When you create an account we collect:
We do not collect your legal name, phone number, or payment information.
When you log workouts we collect:
You may optionally enter your body weight and height. These fields are entirely optional. If not provided, no body-stat data is collected.
If you use the social feed, we collect workout posts you share, likes and comments you make, and the users you follow and who follow you. Trainer–athlete relationships are also stored if you use the trainer role.
We do not operate third-party analytics pipelines. Firebase (our infrastructure provider) may collect limited technical information as described in their own privacy policy (see Section 3.2). This can include device type, operating system version, and crash reports.
We also collect anonymised, aggregated workout activity data (exercise names, muscle groups, sets, and repetitions) to improve workout recommendations. This analysis is performed on data that has been stripped of all identifying information — it cannot be traced back to you individually. You can opt out of this at any time from the app's Settings screen.
We do not collect location data. A location feature has not launched. If that changes, you will be asked for explicit permission and this policy will be updated before any location data is ever collected.
| Purpose | Data Used |
|---|---|
| Authenticating your account | Email address |
| Displaying your profile | Display name, body stats (if provided) |
| Generating personalised workouts | Goal, equipment, training age, injuries, days per week |
| Logging and tracking progress | Exercises, sets, reps, weights, dates |
| Deload week detection & split cycling | Workout dates, cycle week counter |
| Workout history display | Workout data |
| Social feed | Posts, likes, comments, follow relationships |
| Product improvement and personalised recommendations | Anonymised, aggregated workout activity (exercise names, muscle groups, sets, reps — no body stats, no personal identifiers) |
| Trainer–athlete collaboration | Role, client list, shared workout history |
| Syncing across your devices | All data listed above |
We do not: sell your personal information · show advertisements · share your data with advertisers · use your data for third-party marketing · use your body statistics (height, weight) in any aggregate or analytics pipeline.
All workout data is stored locally in an SQLite database (via expo-sqlite) on your device. The app works fully offline. Local data is protected by your device's OS-level security (iOS sandbox + Secure Enclave encryption; Android app sandboxing).
When you are signed in, your data is synced to Google Firebase (Firestore + Firebase Authentication). Firebase is operated by Google LLC under Google's privacy policy:
Firebase servers are located primarily in the United States. If you are outside the US, your data is transferred under Google's data-transfer safeguards (including Standard Contractual Clauses where applicable).
Exercise names and metadata are sourced from the open-source free-exercise-db project. No personal data is sent to this service. This is a read-only, anonymous data source.
We do not sell, rent, or share your personal data with third parties, except:
You can view and edit your display name, body stats, training goal, equipment, injuries, and split preferences directly from the Profile and Settings screens.
You can opt out of anonymised analytics at any time from the app's Settings screen under "Privacy". Opting out prevents your workout activity from being included in aggregate product improvement analysis. Your core workout tracking and social features are not affected by this choice.
You can delete your account at any time from the Profile screen. This permanently deletes:
Deletion is permanent and cannot be undone. Residual copies in Firebase automated backups are purged within 30 days.
If you cannot delete your account in-app, email rep.app.dev@gmail.com and we will complete deletion within 30 days.
California residents may request to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. Contact rep.app.dev@gmail.com to exercise your rights.
If you are in the EEA, UK, or Switzerland, you have rights under the GDPR including: access, rectification, erasure, restriction, objection, and data portability. Our lawful basis for processing is contract performance and legitimate interests. Contact rep.app.dev@gmail.com to exercise these rights.
We retain your data for as long as your account is active. When you delete your account, all associated data is deleted as described in Section 5.3. We do not retain data after deletion, except as may remain in automated backups (cleared within 30 days) or as required by law.
No method of transmission over the internet is 100% secure. We take commercially reasonable steps to protect your data but cannot guarantee absolute security.
Workout Tracker is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal data, contact us at rep.app.dev@gmail.com and we will delete that information promptly in compliance with COPPA.
Users aged 13–17 should review this policy with a parent or guardian before creating an account.
We may update this Privacy Policy from time to time. When we make material changes we will update the "Last Updated" date above and display an in-app notice (or notify you by email) before the changes take effect. Continued use of the app after an update constitutes acceptance of the revised policy. If you disagree, you may delete your account before the changes take effect.