Developer & Organization Information
Developer Name: DexaSlim
Organization: FITPAL LLC
DBA: DexaSlim
Address:
FITPAL LLC
1441 Broadway FL 3
New York, NY 10018-1905
United States (US)
Website: https://dexaslim.com/
1. Responsible Entity
FITPAL LLC d/b/a DexaSlim is the controller of your Personal Data unless otherwise specified in this Privacy Policy.
If we are processing Personal Data on behalf of a third party that is not an agent or affiliate of DexaSlim, this Privacy Policy may not apply; instead, the third party’s privacy policy will apply.
2. What Information We Collect
“Personal Data” means information that can be used on its own or with other information to identify you or contact you. Some Personal Data we collect may be considered health data or “Protected Health Information (PHI)” depending on your use of the Services and applicable law.
A. Demographic & Account Data
- Name
- Date of birth or birth year
- Biological sex
- Email address
- Phone number
- Account credentials (e.g., username, password hash)
- Profile settings and preferences
Collected via account registration, intake forms, and profile updates.
B. Health & Clinical Data (Patient Users)
- DEXA scan data and related body composition metrics (e.g., body fat %, lean mass, regional composition)
- Bone density metrics and results
- Visceral adipose tissue (VAT) values
- Resting metabolic rate (RMR) and VO₂ max data (if applicable)
- Laboratory values and results (if provided)
- Symptoms, health goals, medical history, allergies, medications (as provided)
- Communications with Provider Users through the Services
- Progress tracking inputs you submit
Collected via secure questionnaires, uploads (e.g., diagnostic reports), manual entry, provider input, and authorized device integrations (if offered).
C. Payment Data
- Billing name and address
- Payment card or bank account information
- Transaction and receipt details
Payments are processed through secure third-party payment processors. DexaSlim generally does not store full payment card numbers except as needed for secure processing.
D. Technical, Device & Usage Data
- IP address (or proxy server)
- Device and application identifiers
- Browser type, operating system, and system configuration
- Referring/exit pages, pages viewed, clicks and interactions
- Usage timestamps and diagnostic logs
- Approximate location (derived from IP, if enabled/available)
Collected automatically via log files, essential cookies, and similar technologies.
E. Support Data
- Customer service communications and support tickets
- Call recordings (where permitted) for training, quality assurance, and customer service
3. How We Use Your Data
We use Personal Data to:
- Create and manage user accounts
- Provide and operate the Services (including scheduling, communications, and reporting features)
- Generate analytics, summaries, and insights related to user-submitted health metrics
- Facilitate communications between Patient Users and Provider Users (where applicable)
- Process payments and provide transaction support
- Improve, maintain, and secure the Services
- Respond to support requests and troubleshoot issues
- Comply with legal obligations and respond to lawful requests
- Enforce our terms, policies, and protect safety, rights, and property
We process Personal Data based on one or more of the following legal bases (as applicable): contractual necessity, legitimate business interests, legal obligations, and/or your consent.
Consent-based processing: Where required by law or where we choose to do so, we will request your consent before using or disclosing Personal Data for certain purposes, including sending data to AI providers for analysis (see Section 4).
4. AI / ChatGPT Data Processing
DexaSlim may use artificial intelligence (“AI”) tools to assist with analyzing user-submitted data to generate summaries, educational insights, and trend analyses. AI tools are used to enhance your experience and support provider review where applicable. AI is not a substitute for professional medical advice, diagnosis, or treatment.
4.1 What Data May Be Sent for AI Analysis
With your explicit authorization, DexaSlim may transmit limited data necessary to fulfill an AI analysis request. This may include:
- First name (or an internal user identifier)
- Age or birth year
- Biological sex
- DEXA metrics (e.g., body fat %, lean mass, regional composition)
- Bone density metrics
- RMR and VO₂-related metrics (if provided)
- Laboratory values (if provided)
- Self-reported inputs (e.g., goals, symptoms, progress tracking notes)
- Non-identifying metadata necessary for contextual analysis
We do not send Social Security numbers, passwords, or unrelated financial account credentials to AI systems. We do not send full unredacted medical records unless explicitly required for the requested analysis and authorized by you.
Where feasible, data is minimized and may be de-identified or pseudonymized prior to transmission.
4.2 Who the Data Is Sent To
AI analysis services may be provided by:
OpenAI, L.L.C.
3180 18th Street
San Francisco, CA 94110
United States
Data is transmitted via encrypted connections and processed in accordance with applicable contractual terms and security safeguards.
4.3 Permission Before Sending Data
DexaSlim will obtain affirmative consent before transmitting your Personal Data to an AI processor. Consent may be obtained via:
- An in-app consent checkbox prior to submitting data for AI analysis
- Digital acknowledgment during onboarding
- A separate authorization form where required
You may decline AI processing and still access core Services. You may withdraw consent at any time by contacting support@dexaslim.com. Withdrawal will stop future transmissions for AI analysis.
4.4 Third-Party Protection Standards
DexaSlim shares data only with third parties that are contractually obligated to protect it and that maintain safeguards equal to or greater than DexaSlim’s standards, including encryption, access controls, and confidentiality obligations.
5. Where Data Is Stored
Personal Data DexaSlim collects through the Services is stored on secure servers in the United States. We may use third-party service providers to store or process data on our behalf. These providers are contractually required to protect Personal Data and use it only for the purposes for which it is shared.
7. HIPAA & Health Data
Certain information collected through the Services may be considered health data or PHI. DexaSlim aims to maintain safeguards aligned with HIPAA standards and applicable state health privacy laws where appropriate.
Where PHI is involved, we limit disclosures, require appropriate authorization where required, and apply administrative, physical, and technical safeguards. If required for specific relationships or workflows, we may enter into Business Associate Agreements (BAAs) with relevant partners.
8. Data Retention
We retain Personal Data for as long as you maintain an account or use the Services and for up to five (5) years after account closure, unless a longer retention period is required by law or necessary for legitimate business purposes (e.g., dispute resolution, safety, compliance). Anonymized or aggregated data may be retained indefinitely.
9. Data Security
DexaSlim uses a combination of reasonable administrative, technical, and physical safeguards designed to protect Personal Data, which may include: encryption in transit (e.g., TLS), encryption at rest, access controls, authentication safeguards, monitoring, and secure backups.
However, no internet transmission or storage system can be guaranteed to be 100% secure. You use the Services and transmit information at your own risk.
10. Your Rights
Subject to applicable law, you may have the right to:
- Access your Personal Data held by us
- Request correction of inaccurate or incomplete Personal Data
- Request deletion/erasure of Personal Data (where permitted)
- Restrict or object to certain processing (where applicable)
- Withdraw consent (for processing based on consent)
- Request data portability (where applicable)
- Lodge a complaint with a supervisory authority
To exercise these rights, contact support@dexaslim.com. We may need to verify your identity before fulfilling certain requests.
Automated processing: You may have rights related to automated decision-making under certain laws. DexaSlim does not use AI outputs as the sole basis for decisions that produce legal or similarly significant effects without appropriate safeguards.
12. Minors
The Services are not intended for individuals under 18. We do not knowingly collect Personal Data from minors. If you believe a minor has provided Personal Data, please contact us and we will take steps to delete it, as appropriate.
13. California Privacy Rights
California residents may have additional rights regarding their Personal Data. Where applicable, you may request information about categories of Personal Data disclosed to third parties for direct marketing purposes during the preceding calendar year (if any), and the categories of Personal Data shared.
Submit requests to support@dexaslim.com with the subject line California Privacy Rights.
14. Data Breach Notification
If a reportable breach of unsecured Personal Data or PHI is discovered, we will notify affected individuals as required by applicable law and, where applicable, no later than 60 days from discovery.
15. Revisions
We may update this Privacy Policy from time to time. We will post the updated policy and revise the “Last Updated” date at the top. Your continued use of the Services after an update becomes effective constitutes acceptance of the updated Privacy Policy.
16. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact:
FITPAL LLC d/b/a DexaSlim
1441 Broadway FL 3
New York, NY 10018-1905
United States (US)
Website: https://dexaslim.com/
Email: support@dexaslim.com
Please note: email communications are not always secure. Do not include highly sensitive information in emails.