GymGeist ("the app") is developed and operated by Oskar Freye ("we", "us"). This policy explains what data we collect, how we use it, and what rights you have over it.
1. Data We Collect
Account Data
When you create an account, we collect your email address and a display name. This data is stored in Firebase (Google Cloud) and is used solely to authenticate you and identify your data across devices.
Workout & Nutrition Data
Workout plans, session logs (sets, reps, weights, duration), nutrition plans, and meal data you create in the app are stored in Firestore (Google Cloud). This data is associated with your account and is never shared with third parties or used for advertising.
AI Coach Chat History
Messages you send to the AI coach are stored in Firestore to provide conversation continuity. Messages are processed by Google's Gemini API on Google Cloud infrastructure under Google's enterprise data usage terms, which prohibit use of your data for model training without consent.
Health Data (Apple Health)
GymGeist requests read access to health data (heart rate, HRV, sleep, calories, steps, and others) from Apple Health and write access to record workout sessions. This data is read directly from Apple's HealthKit framework on your device. Health data is not transmitted to our servers — it is only used locally to render the recovery dashboard. Workout sessions written to Apple Health follow Apple's HealthKit privacy framework.
Camera (Push-Up Detection)
The push-up app lock uses your device's camera for real-time pose estimation via MediaPipe. All processing happens entirely on your device. No video frames, images, or pose data are ever recorded, stored, or transmitted to any server.
Push Notifications
If you grant notification permission, your device's FCM (Firebase Cloud Messaging) token is stored on our servers to deliver workout reminders, battle updates, and social notifications. You can revoke this permission at any time in iOS Settings.
Usage Data
We do not use third-party analytics SDKs. Basic server-side request logs (timestamps, error codes) are retained for 90 days and used solely for debugging.
2. How We Use Your Data
- To authenticate you and maintain your account
- To store and sync your workout and nutrition plans across devices
- To power the AI coach, using your conversation history for context
- To deliver push notifications you've opted into
- To enable social features (battles, friend lists, chat) with other users
We do not sell your data. We do not use your data for advertising.
3. Third-Party Services
The app uses the following third-party services:
- Firebase (Google) — Authentication, database (Firestore), and push notifications. Firebase Privacy
- Google Gemini API — AI coach responses. Processed under Google Cloud's enterprise data terms. Google Cloud DPA
- RevenueCat — Subscription management and purchase validation. RevenueCat Privacy
- Apple HealthKit — Local health data access. Governed by Apple's frameworks; data does not leave your device via our app.
- MediaPipe (Google) — On-device pose detection. Runs locally; no data is sent to Google.
4. Data Retention
Your data is retained for as long as your account is active. When you delete your account (Settings → Delete Account), all associated data is permanently deleted from our servers within 30 days, including workout history, nutrition plans, and chat history. Apple Health data is managed separately by Apple and is not affected by account deletion.
5. Your Rights
You have the right to:
- Access your data — email us and we'll provide a copy
- Delete your data — use the in-app account deletion or email us
- Correct inaccurate data — contact us directly
- Withdraw consent for Health or camera access at any time via iOS Settings
6. Children's Privacy
GymGeist is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
7. Changes to This Policy
We may update this policy as the app evolves. Significant changes will be communicated via an in-app notice. The date at the top of this page reflects the most recent revision.
8. Contact
Questions about this policy or requests regarding your data:
oskar@freye.tech