Privacy Policy

1. Types of Data We Collect

As an offline-first fitness tracker with cloud backup capabilities, Gymology collects specific data to provide a personalized health and fitness experience.

A. Personal & Health Data

• Identity: First Name, Last Name, Email, and Google Profile Picture (collected exclusively via Google Sign-In).
• Health & Biometrics: Age, Gender, Weight, and calculated fitness goals (e.g., Caloric Intake, Macros, Water requirements).
• Fitness Activity: Workout logs (Exercises, Sets, Reps, Weights), Rest timers, Custom Routines, and perceived exhaustion rates (RPE).

B. Sensitive Device Permissions

• Location Data (Background & Foreground): We collect precise GPS location data during active cardio or running workouts to track your route, distance, and speed. This data is tracked in the background even when the app is minimized, strictly for the duration of the active workout session.
• Physical Activity (Pedometer): Used to track your steps during workouts.
• Camera & Photo Library: Requested only if you choose to upload a profile picture or track your physical progress via progress photos.

2. How We Store & Sync Your Data

Gymology operates primarily offline-first. Your workout and health data is saved directly on your device via a local SQLite database. To prevent data loss, we synchronize your data to our private, secure cloud servers (PocketBase) and associate it with your encrypted Google ID.

3. Third-Party Services

We utilize third-party services to operate, monetize, and improve the app. These services may collect Usage Data (IP address, device identifiers, diagnostic data):

• Google Sign-In: Our sole authentication provider. We do not see or store your Google password.
• RevenueCat: Manages in-app subscriptions and pro features anonymously.
• Google AdMob: Provides display advertisements for free-tier users. AdMob may utilize specific advertising identifiers (like Google Advertising ID) to serve personalized or generic ads based on your consent.
• Google Drive API: If opted in, enables secure periodic backups of your encrypted local database directly to your personal Google Drive.

4. GDPR Compliance (European Users)

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the following data protection rights under the General Data Protection Regulation (GDPR):

• Right to Access: You can request copies of your Personal Data.
• Right to Rectification: You can edit your profile, weight, and logs directly within the app.
• Right to Erasure (Right to be Forgotten): You can permanently delete your entire account, fitness history, and profile data from our servers by navigating to "Profile > Delete Account" in the app.
• Right to Restrict Processing / Object: You can object to our processing of your data, specifically regarding personalized advertising.
• Right to Data Portability: You can request a transfer of your data. Future updates will include an automatic export feature.

Our legal basis for collecting this data is Contractual Necessity (to provide the fitness tracker service) and User Consent (for personalized ads, background location tracking, and camera access).

5. CCPA and CPRA Compliance (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights:

• Right to Know: The categories and specific pieces of Personal Information we have collected.
• Right to Delete: To delete Personal Information we collected from you.
• Right to Correct: To correct inaccurate Personal Information.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal data for money. However, sharing data with Google AdMob for personalized advertising may be considered "sharing" under the CPRA. You can opt out of personalized ads via your device's global privacy settings (e.g., "Ask App Not to Track" on iOS, or "Opt out of Ads Personalization" on Android).
• Right to Limit Use of Sensitive Personal Information: We use health and location data strictly to provide the fitness tracking functionalities you requested. We do not use it to infer characteristics about you for outside marketing.
• Right to Non-Discrimination: We will not deny you services or charge different prices for exercising your CCPA rights.

6. CalOPPA Compliance

Pursuant to the California Online Privacy Protection Act:

• Users can visit our app anonymously before signing in.
• Our Privacy Policy link includes the word "Privacy" and is permanently hosted within the App Settings.
• You will be notified of any Privacy Policy changes on this page or via an in-app banner.
• Do Not Track (DNT) Signals: We do not currently respond to browser Do Not Track (DNT) signals because we are a mobile application, but we adhere strictly to iOS App Tracking Transparency (ATT) and Android Advertising ID preferences.

7. COPPA Compliance (Children's Privacy)

In compliance with the Children's Online Privacy Protection Act (COPPA), our Service does not address and is not intended for anyone under the age of 13 (or under 16 in certain European jurisdictions).

We do not knowingly collect personally identifiable information from children. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without verifiable parental consent, please contact us immediately at support@gymology.app. We will take immediate steps to permanently remove that information from our servers.

8. Data Retention & Account Deletion

We retain your Personal Data only as long as your account is active to provide you with the Service.

You may automatically and instantly delete your account inside the Gymology app by navigating to Profile > Settings > Delete Account. Performing this action permanently purges your identity, logs, health records, and profile photos from our active cloud databases.

9. Contact Us

If you have any questions or requests regarding this Privacy Policy, your legal rights, or how your data is handled, you can securely contact our Data Protection Officer:

• Email: support@gymology.app