Privacy Policy

Introduction

Welcome to PersonalWorkout. We are committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness tracking mobile application and related services.

Please read this Privacy Policy carefully. By using PersonalWorkout, you agree to the collection, use, and sharing of your information as described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address (used as your primary identifier)
• Name (optional, if you choose to provide it)
• Profile photo (optional, if you choose to upload one)
• User preferences and settings

Health and Fitness Data

Collected via Apple HealthKit:

• Workout sessions (duration, type, exercises performed)
• Sets, repetitions, and weight data
• Rest periods between exercises
• Heart rate data (if you authorize HealthKit access)
• Active calories burned
• BMI entries (if you choose to track them)
• Progress photos (if you choose to take them)

Subscription and Billing Information

Processed securely through RevenueCat:

• Subscription status (Free, Pro Monthly, Pro Yearly)
• Purchase transaction records
• Subscription expiration dates

Note: Payment information is processed by Apple through App Store transactions. We do not collect or store your credit card details.

Device and Usage Information

• Device model and operating system version
• App version and build number
• Usage patterns (features used, frequency of use)
• Crash reports and performance data
• Unique device identifiers (for subscription management)

Analytics Data

Through Firebase Analytics (Google):

• Screens viewed and navigation paths
• Feature engagement metrics
• Session duration and frequency
• Error occurrences and app performance

Firebase Analytics may collect information about your device, app usage, and general location (region-level). Firebase does not collect personally identifiable information without your consent.

2. How We Use Your Information

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data on the following legal bases:

1. Contractual Necessity — Processing necessary to provide our Service under our terms
2. Legitimate Interests — Processing for analytics, security, and service improvement
3. Consent — Processing of HealthKit data (you can withdraw consent at any time)

4. Data Sharing and Third Parties

We Share Your Data With:

1. RevenueCat (Subscription Management)

• Purpose: Process subscriptions and manage customer entitlements
• Data Shared: Subscription status, device identifier, purchase events
• Location: United States
• Privacy Policy: RevenueCat Privacy Policy

2. Firebase Analytics (Google LLC)

• Purpose: Understand app usage and improve user experience
• Data Shared: Aggregated, anonymized usage metrics
• Location: United States (with global data processing)
• Privacy Policy: Google Privacy Policy

3. Apple Inc. (HealthKit Integration)

• Purpose: Sync health data with Apple Health app
• Data Shared: Workout and health data (stored locally on your device)
• Location: United States
• Privacy Policy: Apple Privacy Policy

We Do NOT Share Your Data With:

• Advertising networks
• Data brokers
• Third parties for marketing purposes
• Government agencies (unless legally required)

5. Data Retention and Deletion

Retention Periods

Your Right to Deletion

You may request deletion of your personal data at any time. Upon receipt:

1. Free tier workout history is immediately deleted from our servers
2. Account information is removed within 30 days
3. Health data on your device can be deleted through HealthKit settings

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention).

6. Your Privacy Rights

For All Users

Additional Rights for California Residents (CCPA)

If you are a California resident, you have the right to:

• Opt-out of the "sale" of personal information (note: we do not sell data)
• Non-discrimination for exercising privacy rights
• Designate an agent to make requests on your behalf

Additional Rights for EU/UK Residents (GDPR)

If you are an EEA or UK resident, you have the right to:

• Withdraw consent at any time (affects lawful basis for processing)
• Lodge a complaint with a supervisory authority
• Data protection by design and by default (we implement appropriate technical measures)

7. Health Data and HealthKit

HealthKit Integration

PersonalWorkout uses Apple's HealthKit framework to:

1. Read health data from the Health app (if authorized)
2. Write workout data to the Health app
3. Access heart rate, active energy, and other metrics during workouts

Your Control

You decide what health data PersonalWorkout can access:

• HealthKit authorization prompts are presented before any data access
• You can revoke authorization at any time in iOS Settings → Health → Data Access & Devices
• Health data is encrypted and stored locally on your device

8. Data Security

We implement industry-standard security measures to protect your information:

Security Measures

• Encryption: Data is encrypted in transit (TLS) and at rest
• Access controls: Strict authentication and authorization for employee access
• Secure storage: HealthKit data remains on your device with iOS security protections
• Regular audits: We periodically review our security practices

Data Breach Notification

In the event of a data breach affecting your personal information, we will:

1. Notify you within 72 hours (GDPR) or as otherwise required by law
2. Provide details of what happened and what data was affected
3. Explain steps we're taking to address the situation

9. Children's Privacy

PersonalWorkout is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

COPPA Compliance: We do not target our services to children and do not collect information from users under 13.

10. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising from it or your use of PersonalWorkout are governed by:

• Federal and provincial laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA)
• Apple App Store Terms and Conditions (where applicable)

For International Users:

• EU/UK residents: GDPR protections apply
• California residents: CCPA/CPRA rights apply
• Other jurisdictions: Local privacy laws apply

11. Contact Us

For EU/UK Residents:

• EU Representative: Not designated (under GDPR threshold - we offer goods/services to individuals in the EU but do not monitor their behavior on a large scale)
• Complaints: You have the right to lodge a complaint with your local data protection authority

12. Additional Disclosures

Subscription Data

Subscription and billing data is processed through RevenueCat. See RevenueCat's Privacy Policy for details on how they handle subscription data.

Apple App Store

This app is distributed through the Apple App Store. Apple's privacy policy and terms also apply to your use of this app: Apple Privacy Policy