Skip to content

Privacy

How we handle your data.

Last updated 2026-06-09

This policy covers two things: this website and its waitlist, which are live today, and the Aro Fitness app, which launches in late 2026. The website and waitlist sections apply right now. The app sections describe how the product is built and will apply in full from the day it launches. We’d rather you read our commitments before launch than after.

Aro Fitness is a brand of ArogyaBridge Pvt Ltd (incorporation in progress), which will be the data fiduciary under India’s Digital Personal Data Protection Act, 2023 once registered. Until then, the founding team in Bengaluru is personally accountable for everything below.

1. Who we are

Aro Fitness builds software for Indian fitness trainers and small studios. The operating entity is ArogyaBridge Pvt Ltd (incorporation in progress), based in Bengaluru, India. For anything in this policy, write to privacy@aro.fitness . For everything else, it’s hello@aro.fitness .

2. What this policy covers

This policy covers data we handle about:

One thing worth saying plainly: when a trainer or studio records data about their members and leads, they are using Aro as a tool for their business. We process that data to run the service for them — we don’t use it for our own purposes beyond what’s in this policy.

3. Data we collect

Account and identity

Name, mobile number (your primary identity in Aro), email address, and preferred language. For studios: the studio’s name, type, and settings.

Health and fitness data — handled with extra care

Members and their trainers may record date of birth, gender, dietary preference, allergies, body measurements, and ongoing vitals such as weight, sleep, workout performance, and fasting blood sugar. Members may also add progress photos. This is sensitive data. It is collected only with the member’s explicit consent, visible only to the member and their own trainer or studio, and never used for advertising or sold to anyone.

Connected health data from Apple Health and Health Connect

If you choose to connect Aro to Apple Health (on iPhone) or Health Connect (on Android), Aro reads a limited set of fitness metrics from your device — steps, active energy, heart rate, sleep, weight, and workouts — and stores them alongside your other vitals so you and your trainer can follow your progress. This connection is:

We do not transfer health data obtained from Apple Health or Health Connect to any third party for advertising, and we do not use it to build profiles. It is used only to show your progress inside Aro. Our use of this data follows Apple’s and Google’s health-data requirements, including their limits on how such data may be used.

Activity logs

Diet and meal logs, weight logs, session attendance, and streaks — the day-to-day record of training that makes Aro useful.

Membership and payment records

Membership type, dues, payment status, and renewal dates, as recorded by the studio. Aro tracks these records for the studio; we do not process card or UPI payments and never see payment instrument details.

Community content

Posts, photos, captions, cheers, and milestones shared on a studio’s feed. This content is visible within that studio’s community, not publicly.

Leads

When someone enquires with a studio, the studio may record their name, contact details, and how they found the studio (for example, Instagram, WhatsApp, a referral, or a walk-in).

Website and waitlist

If you join the waitlist, we collect the name, mobile number, email address, role, city, current toolset, and the open notes you choose to share. Today this lands in our inbox as an email — it is not stored in a product database.

Device and technical data

Push notification tokens (so we can send notifications you’ve opted into), and the usual technical basics — IP address, device type, app version — needed to run and debug the service.

4. How we use it

That’s the list. We don’t use your data for advertising, we don’t build profiles for third parties, and we don’t sell data. Ever.

Under the DPDP Act, consent is the basis on which we process personal data. In Aro, consent isn’t a checkbox buried in onboarding — it’s built into the product. Sensitive things like progress photos and family sharing each require their own explicit consent. We record exactly what you agreed to, in which language, and when.

Withdrawing consent works immediately: revoke photo consent and photo access is cut off; revoke family sharing and the family viewer loses access. Withdrawal is as easy as granting — in the app, or by writing to privacy@aro.fitness .

6. AI features

Some Aro features use AI: analysing a photo of your plate to estimate calories, helping write posts and messages, and summarising activity for trainers. When you use these features, the relevant content — a meal photo, a draft caption, roster text — is sent to AI providers to generate the result. We use LLM and image-generation providers including Google, Sarvam AI, OpenRouter, and fal.ai. We send only what the feature needs, and we don’t permit these providers to use your content to train their models where the provider offers that control.

AI outputs are assistive and can be wrong. A calorie estimate is an estimate, not a lab measurement.

7. Who we share data with

We share data with the service providers who run Aro’s infrastructure:

Within the product, your data is visible to the people you’d expect: a member’s data is visible to their own trainer or studio, and to a family viewer only if the member grants it. One studio can never see another studio’s data. Beyond this, we disclose data only if the law requires us to.

8. Where data lives, and how it’s protected

Every studio’s data is isolated at the database level — access rules are enforced by the database itself, not just by the app. Photos live in a private storage bucket and are served only through short-lived signed links that expire in minutes. Data is encrypted in transit. Privacy-sensitive actions — exports, deletions, consent changes — are written to an audit log so there’s always a record of who did what.

9. How long we keep data

10. Your rights

Under the DPDP Act 2023, you can:

Email privacy@aro.fitness and we’ll respond within 7 days. The app will include export and delete tools so you can do most of this yourself, without writing to anyone.

For website analytics specifically: if you accepted analytics cookies and later sent us an enquiry, we can erase the analytics record tied to that enquiry on request (we action it through Google Analytics’ deletion process). Analytics from visitors who only browsed and never enquired isn’t linked to any identifier we hold, and expires automatically under our minimum data-retention setting.

11. Children

Aro is for adults. You must be 18 or older to create an account or be added as a member. We don’t knowingly collect data about anyone under 18; if we learn we have, we’ll delete it.

12. Cookies and analytics

This site uses Google Analytics 4 with IP anonymisation. No cross-site tracking, no ad pixels, no third-party retargeting cookies on this site. If you’d rather we not measure your visit, your browser’s “Do Not Track” signal is respected.

13. Grievance Officer

If something about how we’ve handled your data feels wrong, write to our Grievance Officer at privacy@aro.fitness . You’ll get an acknowledgement, and a substantive response within 7 days. If you’re not satisfied, the DPDP Act gives you the right to escalate to the Data Protection Board of India.

14. Changes to this policy

When we change this policy, we’ll update the date at the top. For changes that matter — new data categories, new sharing — we’ll tell you directly in the app or by email, not just quietly edit a webpage.

Questions about anything above? Write to privacy@aro.fitness .