GymFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use the GymFlow mobile application and related services.
By using GymFlow, you agree to the collection and use of information in accordance with this policy.
Who We Are
Data Controller: GymFlow (Individual Entrepreneur)
Jurisdiction: Georgia
Information We Collect
We collect only the information necessary to provide the GymFlow service. This includes:
- Email address (used for authentication and account access)
- Name, profile picture, and authentication provider identifiers when you use Apple Sign In or Google Sign-In
- Workout data you create, including workouts, exercises, sets, schedules, and workout history
- AI workout generation inputs, such as training preferences and selected workout parameters
- Subscription status and purchase or entitlement history supplied by Apple and RevenueCat
- Feature requests or other feedback you submit in the app
- Limited crash and diagnostic information, such as app version, device and operating-system details, error type, and technical stack traces
How We Use Your Information
We use your information solely to:
- Provide and operate the GymFlow application
- Authenticate users and manage accounts
- Store workouts and workout history
- Generate and personalize workouts using AI when you request that feature
- Manage subscription access and entitlements
- Process feature requests and feedback
- Improve app functionality and reliability
- Diagnose crashes and technical errors
- Provide customer support
- Send service-related communications such as one-time login codes and important account notifications
Payments
Payments are processed exclusively through Apple's In-App Purchase system. We do not collect, store, or process payment card or billing information. Apple and RevenueCat provide us with subscription and entitlement status so that we can unlock paid features.
AI Workout Generation
When you use AI workout generation, GymFlow sends your workout-generation inputs (for example, experience level, workout type, equipment, and duration) to OpenAI's API to generate a workout response.
We minimize personal data in AI prompts and do not intentionally include direct identifiers such as your email address in those prompts.
OpenAI may process API request and response data to provide the service and for security and abuse monitoring in accordance with OpenAI's policies.
Sharing of Information
We do not sell, rent, or trade your personal information.
We may share information only with trusted service providers that help us operate the GymFlow application (such as hosting and infrastructure providers). These providers may access personal information only as necessary to perform services for us and are required to protect it.
These service providers include:
- OpenAI (AI workout generation)
- RevenueCat (subscription and entitlement management)
- Resend (transactional email delivery)
- Sentry (crash and error monitoring)
- Render (application and database hosting)
We may also disclose information if required to do so by law or in response to valid legal requests.
Data Retention
We retain personal information only for as long as necessary to provide the service. You may delete your account at any time. Account access is disabled and active sessions are revoked immediately. Account data is retained for a seven-day recovery period and then permanently deleted during the next scheduled cleanup, normally within one additional day. Limited copies may remain in protected backups until those backups rotate, or where retention is legally required.
Security
We use reasonable technical and organizational measures to protect your personal information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
International Data Transfers
GymFlow is based in Georgia. Your information may be processed and stored in countries outside of your own. By using the service, you consent to such transfers where permitted by law.
Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate information
- Request deletion of your personal data
- Restrict or object to certain processing
You can exercise these rights by deleting your account or contacting us.
Tracking Technologies
GymFlow does not use advertising, marketing, behavioral analytics, or cross-app tracking technologies. We use Sentry only for operational crash and error monitoring. Default personal-information collection, console-log collection, and session replay are disabled.
- Local Device Storage: Used to store app state and preferences necessary for core functionality.
- Sessions: Used for secure, session-based authentication.
Children's Privacy
GymFlow is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If such information is discovered, it will be deleted promptly.
California Privacy Rights
California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know, access, and delete personal information.
GymFlow does not sell personal information.
GDPR Notice
If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including access, correction, portability, and deletion of your personal data.
Governing Law
This Privacy Policy is governed by the laws of Georgia, without regard to conflict of law principles.
Changes to This Policy
We may update this Privacy Policy from time to time. If changes are made, we will update the "Last Updated" date above. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy, you may contact us at:
support@gymflowai.fit