Privacy Policy
At Gymero, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness platform, including our website, mobile applications, and related services.
Please read this Privacy Policy carefully. By using Gymero, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
1. Introduction
Gymero ("we," "us," or "our") operates an AI-powered fitness platform that provides personalized workout plans, nutrition guidance, progress tracking, and related services (collectively, the "Service").
This Privacy Policy applies to all information collected through our Service, including:
- Our website and web application
- Mobile applications (iOS and Android)
- Connected third-party services and integrations
- Email and other communications
We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this policy or our practices, please contact us using the information provided at the end of this document.
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide when using our Service:
Account Information
- Email address
- Password (stored as a secure hash)
- Name and display name
- Profile picture (optional)
Profile & Fitness Data
- Age, gender, height, and weight
- Fitness goals and experience level
- Dietary preferences and restrictions
- Available equipment and gym access
- Medical conditions or injuries (optional)
Activity Data
- Workout logs and exercise history
- Nutrition tracking and meal logs
- Progress photos (optional)
- Body measurements over time
- Personal records and achievements
Payment Information
- Transaction history and credit purchases
- Billing information (processed by Stripe)
Note: We do not store complete credit card numbers. Payment processing is handled securely by Stripe.
2.2 Information Collected Automatically
When you access the Service, we automatically collect certain information:
- Device Information: Device type, operating system, browser type, unique device identifiers
- Usage Data: Pages visited, features used, time spent, click patterns
- Log Data: IP address, access times, referring URLs, error logs
- Location Data: General location based on IP address (not precise GPS)
2.3 Information from Third Parties
If you connect third-party services, we may receive:
- Wearable Devices: Sleep data, heart rate, steps, activity metrics from Fitbit, Garmin, Apple Health, Google Fit, Whoop, Oura, and similar devices
- Authentication Providers: Basic profile information if you sign in with Google or Apple
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Provide and Improve the Service
- Generate personalized AI workout plans tailored to your goals
- Create customized nutrition and meal plans
- Track your fitness progress over time
- Calculate readiness scores and recovery recommendations
- Provide AI-powered fitness coaching and advice
- Improve our algorithms and recommendation systems
3.2 Account Management
- Create and manage your account
- Process transactions and manage credits
- Authenticate your identity and prevent fraud
- Provide customer support
3.3 Communications
- Send workout reminders and notifications (if enabled)
- Provide progress updates and weekly reports
- Respond to your inquiries and requests
- Send important service announcements
- Marketing communications (with your consent)
3.4 Analytics and Research
- Analyze usage patterns to improve user experience
- Conduct aggregated, anonymized research
- Monitor and improve Service performance
- Develop new features and services
3.5 Legal and Safety
- Comply with legal obligations
- Enforce our Terms of Service
- Protect against fraudulent or illegal activity
- Ensure the safety and security of users
5. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy.
5.1 Active Accounts
While your account is active, we retain all data necessary to provide the Service, including your profile, workout history, and progress data.
5.2 Account Deletion
When you delete your account:
- Personal profile data is deleted within 30 days
- Workout and nutrition logs are permanently removed
- Progress photos are deleted from our servers
- Anonymized, aggregated data may be retained for analytics
5.3 Legal Retention
Some data may be retained longer as required by law, including:
- Transaction records (for tax and accounting purposes)
- Communications related to disputes or legal matters
- Data necessary for fraud prevention
5.4 Backup Systems
Deleted data may persist in backup systems for up to 90 days before being permanently removed. During this time, the data is not accessible or used.
6. Data Security
We implement industry-standard security measures to protect your information:
Encryption
All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Secure Authentication
Passwords are hashed using bcrypt. Two-factor authentication available.
Access Controls
Strict access controls and authentication for all systems
Monitoring
Continuous monitoring for security threats and vulnerabilities
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have certain rights regarding your personal information:
7.1 Access and Portability
You can access your data at any time through your account settings. You can export your data in a machine-readable format (JSON) using the Data Export feature.
7.2 Correction
You can update or correct your personal information through your account settings at any time.
7.3 Deletion
You can request deletion of your account and associated data through the Settings page. Some data may be retained as described in Section 5.
7.4 Opt-Out
You can opt out of:
- Marketing emails: Unsubscribe link in emails or notification settings
- Push notifications: Device settings or app preferences
- Analytics: Privacy settings in your account
7.5 Restriction and Objection
You may request that we restrict or stop processing your data in certain circumstances. Contact us to make such a request.
7.6 Exercising Your Rights
To exercise any of these rights, please contact us at support@gymero.fitness or use the relevant features in your account settings. We will respond to requests within 30 days.
For EU/EEA Residents (GDPR)
You have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority.
For California Residents (CCPA)
You have the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information. We do not sell personal information.
9. Third-Party Services
Our Service integrates with third-party services. These services have their own privacy policies that govern their data practices:
9.1 Payment Processing
Stripe: Handles all payment processing. View their privacy policy at stripe.com/privacy
9.2 Wearable Integrations
- Fitbit: Fitbit Privacy Policy
- Garmin: Garmin Privacy Policy
- Apple Health: Apple Privacy Policy
- Google Fit: Google Privacy Policy
9.3 AI Services
We use AI services to generate workout and meal plans. Prompts sent to these services do not include personally identifiable information.
9.4 Links to Other Sites
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.
10. Children's Privacy
Gymero is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child under 13, we will delete that information promptly.
Users between 13 and 18 years of age may use the Service only with parental consent and supervision.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
When we transfer data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses approved by regulatory authorities
- Data processing agreements with service providers
- Compliance with applicable data protection frameworks
By using the Service, you consent to the transfer of your information to countries outside your country of residence, including the United States.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
- Displaying a notice within the Service
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
privacy@gymero.fitness
Gymero Fitness
123 Fitness Street
Health City, HC 12345
dpo@gymero.fitness
We aim to respond to all privacy-related inquiries within 30 days.
Your privacy is important to us. Thank you for trusting Gymero with your fitness journey.