Introduction
Welcome to GymMark. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our iOS fitness tracking application.
GymMark is designed with privacy in mind. We offer a Guest Mode that allows you to use the app completely offline without creating an account. All data remains on your device.
1. Information We Collect
1.1 Account Information (Optional - Only if You Sign Up)
- Email address - For email/password authentication
- Display name - Your chosen name for the account
- Authentication provider information - If you sign in with Apple or Google
- User ID - A unique identifier assigned by our authentication system
- Account creation date - When you first created your account
1.2 Profile Information
- First and last name - For personalization
- Gender - Used for TDEE (Total Daily Energy Expenditure) calculations
- Age - Used for TDEE calculations
- Height - Stored in centimeters, displayed in your preferred units
- Current weight - Stored in kilograms, displayed in your preferred units
1.3 Health & Fitness Data
- Weight tracking data - Date, weight measurements, and optional notes
- Body composition data (optional, from Apple Health) - Body fat percentage, lean body mass, BMI
- Nutrition data (optional) - Daily calorie intake, macronutrients (protein, carbohydrates, fats)
- Workout data - Workout names, dates, duration, exercises performed, sets, reps, weight used, rest times, personal records, and notes
- Training programs - Workout templates, training splits, and custom exercises
1.4 Usage Data & Preferences
- App preferences - Measurement units (kg/lbs), language (English/French/Spanish), dark mode, week start day
- Fitness goals - Weight goal (loss/gain/maintain), TDEE data, activity level, weekly weight targets
- Feature settings - Double progression enabled/disabled, Apple Health sync status, onboarding progress
1.5 Device Information (Automatically Collected)
When using Firebase services, the following may be automatically collected:
- Device type and operating system version
- IP address (for authentication security)
- App version and crash data (for debugging)
Note: We have explicitly disabled Firebase Analytics and advertising features.
2. How We Use Your Information
We use the collected information for the following purposes:
- App functionality - To provide workout tracking, progress monitoring, and fitness calculations
- Cloud synchronization - To sync your data across your devices (only if you sign up for an account)
- TDEE & calorie calculations - To provide personalized nutrition recommendations based on your profile and goals
- Apple Health integration - To read and write health data with your explicit permission
- Account management - To authenticate you and maintain your account
- App improvement - To fix bugs and improve performance (no tracking or analytics)
- Customer support - To respond to your inquiries and provide assistance
We do NOT use your data for:
- ❌ Advertising or marketing
- ❌ Selling to third parties
- ❌ Analytics or user tracking
- ❌ AI training or machine learning
3. How We Store Your Data
3.1 Local Storage (On Your Device)
All data is stored locally on your device using iOS's UserDefaults system. This includes:
- All workout history and templates
- Weight entries and body measurements
- User preferences and settings
- Custom exercises
Guest Mode: If you use Guest Mode (no account), ALL data remains exclusively on your device and is never transmitted to our servers.
3.2 Cloud Storage (Optional - Only for Signed-In Users)
If you create an account, your data is synced to Google Firebase Firestore, which provides:
- Automatic backup - Your data is safely backed up in the cloud
- Multi-device sync - Access your workouts from any device where you sign in
- Data recovery - Restore your data if you get a new device
Firebase is a secure, industry-standard cloud platform provided by Google. Data is stored in Google's data centers with enterprise-grade security.
3.3 Apple Health (Optional)
If you enable Apple Health integration:
- Data we read: Weight, body composition, nutrition data
- Data we write: Workout sessions and active energy burned
- All data is stored according to Apple's privacy policies
- You can revoke access at any time in iOS Settings
4. Third-Party Services
GymMark integrates with the following third-party services:
4.1 Firebase (by Google)
Purpose: User authentication and cloud data synchronization
Data shared: Account information, workout data, preferences (only if you sign up)
Privacy policy: https://firebase.google.com/support/privacy
Note: We have disabled Firebase Analytics and advertising features.
4.2 Google Sign-In
Purpose: Optional authentication method
Data shared: Google account email, profile name, OAuth tokens
Privacy policy: https://policies.google.com/privacy
4.3 Sign in with Apple
Purpose: Optional authentication method (recommended)
Data shared: Apple ID credentials, optional email (you control this)
Privacy policy: https://www.apple.com/legal/privacy/
4.4 Apple HealthKit
Purpose: Optional bidirectional health data sync
Data shared: Weight, body composition, nutrition, workout sessions
Privacy policy: https://www.apple.com/legal/privacy/data/en/health-kit/
Control: Manage permissions in iOS Settings > Privacy & Security > Health
4.5 Wger Exercise Database
Purpose: Exercise library (687 exercises)
Data shared: None - we only download the exercise catalog
Website: https://wger.de
Note: This is an open-source, community-driven exercise database. No user data is transmitted.
5. Data Sharing & Disclosure
We do NOT sell, rent, or trade your personal information to third parties.
When We May Share Data:
- Service providers - Firebase/Google (only as necessary to provide cloud sync services)
- Legal requirements - If required by law, court order, or government regulation
- Safety & security - To protect the rights, property, or safety of GymMark, our users, or others
- Business transfers - In the event of a merger, acquisition, or sale of assets (users would be notified)
What We Never Share:
- ❌ Your data with advertisers
- ❌ Your data with data brokers
- ❌ Your health and fitness information for marketing purposes
- ❌ Your personal information for any purpose other than providing the app service
6. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit - All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Encryption at rest - Firebase stores data with encryption
- Authentication security - OAuth 2.0, cryptographically secure tokens, Firebase Authentication
- User data isolation - Each user's data is scoped by unique user ID
- Minimal data collection - We only collect what's necessary for app functionality
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Privacy Rights & Choices
7.1 Access Your Data
You can view all your data within the app at any time.
7.2 Export Your Data
GymMark includes a CSV export feature that allows you to export your workout history and weight data to a file.
7.3 Delete Your Data
- In-app account deletion: Go to Settings → Account → Delete Account to permanently delete your account and all associated data from our servers. This action cannot be undone.
- Local data: Uninstall the app to delete all local data from your device
- Cloud data: Automatically deleted when you delete your account through the app
- Alternative: You may also email us at billsteindev@gmail.com to request account deletion
7.4 Opt-Out of Cloud Sync
Use Guest Mode to keep all data local on your device. No cloud sync, no account required.
7.5 Control Apple Health Access
You can enable/disable Apple Health sync at any time in the app settings or iOS Settings > Privacy & Security > Health.
7.6 Your Legal Rights (GDPR - EU Users)
If you are in the European Economic Area (EEA), you have the following rights:
- Right to access - Request a copy of your data
- Right to rectification - Correct inaccurate data
- Right to erasure - Request deletion of your data
- Right to restrict processing - Limit how we use your data
- Right to data portability - Receive your data in a portable format (CSV export)
- Right to object - Object to processing of your data
- Right to withdraw consent - Withdraw consent at any time
To exercise these rights, contact us at billsteindev@gmail.com.
7.7 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect
- Know whether we sell or share personal information (we don't)
- Access your personal information
- Request deletion of your personal information
- Non-discrimination for exercising your rights
8. Data Retention
We retain your data as follows:
- Local data: Stored on your device until you delete the app or clear the data
- Cloud data (Firebase): Stored indefinitely until you request deletion
- Account data: Retained until you request account deletion
- Deleted data: Permanently deleted from Firebase within 30 days of your request
We may retain certain data for longer periods if required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).
9. Children's Privacy
GymMark is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.
Minimum age: 13 years old (or the minimum age required in your jurisdiction)
10. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Firebase/Google) operate data centers.
These countries may have different data protection laws than your country. By using GymMark, you consent to the transfer of your data to these countries.
We ensure that appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws.
11. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via the app or email
- Your continued use of the app after changes constitutes acceptance of the updated policy
We encourage you to review this privacy policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
- Email: billsteindev@gmail.com
- Developer: Bill Stein
- App: GymMark
We will respond to your inquiry within 30 days.
13. Summary - Your Privacy at a Glance
✓ Account Deletion: Delete your account and all data directly in the app
✓ Guest Mode Available: Use the app completely offline with no account
✓ Local-First Design: All data stored on your device first
✓ Optional Cloud Sync: Only if you choose to create an account
✓ No Analytics: We don't track your usage or behavior
✓ No Ads: We don't show ads or share data with advertisers
✓ Data Export: Export your data anytime in CSV format
✓ User Control: You decide what data to share and with whom