Legal

Privacy Policy

Last updated: March 15, 2026

1. Introduction

Welcome to GymProof ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, and share information when you use our mobile application GymProof (the "App") and related services.

By using GymProof, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Information You Provide

  • Account information: When you register, we collect your email address and a password hash (we never store plain-text passwords).
  • Gym locations: You voluntarily add the GPS coordinates and names of your gyms.
  • Profile data: Optional display name or avatar you choose to set.

2.2 Information Collected Automatically

  • Location data: With your explicit permission, we collect GPS coordinates in the background to detect when you enter and leave gym geofences. We only record entry/exit events; we do not store a continuous location history.
  • Session data: Session start/end times, duration, and whether a session meets validity thresholds (≥ 30 minutes full, ≥ 20 minutes partial).
  • Device information: Device model, OS version, and anonymous install ID used for crash reporting and analytics.
  • Usage analytics: Aggregate, anonymized feature usage data (e.g., screens visited, button taps) to improve the App.

2.3 Subscription & Payment Data

Payments for GymProof Pro are processed by Apple (App Store) or Google (Google Play) and by RevenueCat as our subscription management platform. We do not collect or store your payment card details. We receive a subscription status (active / expired / trial) and the product purchased.

3. How We Use Your Information

  • Provide and maintain the App and its features.
  • Detect gym sessions via geofencing and award points / streaks.
  • Sync your data across devices (Pro feature).
  • Send transactional emails (e.g., email confirmation, magic link sign-in).
  • Analyse aggregate usage to improve user experience.
  • Respond to support requests.
  • Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

4. Location Data

GymProof requests the "Always On" location permission solely to detect when you arrive at or leave a registered gym — even when the App is in the background. This is the core functionality of the App.

Location data is processed on-device. Only the timestamp and gym ID of entry/exit events are sent to our servers — never raw GPS coordinates.

You may revoke location permission at any time in your device settings. Revoking this permission will disable automatic session tracking; you will need to log sessions manually.

5. Data Retention

  • Account data: Retained until you delete your account.
  • Session history: Retained for the lifetime of your account.
  • Crash & analytics logs: Retained for up to 90 days in aggregated form.

When you delete your account, all personal data associated with it is permanently deleted from our servers within 30 days, except where retention is required by law.

6. Data Sharing

We share data only with trusted service providers necessary to operate the App:

  • Supabase — backend database and authentication.
  • RevenueCat — subscription management.
  • Google AdMob — ads shown to free-tier users (ad identifiers only; no location data).
  • Crash reporting service — anonymous crash diagnostics.

All service providers are contractually obligated to process data solely for the purpose of providing their services to us and in compliance with applicable data protection laws.

7. Children's Privacy

GymProof is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability (receive a copy of your data in a machine-readable format).

To exercise any of these rights, contact us at privacy@gyproof.info.

9. Security

We implement industry-standard security measures including HTTPS/TLS in transit, encryption at rest for sensitive fields, and row-level security in our database. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending an in-app notification. Continued use of the App after changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: