Introduction
Welcome to Personal Workout App. We are committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness tracking mobile application and related services.
Please read this Privacy Policy carefully. By using Personal Workout, you agree to the collection, use, and sharing of your information as described in this policy.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
| Provide and maintain the Service | Account info, workout data | Contractual necessity |
| Track and display your fitness progress | Health data, workout history | Contractual necessity |
| Manage your subscription | Subscription status, device ID | Contractual necessity |
| Sync with Apple Health | Health data | Contractual necessity |
| Provide customer support | Account info, usage data | Legitimate interests |
| Improve app performance | Crash reports, analytics | Legitimate interests |
| Develop new features | Aggregated usage data | Legitimate interests |
Never Sell Your Data: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
3. Legal Basis for Processing (GDPR)
If you are located in the EEA or United Kingdom, we process your data on the following legal bases:
- Contractual Necessity — Processing necessary to provide our Service
- Legitimate Interests — Analytics, security, and service improvement
- Consent — Processing of HealthKit data (you can withdraw at any time)
⚠️ LEGAL REVIEW REQUIRED: GDPR compliance requires specific data processing records and potentially a Data Protection Impact Assessment (DPIA) for health data processing.
4. Data Sharing and Third Parties
We Share Your Data With:
1. RevenueCat (Subscription Management)
- Purpose: Process subscriptions and manage customer entitlements
- Data Shared: Subscription status, device identifier, purchase events
- Location: United States
- Privacy Policy: RevenueCat Privacy Policy
2. Firebase Analytics (Google LLC)
- Purpose: Understand app usage and improve user experience
- Data Shared: Aggregated, anonymized usage metrics
- Location: United States (with global data processing)
- Privacy Policy: Google Privacy Policy
3. Apple Inc. (HealthKit Integration)
- Purpose: Sync health data with Apple Health app
- Data Shared: Workout and health data (stored locally on your device)
- Privacy Policy: Apple Privacy Policy
We Do NOT Share Your Data With:
- Advertising networks
- Data brokers
- Third parties for marketing purposes
- Government agencies (unless legally required)
5. Data Retention and Deletion
| Data Type | Retention Period | Reason |
| Account information | While account is active | Service functionality |
| Workout history | Free tier: 30 days | Pro tier: Indefinite | Feature tier limitations |
| Health data | Stored locally on device | HealthKit guidelines |
| Analytics data | 24 months (aggregated) | Service improvement |
| Subscription records | 3 years after subscription ends | Legal and tax requirements |
Your Right to Deletion
- Free tier workout history is immediately deleted from our servers
- Account information is removed within 30 days
- Health data on your device can be deleted through HealthKit settings
6. Your Privacy Rights
| Right | Description | How to Exercise |
| Access | Request a copy of your data | Email support@pworkoutapp.com |
| Correction | Update inaccurate information | In-app settings or email |
| Deletion | Request deletion of your data | Delete account in settings or email |
| Objections | Object to certain processing | Email support@pworkoutapp.com |
| Restriction | Limit how we use your data | Email support@pworkoutapp.com |
| Portability | Receive your data in a structured format | Email support@pworkoutapp.com |
Additional Rights for California Residents (CCPA)
- Opt-out of the "sale" of personal information (note: we do not sell data)
- Non-discrimination for exercising privacy rights
- Designate an agent to make requests on your behalf
Additional Rights for EU/UK Residents (GDPR)
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
- Data protection by design and by default
7. Health Data and HealthKit
Personal Workout App uses Apple's HealthKit framework to:
- Read health data from the Health app (if authorized)
- Write workout data to the Health app
- Access heart rate, active energy, and other metrics during workouts
Your Control
- HealthKit authorization prompts are presented before any data access
- You can revoke authorization at any time in iOS Settings → Health → Data Access & Devices
- Health data is encrypted and stored locally on your device
⚠️ Important HealthKit Disclosures
- Health data is never transmitted to our servers without your explicit consent
- Health data is never used for advertising purposes
- Health data is never sold to third parties
- You control what data is shared through HealthKit permissions
8. Data Security
- Encryption: Data is encrypted in transit (TLS) and at rest
- Access controls: Strict authentication and authorization for employee access
- Secure storage: HealthKit data remains on your device with iOS security protections
- Regular audits: We periodically review our security practices
Data Breach Notification
In the event of a data breach, we will notify you within 72 hours (GDPR) or as otherwise required by law, providing details of what happened and the steps we're taking to address it.
9. Children's Privacy
Personal Workout App is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
COPPA Compliance: We do not target our services to children and do not collect information from users under 13.
10. Governing Law and Jurisdiction
- Federal and provincial laws of Canada, including PIPEDA
- Apple App Store Terms and Conditions (where applicable)
For International Users:
- EU/UK residents: GDPR protections apply
- California residents: CCPA/CPRA rights apply
- Other jurisdictions: Local privacy laws apply