Privacy Policy

We read event start/end times and titles on your device to find workout windows and fire habit-stacking nudges (like "your meeting just ended"). We never store calendar event content on our servers. The only calendar info synced to your account is which calendars you've selected (their names + IDs), so your selection carries across your devices. When an event changes (moves or cancels) and triggers a nudge, that event's title may be included in the prompt our AI uses to draft the nudge copy.

Used to calculate travel time, detect gym arrival, and trigger proximity nudges when you're near your gym with free time. Your coordinates are sent to Google Maps to compute travel time and live ETA. After you commit to a workout and tap "On my way," location continues updating in the background only until you arrive or cancel, so your lock-screen countdown stays accurate. We don't store your live GPS trail; your selected gym's coordinates are briefly stored on our servers (deleted within 24 hours) to power your leave-for-gym reminder. We never track you outside of a committed trip. We also record an approximate region — your state and country only, derived on your device from your selected gym (your coordinates never leave your phone), with product analytics, so we can see which areas our users are in and prioritize regional features. This is covered by the analytics toggle in Settings.

Your goal, fitness level, gym type, preferred workout time, and injury notes. Stored locally and synced to your account when signed in.

Your injuries and any free-text physical or medical notes are included in the workout prompt sent to our AI provider so it can avoid movements that could hurt you (training opt-out enabled). Injuries are saved to your account as part of your profile; free-text medical notes are kept on your device. Neither is ever shown to buddies or included in analytics.

Completed workouts, durations, ratings, skip reasons, per-exercise sets with weights and reps. Used for streak tracking, time-of-day insights, skip-pattern detection, and progressive overload suggestions. Your per-set log (exercises, weights, reps) syncs to your account so it's available across devices, scoped to your user ID.

Your fitness goal, planning style, work rhythm (including a custom rhythm you can name), daily waking window, evening schedule shape, accountability level, workout preference (guided / plan / self-directed), and "vibe" answer drive every AI recommendation. Stored as a JSON blob on your account, scoped to your user ID. Visible to you in Settings → What we remember.

Free-text messages you send to GymTime via the onboarding "Anything else?" prompt or the Settings → Tell GymTime screen. The last 20 are kept; older ones are pruned automatically. Used to refine personalization and surfaced in Settings → What we remember so you can review or remove them.

Lifecycle of each workout window: when it was offered, accepted, started, completed, skipped, or extended past planned time. Powers learnings like "you tend to skip Wednesdays." Synced events are pruned at 90 days; unsynced events stay on device until they upload.

When you generate a workout or receive a memory-aware notification, your profile context (goals, recent vibe, skip pattern, accountability tone), your injuries and free-text medical/physical notes, and — for gym equipment detection — your gym's name and address are sent to our AI provider as part of the prompt. We don't store prompts ourselves; the provider's policy governs their retention. Provider training opt-out is enabled.

A monthly counter of how many AI generations you've used, for fair-use rate limiting on free and pro tiers. Counter resets monthly; 12 months of history kept.

Heart rate, HRV, resting heart rate, step counts, and active energy, read with your explicit permission. Your raw Apple Health readings stay on your device — we never store them. They're reduced on-device to a single "readiness" score, and when that score shows you're under-recovered, the score alone (e.g. "62/100") is included in the workout prompt sent to our AI provider so it can suggest a lighter session. The underlying readings are never transmitted. Workouts you log are written back to Apple Health.

When proximity alerts are enabled, your current gym (name + coordinates) is stored briefly — from when you head out ("on my way") through your session — so buddies can see you're there. Auto-expires after 2 hours.

Display name, username, workout completions, streak milestones, and quick messages shared only with buddies you've explicitly accepted. Sharing tier controls what's visible.

Your planned workout windows — date, departure and workout times, gym, drive time, weather forecast, and the generated workout itself — are saved to your account so they're ready across devices. Scoped to your user ID.

When you flag a constraint (e.g. "need gym clothes," "kids," "dinner," "tired") with an optional time window and free-text note, it's saved to your account so recommendations respect it. Scoped to your user ID.

If you block or report another user, the reason and any free-text context you provide are stored so we can act on abuse. Scoped to your account and retained for safety.

An Expo push token is stored with your profile so we can notify you about buddy activity. Never used for marketing or third parties.

All social features (buddies, matchmaking, schedule sync, proximity) are off until you explicitly turn them on. You can disable any or all at any time in Settings → Data & Privacy.

You control exactly what each buddy sees via your sharing tier: Full (workouts, streaks, schedule), Workouts Only, Streaks Only, or Private. Schedule sync only works if set to Full.

Matchmaking requires a separate opt-in toggle. When enabled, users at your same gym with similar goals can see your display name, gym, and stats — nothing else until you accept a buddy request from them.

Buddy messages (pings) are limited to 6 pre-written options — no free-text chat. This protects against harassment, spam, and abuse.

There is no public feed, leaderboard, or global discoverability. Your profile is only visible to accepted buddies and (if opted in) same-gym matching candidates.

Invite links contain a short referral code — no personal data. The recipient must still accept before any information is shared.

Gym check-ins expire automatically after 2 hours. Only accepted buddies can see your check-in status. Turn it off in Settings → Data & Privacy to stop sharing entirely.

Habit stacking, location proximity, and vibe check nudges run on your device and fire local notifications. They never send data to our servers.

Every notification type has a toggle in Settings → Notifications: leave reminders, morning briefing, buddy requests, buddy messages, workout alerts, streak milestones, quiet hours.

Configure a window (e.g. 10pm–7am) to suppress all non-critical notifications. Departure alarms at T-0 still fire for workouts you've committed to.

We do not sell, rent, trade, or share your personal data with advertisers, data brokers, or third parties for marketing purposes. Ever.

Your raw Apple Health readings, injury notes, and medical notes never leave your device and are never synced to our servers. The only health-derived value ever transmitted is a single readiness score sent to our AI provider to adjust workout intensity (detailed under "Apple Health data" above) — never the underlying readings.

We see start/end times and event titles only. We never read descriptions, attendees, locations, attachments, or meeting notes.

Location is accessed when the app is active, and in the background only during a committed trip to the gym (after you tap "On my way") to keep your lock-screen ETA accurate — it stops the moment you arrive or cancel. We never access your location for any other purpose, and never track you persistently in the background.

Your workout activity is never visible to anyone except buddies you've accepted. Matching candidates see your display name + stats only, never your schedule or workouts.

We do not access microphones, cameras, photos, or any other media.

We never access your contact list, phone numbers, or emails of anyone other than you.

Used for gym search, travel time, and live arrival ETA. Receives your search text and your coordinates (current location + gym) to compute routes — including background location updates during a committed trip. Subject to Google's privacy policy.

Used to generate workouts, draft memory-aware notifications, and detect gym equipment. Receives your fitness goals, gym type, available time, personalization profile context (vibe, skip pattern, accountability tone), the free-text messages you've sent to "Tell GymTime," and — when you're under-recovered — a readiness score derived from Apple Health (a single number only, never the underlying readings). Never receives your raw email, name, phone, exact GPS coordinates, or raw Apple Health readings. Provider training opt-out is enabled at the API level.

Hosts your account, buddy data, and sync state. Data is encrypted at rest. Row-level security ensures each user can only access their own data and their buddies'.

Used to factor weather into workout recommendations. Only receives approximate coordinates, no personal identifiers.

Delivers buddy activity notifications and silent travel-refresh pushes. Receives the push token, notification content, and — for travel-refresh pushes — your destination gym's coordinates (to recompute your ETA). Never your name, email, or other personal identifiers.

Receives crash reports and error events so we can fix bugs quickly. Includes your account user ID (a random UUID, not your name or email), app version, OS version, device model, and error stack trace. Never receives your email, name, location, calendar content, health data, or any other personal information.

Settings → Data & Privacy lets you toggle every data-sharing feature individually, or disable social features entirely with one tap.

Use Settings → Delete Account to permanently remove all data from our servers. Local data on your device is also cleared. This cannot be undone.

Contact [email protected] with your account email to request a full export of your data in JSON format. We respond within 30 days.

EU/UK residents have the right to request deletion under GDPR. California residents have equivalent rights under CCPA. Email [email protected] to exercise these rights.

Anonymous usage analytics can be disabled in Settings → Data & Privacy.

We may revise this Privacy Policy from time to time as the app evolves or the law requires. When we make material changes, we'll update the "Last updated" date at the top of this page and notify you in-app or by email. Your continued use of GymTime after an update means you accept the revised Policy. We encourage you to review this page periodically.