Privacy Policy — Traximus
Effective date: 2026-05-05 Last updated: 2026-05-05
1. Who we are
Traximus ("we", "us", "our") is a WhatsApp-based AI fitness companion service operated by Traximus, registered at 89 Vardhman Nagar, Bikaner 334001, Rajasthan, India / 8-2B, Street 23A, Al Garhoud, Dubai, UAE, India.
Contact for privacy matters: contact@traximus.fit Grievance Officer (per IT Rules 2021): Rahul Upadhyay, contact@traximus.fit — must respond within 30 days.
This Privacy Policy explains what personal data we collect when you use Traximus, why we collect it, how we use and protect it, and what rights you have under Indian law (the Digital Personal Data Protection Act, 2023 — "DPDP Act"; and the Information Technology Act, 2000 with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — "SPDI Rules"; and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021).
2. What data we collect
2.1 Provided directly by you
When you onboard and chat with Traximus on WhatsApp, you may share:
- Identity: WhatsApp phone number (required), preferred name, age, gender.
- Health & fitness data:
- Body metrics (height, weight, body composition).
- Fitness goals (weight loss, muscle gain, endurance, etc.).
- Workout history (exercises, sets, reps, weights, duration).
- Nutrition data (meals, macros, calories, water intake, supplements).
- Self-reported energy levels, mood, sleep, soreness.
- Photos of meals (when you choose to log via photo).
- Voice notes (when you choose to log via voice).
- Lifestyle: city/location (free-text from you, not GPS), dietary type (vegetarian, vegan, eggetarian, non-vegetarian), dietary restrictions, allergies.
- Preferences: preferred persona ("commanding officer", "supportive coach", etc.), preferred language, reminder times.
- Free-text messages: anything else you type in WhatsApp chat with Traximus.
2.2 Generated automatically
- Message metadata: WhatsApp message IDs and timestamps (received from Meta Cloud API), required to deduplicate and order conversation.
- Service logs: request timestamps, error events, system-generated identifiers tied to your phone number.
- Usage analytics: message counts, feature usage frequency (workout starts, meals logged, etc.) — no third-party trackers.
2.3 What we do not collect
- We do not access your WhatsApp contacts, status, or chats with anyone other than Traximus.
- We do not access your device camera, microphone, GPS, or files directly — we only see what you choose to send via WhatsApp.
- We do not collect payment card numbers (handled by our payment processor — see §6).
- We do not track you across other apps or websites.
- We do not use facial recognition or biometric identification on photos you send.
2.4 Categories under SPDI Rules
Under the SPDI Rules, the following categories of data we collect qualify as "sensitive personal data or information":
- Physical, physiological, and mental health condition (height, weight, body metrics, mood, sleep).
- Medical records (any conditions or restrictions you share).
We process these only with your explicit consent (which you give by interacting with Traximus on WhatsApp).
3. Why we collect it (purposes of processing)
| Purpose | Legal basis (DPDP Act §7) |
|---|---|
| Provide the core fitness companion service (replies, plans, tracking) | Consent + necessary for performance of service |
| Generate personalized workout and nutrition plans | Consent |
| Send reminders, check-ins, and progress reports | Consent |
| Maintain conversation history so you don't repeat yourself | Necessary for performance of service |
| Detect abuse, prevent spam, enforce rate limits | Legitimate uses (DPDP §7(b)) — security |
| Comply with legal requests from Indian authorities | Compliance with law |
| Improve the service (anonymized, aggregated only) | Consent |
We do not use your data to train third-party AI models. We do not sell your data.
4. Who we share it with
4.1 Sub-processors
We use the following third parties to operate Traximus:
| Sub-processor | Purpose | Data shared | Data location |
|---|---|---|---|
| Google Cloud Platform (Vertex AI — Gemini) | AI inference for chat replies, plan generation | Your WhatsApp messages, conversation context | global region (Google's multi-region) |
| Meta Platforms (WhatsApp Business Cloud API) | Message delivery to/from your WhatsApp | All inbound/outbound messages, your phone number | Meta's regional infrastructure |
| Hostinger International Ltd. (KVM4 VPS) | Hosting our application server, database, cache | All data above, at rest | Asia-Pacific (specify exact region: Singapore/Mumbai) |
| Sentry (Functional Software, Inc.) (once activated) | Error monitoring and diagnostics | Stack traces and error events (no message bodies — explicitly stripped) | United States |
| Payment processor (to be announced) | Payment processing for paid tiers | Payment instrument details (card/UPI), billing address, transaction history | India (Razorpay) or US (Stripe) |
Each sub-processor is bound by its own data protection terms and processes data only on our instructions.
4.2 We do not share with
- Advertisers, marketers, data brokers.
- Insurance companies (your fitness data stays between you and Traximus).
- Other Traximus users — your data is per-user-isolated.
- Anyone for cross-border transfer except as listed in §4.1 (where the sub-processor is outside India).
4.3 Cross-border transfer
Some sub-processors above (Google, Meta, Sentry) are based outside India. We rely on those companies' standard data-transfer terms. Under DPDP §16, the Government of India may restrict transfer to specific countries — if any such restriction takes effect, we will switch to compliant alternatives.
4.4 Legal requests
We may disclose your data if required by:
- A valid order from an Indian court or government authority.
- Compliance obligations under the IT Act 2000, DPDP Act 2023, or other Indian law.
We will not voluntarily disclose to foreign authorities without legal compulsion.
5. How long we keep it
| Data category | Retention |
|---|---|
| WhatsApp phone number, profile (name, age, etc.) | While your account is active + 30 days after deletion request |
| Conversation history (1 year) | 365 days rolling — older messages auto-purged |
| Workout / nutrition / weight logs | 365 days rolling |
| Photos and voice notes | 90 days, then deleted |
| Service logs (request timestamps, error events) | 90 days |
| Database backups | 14 days rolling |
| Anonymized aggregate analytics | Indefinite (no longer linked to you) |
Account deletion: when you request deletion (see §7.4), we delete all of the above within 30 days, except backups which expire on the 14-day rolling cycle.
6. Payments
If you subscribe to a paid tier:
- We do not see or store your card number, CVV, or UPI PIN.
- These are handled directly by our payment processor to be announced.
- We receive only: transaction success/failure, billing email, last 4 digits of card / masked UPI handle.
- See the payment processor's own privacy policy for how they handle payment data.
7. Your rights
Under the DPDP Act 2023, you have these rights. To exercise any of them, message us "privacy" on WhatsApp or email contact@traximus.fit.
7.1 Right to access (DPDP §11)
You can request a summary of the personal data we hold about you. We will provide it within 15 working days.
7.2 Right to correction and erasure (DPDP §12)
You can ask us to correct inaccurate data or erase data that is no longer needed. We will act within 15 working days unless retention is required by law.
7.3 Right to grievance redressal (DPDP §13)
If you have a complaint about how we handle your data:
- First contact our Grievance Officer (see §1) — must respond within 30 days.
- If unresolved, you may approach the Data Protection Board of India under DPDP §27.
7.4 Right to withdraw consent / delete account (DPDP §6(4))
You can withdraw consent at any time by:
- Messaging "delete my account" on WhatsApp, OR
- Emailing contact@traximus.fit from your registered phone number's email.
We will:
- Stop further processing within 24 hours.
- Delete all your data within 30 days (backups expire on 14-day cycle).
- Confirm deletion in writing.
7.5 Right to nominate (DPDP §14)
You can nominate another individual to exercise your rights in the event of your death or incapacity. Email us their name + relationship + contact.
7.6 Children
Traximus is not intended for users under 18. We do not knowingly collect data from children. If you are a parent/guardian and believe your child has used Traximus, contact contact@traximus.fit and we will delete the account.
8. How we protect your data
- In transit: all communication uses HTTPS (TLS 1.2+) and WhatsApp's end-to-end encryption between you and Meta's servers. Inside our infrastructure, we additionally use TLS for inter-service calls.
- At rest: database and backups stored on encrypted disk (Hostinger KVM4 LUKS encryption). Backup files restricted to root, mode 600.
- Access control: only the Traximus founder has direct production access. No third-party engineers, no support outsourcing.
- Authentication of WhatsApp webhook calls: every incoming call is HMAC-SHA256-verified against Meta's signature so spoofed messages are rejected.
- Rate limiting: per-user message rate limits to mitigate abuse.
- No payment data on our servers: delegated to PCI-DSS-compliant payment processor.
If a personal data breach occurs that is likely to result in significant harm, we will notify the Data Protection Board of India under DPDP §8(6) and notify affected users without undue delay.
9. Cookies and tracking
Traximus does not use cookies — interaction is via WhatsApp only. The marketing site at traximus.fit may use minimal analytics cookies (described in that site's separate cookie policy when launched).
10. AI processing transparency
When you message Traximus, your message and recent conversation history are sent to Google Vertex AI (Gemini models) for inference. Specifically:
- The model receives: your current message, your relevant chat history (today's messages + summarized older context), your fitness profile, and our system instructions.
- The model generates: a reply, and may call internal tools (e.g.
log_meal,start_workout). - Google's Vertex AI terms specify they do not use customer data to train Google's models when accessed through paid Vertex API.
- We do not use third-party AI services other than Google Vertex AI.
If you prefer not to have your messages processed by AI, do not use Traximus — there is no way to use the service without AI processing.
11. Updates to this policy
We may update this policy as the service evolves or law changes. Material changes will be communicated to you via WhatsApp at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent change.
12. Governing law and disputes
This Privacy Policy is governed by the laws of India. Any dispute arising from it shall be subject to the exclusive jurisdiction of the courts at Bikaner, Rajasthan.
13. Contact
| Privacy questions | contact@traximus.fit |
| Grievance Officer | Rahul Upadhyay, contact@traximus.fit, available Mon–Fri 10am–6pm IST |
| Postal address | Traximus, 89 Vardhman Nagar, Bikaner 334001, Rajasthan, India / 8-2B, Street 23A, Al Garhoud, Dubai, UAE |
End of Privacy Policy.