLS Encryption in Transit: All communication between the MarqFit app and our servers is encrypted using TLS (Transport Layer Security), preventing any interception of your data.
• AES-256 Encryption at Rest: All data stored in Firebase Firestore is encrypted at rest by Google Cloud using AES-256 encryption — the same standard used by financial institutions.
• Custom Firestore Security Rules: Our database is protected by strict, purpose-built security rules ensuring users can only access their own data. No user can read or write another user's private records.
• University Email Verification: Requiring a valid @marquette.edu address ensures that only verified Marquette University community members can access the platform.
• Minimal Access Controls: Only a small, authorized group of MarqFit engineers can access backend systems, and only when strictly necessary for maintenance or to resolve a support request.
• Ongoing Security Reviews: We periodically audit our security rules and data access patterns to identify and address potential vulnerabilities proactively.

While no digital system can offer a 100% guarantee, we go above and beyond standard practices to protect your information. In the event of a security incident that affects your data, we will notify you promptly and transparently.

5. What We Never Do With Your Data

• 🚫 We never sell your personal data — to anyone, under any circumstances.
• 🚫 We never rent or trade your data — we do not participate in data broker markets.
• 🚫 We never use your fitness data for advertising — your body metrics and strength records are not used to serve targeted ads.
• 🚫 We never share your data with marketing companies — third-party advertising networks have zero access to your MarqFit data.
• 🚫 We never allow unauthorized cross-user access — our database rules prevent any user from viewing another user's private data.
• 🚫 We never disclose your full name or email address to other users — only your chosen username is visible within the community.

6. Who Can See Your Information

Here is a transparent, complete breakdown of what is visible and to whom within MarqFit:

• Other MarqFit Users: Can see your username, club memberships, and workout posts you choose to share publicly. They cannot see your email, full name, or body metrics.
• Club Members: Within a club, members may see a leaderboard displaying your username and DOTS score for ranking purposes only.
• Club Leaders/Admins: Can see member usernames and general participation activity. They do not have access to your body metrics or personal records beyond what you choose to post.
• MarqFit Team: Authorized engineers may access user records strictly to resolve technical issues or respond to support requests. All such access is logged and audited.
• No One Else. That is the complete list. Your data stays within MarqFit.

7. Your Privacy Rights & Controls

You have meaningful, actionable control over your data at all times. The following rights are available to every MarqFit user:

• Access: Request a full export of all personal data we hold on you at any time.
• Correction: Update your profile, body metrics, and personal records directly within the app at any time.
• Deletion: Request full deletion of your account and all associated data. We complete deletion within 30 days, except where legally required to retain certain records.
• Notification Opt-Out: All push notifications and email communications (beyond critical security alerts) can be disabled in Settings at any time.
• Auto-Post Control: Disable auto-posting of workout completions to your club instantly and at any time from Settings.
• Data Portability: Request your data in a standard, portable format (JSON) for personal use or transfer.

To exercise any of these rights, contact us at support@marqfit.com. We typically respond within minutes to the same day.

8. Email & Notifications

We are deliberate and respectful about how we communicate with you:

• Verification Email: Sent once during registration to confirm your @marquette.edu address. Required to activate your account.
• Password Reset Emails: Sent only when you explicitly request them.
• Security Alerts: Sent in the rare event of suspicious account activity. These cannot be disabled because they exist to protect you.
• Club & Workout Notifications: Optional push notifications for workout reminders, club updates, and achievement milestones. Fully configurable in Settings.
• No Spam, Period: We do not send promotional emails or marketing newsletters. If this policy ever changes, you will always have a clear and immediate opt-out option.

9. Data Retention

We retain your data only as long as it serves you or is required by law:

• Active Accounts: All data is retained while your account is active.
• Deleted Accounts: Upon account deletion, all personal data is permanently removed from our primary database within 30 days.
• Backup Systems: Encrypted backups may persist for up to 90 days before being permanently overwritten. Your data is not accessible during this window.
• Legal Holds: In rare circumstances, certain records may need to be retained longer to comply with legal obligations.

10. Third-Party Services

MarqFit relies on a small number of trusted third-party services to operate. We are fully transparent about each one:

• Firebase (Google Cloud): Our backend infrastructure, database, and authentication provider. Google processes data under strict contractual obligations and comprehensive security standards. See Google's Privacy Policy.
• Google Fonts: Used for app typography. Does not collect any personal user data.

We do not integrate with advertising networks, social media tracking pixels, or data analytics brokers. The list above is complete and exhaustive.

11. Children's Privacy

MarqFit is intended for users who are at least 13 years of age. Because we require a valid @marquette.edu university email address to register, our platform is naturally limited to Marquette University students and staff. We do not knowingly collect personal information from children under 13.

If we become aware that we have inadvertently collected information from a child under 13, we will delete that data promptly. If you believe a minor has created an account, please contact us at support@marqfit.com immediately.

12. Policy Updates

We may update this Privacy Policy to reflect changes in our app, applicable laws, or our practices. When we make material changes, we will:

• Post the updated policy within the app and on this page.
• Update the "Last Updated" date at the top of this document.
• Notify you via in-app notification for significant changes.

Your continued use of MarqFit after changes are posted constitutes acceptance of the revised policy. We encourage you to review this policy periodically.

13. Contact Us

We take your privacy seriously and welcome any questions, concerns, or requests:

• Support & Privacy Requests: support@marqfit.com
• Response Time: We typically respond within minutes to the same day.