Overview
cult.fit (Cure.fit) operates across fitness (cult.fit), nutrition (eat.fit), mental health (mind.fit), and primary care (care.fit). This ecosystem processes intimate health data: workout performance, physical measurements, dietary habits, mental health engagement, and medical consultations. Combined with wearable device integration, cult.fit maintains continuous health monitoring.
Key DPDP Concerns
Health Data Without Health Protections
cult.fit treats health metrics as standard consumer data:
- Heart rate and calorie data from workouts
- Body measurements and BMI tracking
- Injury history and physical limitations
- Mental health content consumption (anxiety, stress, depression topics)
- Nutritional data and dietary restrictions
Under DPDP, this comprehensive health profile requires enhanced consent, strict retention, and limited sharing.
Mental Health Data Sensitivity π΄
mind.fit engagement reveals:
- Meditation for anxiety β reveals mental health concern
- Sleep improvement content β reveals sleep disorders
- Stress management β reveals psychological state
This is among the most sensitive personal data categories β processed under basic app consent.
Recommendations
- Classify all fitness/health data as health information under DPDP
- Implement separate consent per service β Fitness tracking, mental health, nutrition, and medical services each need independent consent
- Define health data retention β βWorkout data: 1 year rolling; body measurements: until user deletion; mental health engagement: 90 days; medical consultations: per medical record standardsβ
- Add mental health data special protections β Enhanced encryption and minimal sharing
- Build health data portability β Allow export of health metrics, workout history, and nutrition data
How Does Your Policy Compare?
π Run Your Free DPDP Audit β
Analysis conducted by DPDP Consulting, a Meridian Bridge Strategy initiative. For a comprehensive compliance roadmap, book a free consultation.