Privacy Policy
Last updated: April 20, 2026 · GymTrack Pro
GymTrack Pro ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights under GDPR and CCPA.
1. Information We Collect
We collect only the data needed to run your account and deliver the service. Specifically:
- Account information — username, password (stored as a salted bcrypt hash, never in plain text), and, if you choose to provide them, an email address and display name. You may also use the app as a "guest" without providing any of these; in that case we generate an anonymous account identifier instead.
- Workout data — training cycles, workout days, exercises, logged sets (weight, reps, RPE, RIR), session start/finish times, and any free-text notes you add to sessions or sets.
- Equipment and preferences — your custom plates, bars, machine labels, rest timer defaults, weight unit (kg/lb), sound preference, and theme.
- Subscription status — whether you have an active GymTrack Pro subscription, its expiry date, and which store it came from. We do not see or store your payment card details.
- Push notification token — if you enable rest-timer notifications, the operating system gives us an opaque device push token so we can deliver those notifications.
- Server logs — like virtually all online services, our API server records the IP address, user-agent, and timestamp of each request for security, abuse-prevention, and debugging purposes. These logs are retained for a limited period and are not used to build a profile of you.
We do not collect health data beyond what you voluntarily log, your contacts, your photos, your camera, your microphone, your location, or any advertising identifier. The app does not contain any third-party advertising or behavioural-analytics SDK.
2. How We Use Your Data
- To provide the GymTrack Pro service — log workouts, sync them across your devices, and show your history
- To authenticate you and keep your account secure
- To verify and renew your GymTrack Pro subscription
- To deliver rest-timer push notifications when you have enabled them
- To respond to support requests you send us
- To detect, prevent, and investigate fraud, abuse, or security incidents
We do not sell your personal data, share it with advertisers, or use it for marketing or behavioural profiling.
3. Third-Party Services
We rely on a small number of service providers to operate the app. Each receives only the data it needs for its specific function.
- Apple App Store — handles the actual purchase and renewal of GymTrack Pro subscriptions. Apple processes your payment under its own Privacy Policy; we never receive your card details.
- RevenueCat — manages our subscription entitlements and tells us whether your subscription is active. RevenueCat receives your App-Store-issued user identifier and your subscription transactions, governed by its Privacy Policy.
- Expo push notification service — relays rest-timer notifications to your device. It receives the push token and the notification payload (a short title and body); it does not receive your account information. See Expo's Privacy Policy.
- Cloud hosting provider — our API server and PostgreSQL database run on a third-party cloud platform under standard data-processing terms.
4. Data Storage & Security
Your data is stored in a PostgreSQL database on secured cloud infrastructure. All traffic between the app and our servers is encrypted in transit (HTTPS/TLS). Passwords are hashed with bcrypt before storage; we cannot recover your password if you forget it. Authentication tokens are short-lived JSON Web Tokens (JWTs) signed with a server-side secret.
5. Data Retention
We retain your account and workout data for as long as your account exists. Guest accounts and their data are deleted automatically after a period of inactivity. Server request logs are retained only for as long as needed for security and operational purposes. If you delete your account (see below), all of your data is removed immediately and permanently from our database.
6. Your Rights
- Access & portability — you can export your full workout history as a JSON file from Settings → Export My Data. This feature is included with a GymTrack Pro subscription.
- Deletion — you can permanently delete your account and all associated data from Settings → Delete Account. Deletion is immediate, irreversible, and cascades to all workouts, sessions, sets, settings, and subscription records on our servers.
- Correction — you can update your display name, email, and password at any time in Settings.
- Opt-out of notifications — you can disable push notifications in your device's system settings at any time.
Users in the EU/UK may exercise additional rights under GDPR (including the right to lodge a complaint with their local supervisory authority). California residents may exercise rights under CCPA, including the right to know which categories of personal information we collect (see Section 1) and the right to deletion (see above). To exercise any of these rights, contact us using the email below.
7. International Transfers
Our servers and certain service providers are located in the United States. If you are accessing the app from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
8. Children's Privacy
GymTrack Pro is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via an in-app notification or by updating the "Last updated" date above. Continued use of the app after a change constitutes acceptance of the updated policy.
10. Contact Us
Questions or requests regarding your privacy: gymtrackadmin@gmail.com