Privacy Policy

GymMark

Last Updated: December 26, 2025

Introduction

Welcome to GymMark. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our iOS fitness tracking application.

GymMark is designed with privacy in mind. We offer a Guest Mode that allows you to use the app completely offline without creating an account. All data remains on your device.

1. Information We Collect

1.1 Account Information (Optional - Only if You Sign Up)

  • Email address - For email/password authentication
  • Display name - Your chosen name for the account
  • Authentication provider information - If you sign in with Apple or Google
  • User ID - A unique identifier assigned by our authentication system
  • Account creation date - When you first created your account

1.2 Profile Information

  • First and last name - For personalization
  • Gender - Used for TDEE (Total Daily Energy Expenditure) calculations
  • Age - Used for TDEE calculations
  • Height - Stored in centimeters, displayed in your preferred units
  • Current weight - Stored in kilograms, displayed in your preferred units

1.3 Health & Fitness Data

  • Weight tracking data - Date, weight measurements, and optional notes
  • Body composition data (optional, from Apple Health) - Body fat percentage, lean body mass, BMI
  • Nutrition data (optional) - Daily calorie intake, macronutrients (protein, carbohydrates, fats)
  • Workout data - Workout names, dates, duration, exercises performed, sets, reps, weight used, rest times, personal records, and notes
  • Training programs - Workout templates, training splits, and custom exercises

1.4 Usage Data & Preferences

  • App preferences - Measurement units (kg/lbs), language (English/French/Spanish), dark mode, week start day
  • Fitness goals - Weight goal (loss/gain/maintain), TDEE data, activity level, weekly weight targets
  • Feature settings - Double progression enabled/disabled, Apple Health sync status, onboarding progress

1.5 Device Information (Automatically Collected)

When using Firebase services, the following may be automatically collected:

  • Device type and operating system version
  • IP address (for authentication security)
  • App version and crash data (for debugging)

Note: We have explicitly disabled Firebase Analytics and advertising features.

2. How We Use Your Information

We use the collected information for the following purposes:

  • App functionality - To provide workout tracking, progress monitoring, and fitness calculations
  • Cloud synchronization - To sync your data across your devices (only if you sign up for an account)
  • TDEE & calorie calculations - To provide personalized nutrition recommendations based on your profile and goals
  • Apple Health integration - To read and write health data with your explicit permission
  • Account management - To authenticate you and maintain your account
  • App improvement - To fix bugs and improve performance (no tracking or analytics)
  • Customer support - To respond to your inquiries and provide assistance

We do NOT use your data for:

  • ❌ Advertising or marketing
  • ❌ Selling to third parties
  • ❌ Analytics or user tracking
  • ❌ AI training or machine learning

3. How We Store Your Data

3.1 Local Storage (On Your Device)

All data is stored locally on your device using iOS's UserDefaults system. This includes:

  • All workout history and templates
  • Weight entries and body measurements
  • User preferences and settings
  • Custom exercises

Guest Mode: If you use Guest Mode (no account), ALL data remains exclusively on your device and is never transmitted to our servers.

3.2 Cloud Storage (Optional - Only for Signed-In Users)

If you create an account, your data is synced to Google Firebase Firestore, which provides:

  • Automatic backup - Your data is safely backed up in the cloud
  • Multi-device sync - Access your workouts from any device where you sign in
  • Data recovery - Restore your data if you get a new device

Firebase is a secure, industry-standard cloud platform provided by Google. Data is stored in Google's data centers with enterprise-grade security.

3.3 Apple Health (Optional)

If you enable Apple Health integration:

  • Data we read: Weight, body composition, nutrition data
  • Data we write: Workout sessions and active energy burned
  • All data is stored according to Apple's privacy policies
  • You can revoke access at any time in iOS Settings

4. Third-Party Services

GymMark integrates with the following third-party services:

4.1 Firebase (by Google)

Purpose: User authentication and cloud data synchronization

Data shared: Account information, workout data, preferences (only if you sign up)

Privacy policy: https://firebase.google.com/support/privacy

Note: We have disabled Firebase Analytics and advertising features.

4.2 Google Sign-In

Purpose: Optional authentication method

Data shared: Google account email, profile name, OAuth tokens

Privacy policy: https://policies.google.com/privacy

4.3 Sign in with Apple

Purpose: Optional authentication method (recommended)

Data shared: Apple ID credentials, optional email (you control this)

Privacy policy: https://www.apple.com/legal/privacy/

4.4 Apple HealthKit

Purpose: Optional bidirectional health data sync

Data shared: Weight, body composition, nutrition, workout sessions

Privacy policy: https://www.apple.com/legal/privacy/data/en/health-kit/

Control: Manage permissions in iOS Settings > Privacy & Security > Health

4.5 Wger Exercise Database

Purpose: Exercise library (687 exercises)

Data shared: None - we only download the exercise catalog

Website: https://wger.de

Note: This is an open-source, community-driven exercise database. No user data is transmitted.

5. Data Sharing & Disclosure

We do NOT sell, rent, or trade your personal information to third parties.

When We May Share Data:

  • Service providers - Firebase/Google (only as necessary to provide cloud sync services)
  • Legal requirements - If required by law, court order, or government regulation
  • Safety & security - To protect the rights, property, or safety of GymMark, our users, or others
  • Business transfers - In the event of a merger, acquisition, or sale of assets (users would be notified)

What We Never Share:

  • ❌ Your data with advertisers
  • ❌ Your data with data brokers
  • ❌ Your health and fitness information for marketing purposes
  • ❌ Your personal information for any purpose other than providing the app service

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit - All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Encryption at rest - Firebase stores data with encryption
  • Authentication security - OAuth 2.0, cryptographically secure tokens, Firebase Authentication
  • User data isolation - Each user's data is scoped by unique user ID
  • Minimal data collection - We only collect what's necessary for app functionality

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights & Choices

7.1 Access Your Data

You can view all your data within the app at any time.

7.2 Export Your Data

GymMark includes a CSV export feature that allows you to export your workout history and weight data to a file.

7.3 Delete Your Data

  • In-app account deletion: Go to Settings → Account → Delete Account to permanently delete your account and all associated data from our servers. This action cannot be undone.
  • Local data: Uninstall the app to delete all local data from your device
  • Cloud data: Automatically deleted when you delete your account through the app
  • Alternative: You may also email us at billsteindev@gmail.com to request account deletion

7.4 Opt-Out of Cloud Sync

Use Guest Mode to keep all data local on your device. No cloud sync, no account required.

7.5 Control Apple Health Access

You can enable/disable Apple Health sync at any time in the app settings or iOS Settings > Privacy & Security > Health.

7.6 Your Legal Rights (GDPR - EU Users)

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to access - Request a copy of your data
  • Right to rectification - Correct inaccurate data
  • Right to erasure - Request deletion of your data
  • Right to restrict processing - Limit how we use your data
  • Right to data portability - Receive your data in a portable format (CSV export)
  • Right to object - Object to processing of your data
  • Right to withdraw consent - Withdraw consent at any time

To exercise these rights, contact us at billsteindev@gmail.com.

7.7 California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Know whether we sell or share personal information (we don't)
  • Access your personal information
  • Request deletion of your personal information
  • Non-discrimination for exercising your rights

8. Data Retention

We retain your data as follows:

  • Local data: Stored on your device until you delete the app or clear the data
  • Cloud data (Firebase): Stored indefinitely until you request deletion
  • Account data: Retained until you request account deletion
  • Deleted data: Permanently deleted from Firebase within 30 days of your request

We may retain certain data for longer periods if required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

9. Children's Privacy

GymMark is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

Minimum age: 13 years old (or the minimum age required in your jurisdiction)

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Firebase/Google) operate data centers.

These countries may have different data protection laws than your country. By using GymMark, you consent to the transfer of your data to these countries.

We ensure that appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via the app or email
  • Your continued use of the app after changes constitutes acceptance of the updated policy

We encourage you to review this privacy policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

13. Summary - Your Privacy at a Glance

✓ Account Deletion: Delete your account and all data directly in the app

✓ Guest Mode Available: Use the app completely offline with no account

✓ Local-First Design: All data stored on your device first

✓ Optional Cloud Sync: Only if you choose to create an account

✓ No Analytics: We don't track your usage or behavior

✓ No Ads: We don't show ads or share data with advertisers

✓ Data Export: Export your data anytime in CSV format

✓ User Control: You decide what data to share and with whom