fitRDY Security
Last updated: May 22, 2026
1. Security Contact
Report suspected vulnerabilities, data exposure, account takeover risk, or security abuse to fitRDY Inc. at hello@fitrdy.com.
Do not send passwords, API keys, provider tokens, payment details, or unnecessary health data in the first report. We will ask for more detail through an appropriate channel if needed.
2. What To Include
- A short description of the issue and why it may create risk.
- Steps to reproduce, affected URLs or app screens, and approximate time observed.
- The account email used for testing, if relevant.
- Whether any personal, health, payment, credential, or token data was accessed.
3. Responsible Testing
- Do not access, change, download, or share another person's data.
- Do not run denial-of-service, spam, phishing, social engineering, or physical attacks.
- Do not test against production data beyond what is necessary to demonstrate the issue safely.
- Stop testing and report immediately if you encounter sensitive data that is not yours.
4. Security Practices
fitRDY uses role-based access controls, scoped authentication checks, encrypted transport, controlled server-side storage for integration credentials, and operational logging for monitoring and incident response. Security practices may evolve as the product, integrations, and regulatory obligations change.
Staff and operational access should be limited to people who need it for support, security, beta validation, or service operation. Access to sensitive account data should be logged or otherwise reviewable where the system supports it.
5. Privacy and Deletion
Privacy rights and deletion requests are handled through Privacy Policy, Data Deletion, and Support.