Privacy Policy

Last updated: May 26, 2026

1. Introduction

GymPsycho ("we", "our", or "the app") is committed to protecting your privacy. This Privacy Policy explains how we handle your data when you use GymPsycho on iOS and Android.

2. Data We Collect

We do not collect any personal data.

GymPsycho operates entirely on your device. All your workout data, including:

• Training sessions and exercises
• Personal records (PRs)
• Gym configurations
• Training plans
• Your athlete name (optional)

...is stored locally on your device. On iOS, data can optionally be synced to your personal iCloud account. On Android, data is backed up automatically via Android Auto Backup to your Google account.

3. Data Sync & Backup

iOS: iCloud Sync

If you enable iCloud sync, your data is stored in your private iCloud container. This means:

• Only you have access to your data
• Data is encrypted by Apple
• We cannot access your iCloud data
• Sync happens automatically between your devices

Android: Auto Backup

On Android, your app data is automatically backed up to your Google account via Android Auto Backup. This means:

• Backups are encrypted and stored in your personal Google account
• Only you have access to your backup data
• We cannot access your backup data
• Data is restored automatically when you reinstall the app

4. Health Data Integration

GymPsycho can optionally integrate with Apple HealthKit (iOS) and Health Connect (Android) to enhance your workout tracking experience. All health data integrations are optional and require your explicit permission before any data is accessed. Health data is processed entirely on your device and is never transmitted to external servers, collected by us, or shared with third parties.

iOS: Apple HealthKit

GymPsycho can optionally integrate with Apple HealthKit to:

• Read sleep data to calculate a recovery score
• Read body weight for calorie estimation and trend analysis
• Read step count to display daily activity
• Read heart rate during workout time windows
• Write workout data (calories, distance) to Activity Rings

Android: Health Connect

GymPsycho integrates with Health Connect using the minimum permissions required for its fitness tracking features. The app requests access to exactly six Health Connect permissions:

Read Permissions (4):

• Steps (READ_STEPS): Reads your daily step count to display on the training screen, helping you track overall physical activity alongside your gym workouts. Step history is also used in PDF workout reports to show activity trends over time.
• Sleep (READ_SLEEP): Reads sleep session data, including sleep stages (light, deep, REM, awake), to calculate a sleep quality score (0–100). This score is displayed before your workout to help you understand recovery status and adjust training intensity accordingly.
• Weight (READ_WEIGHT): Reads your current body weight and weight history. Current weight is used to estimate calories burned during workouts (based on MET calculations). Weight history powers the Body Weight Intelligence feature, which detects phases (gaining, losing, maintaining) and analyzes trends over time. Weight data also appears in PDF workout reports.
• Heart Rate (READ_HEART_RATE): Reads heart rate samples recorded during your workout time window (from workout start to workout end) by connected devices such as fitness trackers or smartwatches. Average and peak heart rate are displayed in your workout summary after finishing a session.

Write Permissions (2):

• Active Calories Burned (WRITE_ACTIVE_CALORIES_BURNED): After completing a strength or cardio workout, GymPsycho exports the estimated calories burned to Health Connect. This allows your workout energy expenditure to appear alongside data from other fitness apps in a unified view.
• Distance (WRITE_DISTANCE): After completing a cardio exercise (treadmill, stationary bike, rowing machine, elliptical, stair machine), GymPsycho exports the distance covered to Health Connect. This is only written when you log a cardio exercise with a distance value.

How Health Data Is Handled

• Local processing only: All health data is read from HealthKit or Health Connect, processed on your device, and displayed in the app. It is never sent to any server.
• No collection: We do not collect, store, or retain copies of your health data. Data is read on demand and displayed in the current session only.
• No sharing: Health data from HealthKit or Health Connect is never shared with third parties, advertisers, or any external services. This includes RevenueCat (our subscription service), which has no access to health data.
• No selling: We do not sell health data. We will never sell health data.
• User control: You can revoke health data permissions at any time through your device settings (iOS: Settings > Health > GymPsycho, Android: Settings > Health Connect > App permissions). The app continues to function fully without health data access — all core features (workout logging, PR detection, training plans) work independently.
• Data deletion: Since we do not store copies of health data, there is nothing to delete on our side. To remove data written by GymPsycho to Health Connect (calories, distance), you can delete it directly in the Health Connect app.

5. Analytics & Tracking

We do not use any analytics or tracking tools.

GymPsycho does not include:

• Google Analytics
• Facebook Pixel
• Behavioral analytics SDKs (Mixpanel, Amplitude, Segment, etc.)
• Advertising or attribution SDKs

Crash Reporting (Sentry)

To keep the app stable, GymPsycho uses Sentry for privacy-respecting crash reporting. We deliberately keep this minimal:

• What is sent: only anonymous crash diagnostics — error type, stack trace, app version, OS version, device model. A small sample (~5%) of performance traces (screen-load timings) is included to detect freezes.
• What is NOT sent: no workout data, no PRs, no plans, no gym names, no athlete name, no health data, no email address, no IP-based personal identifiers, no advertising IDs.
• Anonymous user IDs: Sentry generates a random per-install identifier (no email, no account) only to group repeated crashes from the same device. This identifier cannot be traced back to a person.
• Retention: 90 days, then automatically purged.
• Why we keep it: without crash data, we'd be unable to detect or fix crashes you experience. This is the minimum needed for a reliable app.
• Provider: see Sentry's Privacy Policy. Sentry is GDPR + CCPA compliant.

6. Advertisements

GymPsycho contains no advertisements.

We don't show ads, and we never will. Your training experience stays clean and distraction-free.

7. Third-Party Services

GymPsycho uses the following external services:

Apple iCloud (iOS, optional)

For data sync between your devices. Your data is stored in your private iCloud container and protected by Apple's privacy policies. We cannot access your iCloud data.

Google Auto Backup (Android)

For automatic data backup to your Google account. Backups are encrypted and managed by Google. We cannot access your backup data.

RevenueCat (for subscriptions)

We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat:

• Uses anonymous user identifiers only
• Does not receive personal workout data
• Processes purchase transactions securely
• Is compliant with GDPR and CCPA

For more information, see RevenueCat's Privacy Policy.

Sentry (for crash reporting)

We use Sentry to detect and fix app crashes. As described in Section 5, only anonymous crash diagnostics are transmitted — never workout, health or personal data. Sentry retains this data for 90 days and is GDPR + CCPA compliant. See Sentry's Privacy Policy.

GymPsycho Squad (Promo Code Program)

GymPsycho includes an optional Promo Code Program ("GymPsycho Squad") that lets you share a code with up to 5 friends, who each receive 3 months of GymPsycho Pro for free. Once 5 friends activate Pro through your code, you receive 1 year of GymPsycho Pro for free. The program is powered by a small backend service ("Squad Engine") hosted on Cloudflare.

What we store about you:

• Your RevenueCat anonymous user ID — the same anonymous identifier RevenueCat already uses to manage your subscription (no email, no name, no personal info). This is the primary key to recognise you across devices.
• Your generated 7-character promo code (e.g. AAA0001) — randomly assigned, no link to your identity.
• A counter (0–5) tracking how many friends have activated Pro through your code.
• Timestamps of code generation, redemption events, and reward grants.

What we store about a friend redeeming a code:

• The friend's RevenueCat anonymous user ID + the redeemed code (so we can grant the 3-month Pro trial to the right account and prevent double-redemption).
• A one-way hash of the device identifier (iOS IDFV / Android Advertising ID — hashed with a secret salt before storage; the original identifier is never retained).
• A one-way hash of the IP address (hashed with the same secret salt; the original IP is never retained).

Why the device + IP hashes: these hashes are used exclusively for fraud prevention — to make it harder for the same person to claim multiple Pro trials by switching accounts on the same device or home network. They are never used for tracking, advertising, profiling, or any other purpose. Because the hashes are one-way (cannot be reversed), they cannot be linked back to a specific device or IP address — only future hashes from the same device/network can be matched against them. Up to 2 redemptions from the same IP-hash within 24h are allowed (legitimate family/household case); beyond that the redemption is blocked as anti-fraud.

What we DO NOT store: no name, no email, no plaintext device IDs, no plaintext IP addresses, no workout data, no health data, no advertising IDs, no cross-app tracking identifiers. Squad Engine has no analytics SDKs, no third-party trackers, and no advertising integrations.

Where the data lives: Cloudflare D1 (SQL database) hosted in the EU edge region (Eastern Europe / Zurich). Encrypted in transit (HTTPS) and at rest. Cloudflare is GDPR-compliant — see Cloudflare's Privacy Policy.

How long we keep it: Squad Engine data is retained as long as you actively use GymPsycho. If you uninstall the app or request a data deletion (Section 8 below), your row in the Squad Engine database is purged on next maintenance window. Anti-fraud hash records are kept for 30 days and then automatically purged — they have no long-term value.

Persistence across reinstall and device changes (Anonymous-by-Design trade-off): GymPsycho is fully anonymous — there is no account system, no email signup, no password. The only persistent identifier is the one RevenueCat already uses to manage your subscription. This has direct consequences for your Squad-State:

• Pro users (paid or trial): your Squad code, counter, and reward state stay preserved across app reinstalls and device switches — as long as you use the same Apple ID (on iOS) or the same Google account (on Android). This works because the Apple/Google receipt restore brings back the same persistent RevenueCat user ID that the Squad Engine database is keyed on.
• Anonymous users (Free): if you uninstall and reinstall the app, or move to a new device, a fresh anonymous RevenueCat identifier is generated. Your previous Squad code stays in our database but is no longer reachable from the new install — you will start a new code cycle from 0/5. This is a structural property of anonymous-first apps and is the conscious trade-off we accept in exchange for not requiring an account.
• Cross-platform switch (iOS ↔ Android): Apple and Google receipts are not interoperable. Switching platforms means your Pro subscription must be re-purchased on the new platform AND your Squad-State starts fresh — this is an Apple/Google ecosystem limitation, not a GymPsycho restriction.

It's optional: if you never share your code and never redeem someone else's code, Squad Engine stores only your anonymous code + counter (which stay at 0). You can simply ignore the program — no impact on the rest of the app. If you actively want the data removed, see Section 8.

8. Data Deletion

GymPsycho does not store any of your workout data on our servers — there are no user accounts and no central database. Your data lives entirely on your device (and optionally in your private iCloud or Google Auto Backup, if you've enabled those). You have full control to delete it at any time.

How to delete your data

Option 1 — In-app reset (recommended, fastest):

1. Open GymPsycho on your device.
2. Tap Settings (bottom navigation).
3. Scroll to Reset App → "Delete all data and start fresh".
4. Confirm twice. All gyms, training plans, sessions, PRs and personal info are permanently deleted from the device.

Option 2 — Uninstall the app:

Uninstalling GymPsycho removes all locally stored data immediately. iCloud sync data (iOS) can additionally be removed via iOS Settings → [your name] → iCloud → Manage Account Storage → GymPsycho → Delete Data. Android Auto Backup data is removed via your Google account → Backup → Apps data.

Option 3 — Web request (if you've already uninstalled the app):

Email support@gympsycho.com with subject line "Data Deletion Request". Since GymPsycho does not store data on our servers, there is no server-side wipe to perform — but we will confirm receipt within 7 days and walk you through any remaining cleanup (iCloud, Google Backup, RevenueCat subscription cancellation if applicable).

What is deleted

• All workout sessions, PRs, training plans, gyms, exercise history
• Athlete name, app preferences, onboarding state
• Health Connect / HealthKit data written by GymPsycho (calories, distance) — must be removed via the Health Connect or Apple Health app since the data lives there, not in GymPsycho
• Subscription data on RevenueCat — cancelled and anonymized at subscription end
• Squad Engine data (Promo Code Program) — your code, counter, redemption history, and any anti-fraud hashes are purged on the next maintenance window after a deletion request reaches us at support@gympsycho.com. Anti-fraud hashes self-purge after 30 days regardless.

What is NOT deleted (and why)

• Apple HealthKit / Health Connect data not written by GymPsycho: lives in your platform's health database, governed by Apple/Google, not by GymPsycho.
• Aggregated, anonymized crash diagnostics: retained for 90 days as required for app stability monitoring; not linked to any personally identifiable information.

How long it takes

• Options 1 & 2: Immediate. Local data is wiped synchronously.
• Option 3: Confirmation within 7 days, full cleanup walkthrough within 14 days.

Soft delete (in-app trash)

Within the app, deleted gyms, plans and workouts go to a 30-day trash bin first, so you can recover them if needed. After 30 days they are permanently deleted from the device. You can also delete them permanently right away from the trash view.

9. Children's Privacy

GymPsycho is not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

[email protected]