Privacy Policy

Last updatedJune 27, 2026

Introduction

NotrEden CO., LTD. (the "Company") operates the DigiFitOS fitness management service (the "Service"). The Company values your privacy and discloses the following matters in accordance with Taiwan's Personal Data Protection Act (PDPA) and its enforcement rules. By using the Service, you acknowledge that you have read and understood this policy.

Categories of Personal Data Collected

The Service may collect the following categories of personal data while delivering its features:

Identity

Name, email address, mobile phone number, Clerk user ID, and profile picture. If you choose to sign in with Google, the foregoing email address, name, and profile picture are provided by Google.

Health & Fitness

Height, weight, date of birth, gender, training goals, and exercise history.

Assessment & Training

InBody body composition, body circumference, FMS (Functional Movement Screen), exoFit data, joint-angle / posture analysis, training records, heart rate, and RPE.

Operational

Sign-in timestamps, source IP address, device information, and system logs.

Purpose of Collection

The Company collects your personal data for the following specific purposes:

  • Providing fitness management, training scheduling, and class booking
  • Conducting fitness assessments, progress tracking, and analytics
  • Account registration, identity verification, and account security
  • Customer service, communications, and necessary administrative operations

Period, Region, Recipients, and Methods of Use

Period

Throughout the period during which the Company provides the Service and your account remains active, within the scope of the stated purposes. After termination, the Company will delete or de-identify your personal data within a reasonable period, unless otherwise required by law.

Region

Primarily processed within Taiwan. The Service uses third-party cloud providers (Clerk, Neon, Vercel), and related data may be transferred internationally to where these providers' servers are located (e.g., the United States, Singapore).

Recipients

Limited to the Company, third-party service providers contracted to deliver the Service, and individuals within your organization with a legitimate access need based on their role (coaches may access data of their own students; organization administrators may access data of organization members; students may access their own data).

Methods

Data is stored and processed electronically. Transport is encrypted using TLS, sensitive data is encrypted at rest, and access is restricted via role-based access control (RBAC).

Cookies and Similar Technologies

The Service uses only technologies that are strictly necessary for the services you have explicitly requested. Clerk's session cookies are required to maintain your signed-in state, and the browser's localStorage is used to remember your theme preference (light / dark). The Service does not use any analytics, tracking, or advertising cookies, and does not embed any third-party tracking pixels.

Third-Party Service Providers

To deliver the Service, the Company engages the following third-party providers to process your personal data:

  • Clerk — authentication and identity (data may be transferred to the United States)
  • Google — social sign-in (when you sign in with Google, the Service obtains your email address, name, and profile picture from Google via Clerk for account creation and identity verification)
  • Neon — managed PostgreSQL database (data may be transferred to the United States / Singapore)
  • Vercel — application hosting (data may be transferred to the United States and other regions)

The Company has required these providers to implement appropriate data-protection measures.

Your Rights

Pursuant to Article 3 of the PDPA, you may exercise the following rights with respect to personal data we hold about you:

  • Inquire about or request to review
  • Request a copy
  • Request supplementation or correction
  • Request to cease collection, processing, or use
  • Request deletion

You may exercise these rights by contacting us using the details below. We will respond within a reasonable time. To verify your identity, we may ask you to provide additional information for identity confirmation.

Consequences of Not Providing Personal Data

If you do not provide the data required for registration and sign-in (such as email and name), you will not be able to register or use the Service. Optional fields (such as height, weight, and training goals) affect the completeness of the assessment and analytics features but do not impact basic account use.

Security Measures

The Company applies reasonable technical and organizational measures to protect your personal data, including but not limited to: TLS encryption in transit, encryption at rest, role-based access control (RBAC), sign-in records and audit logs, regular backups, and timely vulnerability patching. However, no internet transmission is absolutely secure—please keep your account credentials confidential.

Minors

The Service's audience may include minors. If you are under 18, you may use the Service only with the consent of your legal guardian. When the Company becomes aware that a user is a minor, we may require their organization administrator or coach to confirm their guardian's consent.

Policy Updates

This policy may be amended due to legal changes or service updates. The Company will publish the effective date on this page; for material changes, we will additionally notify you by email or via in-product notice.

Contact

If you have any questions about this policy or your personal data, please contact us using the details below:

  • Company: NotrEden CO., LTD.
  • Tax ID: 96807974
  • Email: digifit_os@notredentw.com
  • Address: 1 F., No. 9, Aly. 20, Ln. 123, Sec. 6, Minquan E. Rd., Neihu Dist., Taipei City 114040, Taiwan (R.O.C.)