DexaFit Privacy Policy

Last Modified: June 14, 2025

1. Introduction

Welcome to DexaFit. We, together with our subsidiaries and affiliates (collectively, "DexaFit," "we," "us," or "our"), prioritize your privacy and are committed to protecting your personal information. This Privacy Policy outlines our practices regarding the collection, use, protection, and disclosure of personal information across our websites, mobile applications (including DexaFit AI and Operator apps), digital reports, social media platforms, interactive features, and other services linked to this Privacy Policy (collectively, the "Platforms").

Important Health Disclaimer: DexaFit is a general wellness product intended to support your overall health and wellness. It is not designed to diagnose, treat, mitigate, or prevent any disease or medical condition. Our services are meant to enhance your well-being and provide helpful insights, but they are not substitutes for medical advice or care from healthcare providers. DexaFit complies with FDA guidelines for general wellness products.

Emergency Notice: IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY, DIAL "911" IMMEDIATELY. Our Platforms are not for medical emergencies or urgent situations.

Our services provide wellness insights, including body composition assessments, bone density evaluations, cardiorespiratory and metabolic wellness tests, and wellness diagnostics. We also document wellness histories, interpret outcomes, and connect users with wellness providers for personalized guidance.

Key Definitions:

  • "Personal Information" refers to any data that can directly or indirectly identify you, such as your name, email address, phone number, and wellness-related information.

  • "De-Identified Information" refers to information that has been anonymized and cannot be linked back to you individually.

Geographic Scope: Our Platforms are intended for users in the United States. If you are accessing our Platforms from outside the United States, your information may be transferred to, processed, and stored in the U.S., where privacy laws may differ from those in your country. By using our Platforms, you consent to this transfer, processing, and storage as outlined in this Privacy Policy.

We encourage you to read this Privacy Policy carefully to understand our practices and your rights regarding your personal information.

2. Information We Collect

We collect various types of information to provide and improve our services:

Personal Identifiers

Name, email address, postal address, phone number, and account credentials. We collect these for account creation, communication, and providing the services you request.

Wellness and Health Information

Detailed wellness assessments, body composition data, bone density evaluations, fitness test results, metabolic wellness tests, wellness histories, and other health-related information. This data enables us to tailor our services to your individual needs and provide personalized insights and recommendations.

Important: This health-related data is not considered an Electronic Health Record (EHR) or Electronic Medical Record (EMR) for any purposes, including HIPAA compliance. Our use of this information is strictly for providing and enhancing our wellness services.

Demographic and Lifestyle Information

Information about your ethnicity, lifestyle choices, age, and other demographic data to help us personalize your experience and improve our services.

Third-Party Integrations

You may choose to share data from services such as Apple Health, Google Fit, or other wellness platforms to provide us with a broader understanding of your wellness and activity levels.

Usage and Technical Data

Our Platforms automatically collect certain information through technologies like cookies and web beacons, including:

  • Device information (type, operating system, browser)

  • IP address and location data

  • Usage patterns and preferences

  • Platform interaction data

Communication Data

Records of your communications with us, including support requests, feedback, survey responses, and marketing interaction history.

3. How We Use Your Information

We use the information we collect to provide, improve, and personalize our services:

Service Provision and Account Management

  • Deliver services and manage your account

  • Process transactions and billing

  • Provide customer support and respond to inquiries

  • Authenticate your identity and secure your account

  • Facilitate appointments and service coordination

Communication and Marketing

  • Send service updates, account notifications, and policy changes

  • Provide customer support and technical assistance

  • Send marketing communications about our services (with your consent)

  • Facilitate communications with wellness providers when requested

  • Personalize promotional content based on your preferences

Personalization and Platform Improvement

  • Customize content and features to your preferences

  • Analyze usage patterns to improve our services and user experience

  • Develop new features, products, and offerings

  • Conduct research and analytics to enhance service quality

  • Optimize Platform performance and functionality

AI and Technology Enhancement

  • Generate AI-powered wellness insights and recommendations

  • Test and improve experimental features and functionalities

  • Train and improve our AI algorithms using de-identified data

  • Develop predictive models for wellness trends and outcomes

De-Identified Data Uses

Critical Privacy Protection: Personally identifiable information will never be sold, shared, or disclosed to third parties without your explicit consent, except as required by law or as described in this Privacy Policy.

We may use de-identified, aggregated, or anonymized data (that cannot be traced back to you individually) for:

  • Product development and algorithm training

  • Research and service enhancement

  • Supporting clinical studies and academic research

  • Developing future products and services

  • Creating products or technologies that may be licensed to third parties

  • Internal analytics and business insights

  • Statistical analysis and trend identification

Security, Compliance, and Legal

  • Maintain Platform security and prevent fraud

  • Comply with legal obligations and regulatory requirements

  • Enforce our Terms of Service and protect user safety

  • Respond to legal requests and protect rights

4. How We Share Your Information

We do not sell your personal information. However, we may share your data in specific circumstances:

Licensed Operators and Independent Service Providers

  • Third-Party Licensed Operators: We license our software, branding, and analytics to independent operators who provide wellness services such as DEXA scans, VO2 Max testing, and RMR assessments. These operators are independent entities not owned, operated, controlled, or supervised by DexaFit. We may share necessary information to facilitate services you request, but each operator is solely responsible for their own privacy practices, regulatory compliance, and data handling. Any issues with these independent facilities must be addressed directly with the respective operator.

  • Service Providers: We work with trusted third-party service providers (hosting, payment processing, analytics, customer support) who are bound by confidentiality agreements and only use your data for specified purposes.

Wellness Provider Coordination

When you use services involving wellness diagnostics, consultations, or telehealth services, we may share relevant information with licensed wellness providers to facilitate your care, always in accordance with applicable privacy laws and your consent.

Business Operations and Corporate Transactions

  • Affiliates: We may share information with our subsidiaries and affiliates for internal operations and service delivery

  • Business Transactions: In case of merger, acquisition, restructuring, or asset sale, your information may be transferred as part of the transaction, subject to applicable laws and your rights

  • Legal Compliance: We may disclose information to comply with legal obligations, court orders, government requests, subpoenas, or to protect rights, safety, and security

Research, Analytics, and Commercial Partnerships

  • Research Partners: We may share de-identified data with academic institutions, clinical study collaborators, or research organizations for health and wellness advancement

  • Commercial Licensing: We may license de-identified data to third parties for research, analysis, technology development, or product creation that advances health and wellness knowledge

  • Analytics Partners: We may share aggregated, non-personal data with analytics and business intelligence partners

Marketing and Promotional Partners

With your explicit consent, we may share certain information with carefully selected marketing partners for relevant offers, services, or promotional opportunities that may interest you.

Emergency Situations

We may share information when we believe in good faith that disclosure is necessary to protect the vital interests of users or the public, prevent fraud, or address urgent safety concerns.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and improve our services:

Types of Technologies We Use

  • Essential Cookies: Required for Platform functionality, security, and authentication

  • Performance Cookies: Help us analyze usage patterns and improve Platform performance

  • Functional Cookies: Remember your preferences and settings for a personalized experience

  • Marketing Cookies: Enable targeted advertising and promotional content (with your consent)

Purposes

  • Maintain session functionality and remember login status

  • Remember your preferences and customization settings

  • Analyze Platform usage and user behavior patterns

  • Provide relevant content and promotional offers

  • Ensure Platform security and prevent fraudulent activity

  • Optimize Platform performance and loading times

Your Cookie Controls

You can manage cookie preferences through your browser settings or our cookie management tools when available. Note that disabling certain cookies may impact Platform functionality. For marketing cookies, you can opt out through our privacy settings or by contacting us.

Third-Party Tracking

We may work with third-party analytics and advertising partners who use tracking technologies. These partners are subject to their own privacy policies, and we encourage you to review them.

6. Your Privacy Rights

You have several important rights regarding your personal information:

Access and Information Rights

  • Right to Know: Request information about what personal data we collect, use, and share

  • Access: Request a copy of your personal information in our possession

  • Categories of Data: Learn about the categories of personal information we collect and process

Control and Correction Rights

  • Correction: Request correction of inaccurate or outdated information

  • Update: Modify your account information and preferences through your account settings

  • Completion: Request that incomplete personal information be completed

Deletion and Portability Rights

  • Deletion: Request deletion of your personal information (subject to legal retention requirements and business needs)

  • Data Portability: Request transfer of your data to third parties in certain cases

  • Account Closure: Delete your account and associated data

Consent and Communication Rights

  • Withdraw Consent: Withdraw consent for data processing based on consent at any time

  • Opt-Out of Marketing: Unsubscribe from marketing communications via email links or account settings

  • Opt-Out of Targeted Advertising: Control personalized advertising through privacy settings

  • Communication Preferences: Manage how and when we contact you

State-Specific Privacy Rights

Residents of certain U.S. states have additional rights under their respective privacy laws:

California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Virginia (VCDPA), Nevada:

  • Right to know what personal information we collect and how it's used and shared

  • Right to opt-out of sale or sharing of personal information for targeted advertising

  • Right to non-discrimination for exercising privacy rights

  • Right to limit use of sensitive personal information

  • Right to appeal decisions regarding privacy requests

How to Exercise Your Rights

To exercise these rights, please contact us at privacy@dexafit.com with:

  • Your full name and email address associated with your account

  • Specific details about your request

  • Verification information to confirm your identity

We will respond to valid requests within the timeframes required by applicable laws (typically 30-45 days) and may require additional verification for security purposes.

No Discrimination

We will not discriminate against you for exercising any of your privacy rights, including by denying services, charging different prices, or providing different quality of services.

7. Data Security

We implement industry-standard security measures to protect your personal information:

Technical Safeguards

  • Encryption of data in transit and at rest

  • Secure data storage with access controls

  • Regular security assessments and updates

  • Multi-factor authentication where appropriate

Administrative Safeguards

  • Employee training on privacy and security

  • Confidentiality agreements with staff and vendors

  • Regular privacy and security policy reviews

  • Incident response procedures

Physical Safeguards

  • Secure facilities and equipment

  • Controlled access to data centers

  • Environmental protections for servers

Important: While we implement robust security measures, no method of internet transmission or electronic storage is completely secure. We encourage you to use strong passwords and report any suspicious activity.

Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals as required by applicable laws, typically within 60 days of discovery.

8. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with legal obligations:

Retention Periods by Data Type

  • Account Information: Retained for the lifetime of your account and for a reasonable period thereafter (typically 3-7 years) for backup, audit, and legal purposes

  • Wellness Information: Stored in compliance with legal and professional standards applicable to wellness data (typically 7-10 years, or as required by applicable regulations)

  • Communication Records: Retained as needed for customer service, dispute resolution, and legal compliance (typically 3-7 years)

  • Transaction Data: Stored for periods necessary to fulfill contractual obligations and comply with tax and accounting laws (typically 7 years)

  • Marketing Data: Retained until you opt out or for reasonable business purposes (typically 3-5 years)

  • De-Identified Information: May be retained indefinitely for research, analytics, and business purposes

Secure Deletion Process

When retention periods expire or when you request deletion:

  • Personal information is securely deleted or anonymized using industry-standard methods

  • Data may remain in backup systems for a limited time before final deletion

  • De-identified or aggregated data may be retained for ongoing research and business purposes

  • Some information may be retained longer if required by legal obligations or pending legal proceedings

Factors Affecting Retention

Retention periods may be extended when necessary for:

  • Legal, regulatory, or compliance requirements

  • Pending litigation, investigations, or disputes

  • Protection of rights, safety, or security

  • Fraud prevention and detection

  • Technical requirements for secure deletion

9. Children's Privacy

Our services are intended for users aged 18 and older. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If we discover that we have inadvertently collected such information, we will delete it immediately. If you believe we have collected information from a child under 18, please contact us at privacy@dexafit.com.

10. International Users and Data Transfers

DexaFit is headquartered in the United States, and our Platforms are hosted in the U.S. If you access our services from outside the United States:

  • Your data will be transferred to and processed in the U.S.

  • U.S. data protection laws may differ from those in your country

  • We maintain high standards for data protection regardless of location

  • By using our services, you consent to this transfer

11. Regulatory Compliance

DexaFit is committed to compliance with applicable privacy and healthcare regulations:

HIPAA Compliance

While most of our general wellness services do not fall under the Health Insurance Portability and Accountability Act (HIPAA), we maintain HIPAA-compliant practices and infrastructure. When we provide services to covered entities or in situations where HIPAA applies, we ensure:

  • Appropriate safeguards for Protected Health Information (PHI)

  • Business Associate Agreements where required

  • Minimum necessary standards for data use and disclosure

  • Individual rights regarding PHI access and amendment

  • Breach notification procedures for PHI

GDPR Compliance

For users in the European Union and European Economic Area, we comply with the General Data Protection Regulation (GDPR), including:

  • Lawful bases for data processing (consent, legitimate interest, contract performance)

  • Data subject rights (access, rectification, erasure, portability, objection)

  • Data protection by design and default

  • Privacy impact assessments for high-risk processing

  • Data breach notification within 72 hours where required

U.S. State Privacy Laws

We comply with applicable state privacy laws, including:

California (CCPA/CPRA): Consumer rights to know, delete, opt-out, and non-discrimination Colorado (CPA): Consumer rights regarding personal data processing and targeted advertising Connecticut (CTDPA): Data subject rights and consent requirements for sensitive data Utah (UCPA): Consumer privacy rights and opt-out mechanisms Virginia (VCDPA): Consumer rights and data processing transparency Nevada Privacy Law: Right to opt-out of the sale of personal information

Other Regulatory Considerations

  • FDA Guidelines: Compliance with FDA regulations for general wellness products

  • FTC Guidelines: Adherence to Federal Trade Commission guidelines for data security and consumer protection

  • State Health Information Laws: Compliance with applicable state health information privacy laws

  • Professional Standards: Adherence to relevant professional and industry standards for wellness data

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. Significant changes will be communicated through our Platforms or via email. The date at the top indicates when this policy was last updated.

We encourage you to review this policy regularly to stay informed about how we protect your personal information.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Privacy Department
DexaFit, Inc.
3601 Minnesota Drive, Suite 515
Edina, MN 55435

Email: privacy@dexafit.com
General Support: support@dexafit.com
Billing: billing@dexafit.com
Website: https://dexafit.com

Cart (0)