fictive

Privacy Policy

Effective Date: 21 February 2026

This Privacy Policy describes how Fictive (“we”, “us”, “our”) collects, uses, stores, and shares your personal information when you use the Fictive mobile application and related services (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

  • Account information: email address and optional display name when you register.
  • User content: messages, prompts, and other text you submit during workout conversations with AI characters.

1.2 Information Generated by the Service

  • AI responses: text generated by AI models in response to your messages.
  • Audio files: text-to-speech recordings of AI character responses.
  • Workout summaries: AI-generated summaries of completed workout sessions.
  • Session notes: information extracted from conversations (such as fitness goals, preferences, achievements, and limitations) used to personalise future sessions.

1.3 Information Collected Automatically

  • Authentication data: Firebase authentication tokens, user identifiers, and sign-in method.
  • Usage metadata: timestamps of account creation, session activity, and workout completion.

1.4 Information We Do Not Collect

We do not collect your location data, device identifiers, contacts, photos, or health data from your device. We do not use cookies, advertising trackers, or third-party analytics services.

2. How We Use Your Information

We process your personal information to:

  • Provide, operate, and maintain the Service, including generating AI workout conversations and text-to-speech audio.
  • Personalise your experience by recalling information from previous sessions (e.g. fitness preferences, goals, and progress).
  • Authenticate your identity and secure your account.
  • Communicate with you regarding your account, security alerts, or changes to the Service.
  • Comply with legal obligations and enforce our terms of service.

We do not use your personal information for advertising, profiling for marketing purposes, or automated decision-making that produces legal effects.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal information are:

  • Contract performance: processing necessary to provide the Service you have requested.
  • Legitimate interests: improving and securing the Service, provided these interests are not overridden by your rights.
  • Legal obligation: processing required to comply with applicable law.

4. Third-Party Service Providers

We share your information with the following categories of third-party processors, solely to provide the Service. We do not sell, rent, or trade your personal information.

AI Model Providers (via OpenRouter)

Your conversation messages are transmitted to large language model providers (including Anthropic and OpenAI) through OpenRouter to generate AI responses. These providers act as data processors and process your messages in accordance with their respective privacy policies and data processing agreements.

ElevenLabs (Text-to-Speech)

The text of AI character responses is sent to ElevenLabs to generate spoken audio. ElevenLabs processes this data in accordance with its privacy policy.

Google Firebase (Authentication)

We use Firebase Authentication to manage user sign-in. Firebase processes your email address and authentication credentials in accordance with Google's privacy policy.

Cloudflare (Infrastructure and Storage)

Generated audio files are stored using Cloudflare R2. Our servers may also use Cloudflare for network security and performance. Cloudflare processes data in accordance with its privacy policy.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate. Where required, we rely on appropriate safeguards such as standard contractual clauses to ensure your data is protected.

6. Data Retention

We retain your personal information for as long as your account is active and as necessary to provide the Service. Specifically:

  • Account data: retained until you delete your account.
  • Conversation history and workout data: retained to provide continuity and personalisation across sessions, until you delete your account.
  • Audio files: retained until the associated account is deleted.

When you delete your account, all associated personal data is permanently and irreversibly deleted from our systems, including conversations, workout summaries, session notes, and audio files.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption in transit (TLS/HTTPS) for all data transmissions.
  • Secure authentication using industry-standard tokens.
  • Access controls restricting data access to authorised personnel and systems.

No method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data and account.
  • Data portability: request your data in a structured, machine-readable format.
  • Restriction: request that we limit processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.

To exercise any of these rights, please contact us at privacy@fictive.app. We will respond to your request within 30 days. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@fictive.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy within the app and updating the “Effective Date” above. Your continued use of the Service after any changes constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@fictive.app