Your privacy,
protected.

Information You Provide Directly

• Account Information: Name, email address, username, and password when you create an account.
• Profile Information: Age, gender, height, weight, fitness goals, and experience level.
• Workout Data: Exercise logs, sets, reps, weights, workout duration, rest times, and personal records (PRs).
• Body Metrics: Body measurements, progress photos (if you choose to upload), and body composition data.
• Custom Content: Custom exercises, workout templates, notes, and tags you create within the App.
• Communications: Messages, feedback, and support requests you send us.

Information Collected Automatically

• Usage Data: Features you use, screens you visit, actions you take, and time spent in the App.
• Device Information: Device model, iOS version, unique device identifiers (IDFV), screen resolution, and language settings.
• Log Data: Crash reports, error logs, performance data, and diagnostic information.
• Network Information: IP address, connection type (Wi-Fi/cellular), and general network performance data.

Information from Apple & Third-Party Sign-In

• Sign in with Apple: If you use Sign in with Apple, we receive a unique Apple-assigned identifier and, optionally, your name and email (which Apple may relay or mask per your choice).
• HealthKit Data: With your explicit permission, we may read and write data to Apple HealthKit including step count, heart rate, active energy burned, and workout summaries. This data is never used for advertising and is never shared with third parties for marketing purposes.

We will never sell your personal information, use your health data for advertising, or use your data in ways incompatible with this policy without prior notice and consent.

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

Service Providers

• Cloud hosting and database infrastructure providers
• Crash reporting and performance monitoring tools (aggregated, anonymized data only)
• Customer support platforms
• Analytics providers (anonymized, aggregated data only)
• Payment processors for subscription management

Social & Sharing Features

If you choose to share workouts, achievements, or progress publicly within the App or to external platforms, you control what is shared. Information you make public is accessible to others.

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other governmental authority, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via in-app notification or email prior to your data becoming subject to a different privacy policy.

With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

HealthKit Integration

The App may request access to Apple HealthKit to read and write fitness-related data. HealthKit access is entirely optional. If you grant permission:

• HealthKit data is only used to enhance your personal fitness tracking experience within the App.
• We never use HealthKit data for advertising, marketing, or sale to third parties.
• HealthKit data is not shared with any third party except as strictly required to provide core functionality.
• We never disclose HealthKit data to data brokers.
• You can revoke HealthKit permissions at any time via iOS Settings → Privacy & Security → Health → Gymifi.

Body Metrics & Progress Photos

• Body measurements and weight logs are stored securely and used solely for your personal progress tracking.
• Progress photos you upload are stored encrypted and are never accessed by Gymifi staff except when you explicitly share them via support.
• You can delete your photos and body data at any time from within the App.

Sensitive Data Notice

Body weight, measurements, and fitness data may be considered sensitive personal information in certain jurisdictions. We treat this data with heightened protection, apply strict access controls, and do not use it for any purpose other than delivering the fitness tracking service you requested.

• Active Accounts: We retain all account and workout data while your account remains active.
• After Account Deletion: Upon your request, we delete or anonymize your personal data within 30 days, except where retention is required by law.
• Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently purged.
• Anonymized Aggregates: We may retain de-identified, aggregated data indefinitely for internal product improvement. This data cannot be linked back to you.
• Legal Holds: We may retain specific data longer if required by applicable law or to resolve disputes.

• Encryption in Transit: All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest: Sensitive data stored on our servers is encrypted at rest using AES-256 encryption.
• On-Device Security: Sensitive data stored locally is protected using iOS Data Protection APIs and the device's Secure Enclave where applicable.
• Access Controls: Access to user data is strictly limited to personnel who require it, governed by role-based access controls.
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments of our systems.
• Secure Authentication: We support and encourage Sign in with Apple and strong passwords.

Access & Portability

• You can view all personal data stored in your profile and workout logs directly within the App.
• You can request an export of your data in CSV/JSON format by contacting us.

Correction

• You can update or correct your profile information, body metrics, and workout data at any time from within the App's settings.

Deletion

• Delete your account and all associated data from Settings → Account → Delete Account within the App.
• You may also submit a deletion request to our support email. We will process requests within 30 days.

Push Notifications

• Enable or disable push notifications via iOS Settings → Notifications → Gymifi or within the App.

HealthKit Permissions

• Revoke HealthKit permissions via iOS Settings → Privacy & Security → Health → Gymifi at any time.

Marketing Communications

• Opt out of promotional emails using the unsubscribe link in any marketing email or from within the App.

Tracking & Analytics (ATT)

• If the App requests App Tracking Transparency (ATT) permission, you may deny tracking. The App functions fully regardless of your ATT choice.

Gymifi is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will promptly delete such information from our systems.

By using the App, you represent that you are at least 13 years of age (or the applicable age of digital consent in your jurisdiction).

App Store & Apple Guidelines

• This App is distributed via the Apple App Store and we comply fully with Apple's App Store Review Guidelines and Developer Program License Agreement.
• Apple's own privacy policy governs Apple's collection and use of data in connection with App Store operations.

Sign in with Apple

• We support Sign in with Apple as a privacy-preserving authentication option. If you choose to hide your email, Apple provides a relay address and we respect this entirely.
• We do not attempt to de-anonymize Apple-relayed email addresses.

HealthKit

• Gymifi uses HealthKit APIs solely to read/write fitness and health data for workout tracking features.
• HealthKit data is not used for advertising or market research.
• HealthKit data is not shared with third parties for any purpose unrelated to the App's core health and fitness functionality.
• We never disclose HealthKit data to data brokers.

App Privacy Nutrition Labels

In accordance with Apple's App Privacy requirements, we disclose the following data practices in the App Store listing:

In-App Purchases

Any in-app purchases or subscriptions are processed by Apple through its In-App Purchase system. Gymifi does not directly receive or store your payment card information. Apple's privacy policy governs all payment data.

Push Notifications & ATT

• We request permission before sending push notifications. You may decline or revoke this at any time.
• Denying App Tracking Transparency permission has no impact on core App functionality.

The App may use the following categories of third-party services. Each is bound by its own privacy policy:

• Cloud Infrastructure: For secure data storage and sync. Providers operate in SOC 2 compliant environments.
• Crash Reporting: Anonymized crash and performance logs to help identify and fix bugs.
• Analytics: Privacy-first analytics tools that process only aggregated, anonymized data. No individual user profiles are created for advertising.
• Payment Processing: Subscriptions managed through Apple's App Store. Apple's In-App Purchase terms apply.

We carefully vet all third-party providers and require them to handle your data only as instructed by us and in compliance with applicable privacy laws.

Gymifi data may be stored and processed in servers located in various countries, including India and the United States. If you are in the EEA, United Kingdom, or other regions with data transfer restrictions:

• We transfer your data only to countries providing adequate data protection, or we use Standard Contractual Clauses (SCCs) approved by the European Commission.
• By using the App, you consent to the transfer of your information to countries outside your country of residence.

If you are a California resident, you have the following rights under the CCPA and CPRA:

• Right to Know: Request information about categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
• Right to Limit Sensitive Personal Information: Request that we limit use of sensitive data (such as health/fitness data) to necessary purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.

We will verify your identity and respond within 45 days of receiving your request.

If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights under the GDPR or equivalent local law:

• Right of Access (Art. 15): Request access to your personal data and obtain a copy.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction of Processing (Art. 18): Request that we limit how we use your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority (DPA).

We will respond to GDPR requests within 30 days (extendable to 60 days for complex requests).

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this page.
• Your continued use of the App after the effective date constitutes acceptance of the updated terms.
• If you do not agree to the updated policy, you may stop using the App and request deletion of your account.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out: