Gymary Privacy Policy

Effective Date: May 2026 | Last Updated: May 2026
Version 2.0

Gymary ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Gymary mobile application and website (collectively, the "Services").

Gymary serves users in multiple jurisdictions, including the United States, Spain, and Latin American countries. This Policy is designed to comply with the applicable laws in each of these regions, including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Washington My Health MY Data Act, the Colombian Ley 1581 de 2012, the Brazilian Lei Geral de Proteção de Dados (LGPD), and other applicable privacy laws.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller / Identity of the Controller

Gymary is the data controller responsible for your personal information.

For users in the European Union and Spain, Gymary acts as data controller within the meaning of Article 4(7) of the GDPR. For California residents, Gymary is the "business" as defined under the CCPA/CPRA.

2. Information We Collect

2.1 Personal Information You Provide

  • Authentication Information: Email address, or details from third-party login providers (Google, Apple) used to sign in and create your account.
  • User Profile: Name, profile picture, gender, date of birth, activity level, and primary fitness goals (e.g., "Lose weight", "Gain muscle").

2.2 Health and Fitness Data (Sensitive Data)

The following categories constitute sensitive personal information and are afforded heightened protection under applicable law:

  • Exercise Data: Workout logs, routines, exercise names, sets, reps, weights, lifetime performance history, and tags.
  • Nutrition Data: Meal logs, calorie and macronutrient records, food descriptions, and food photos you submit for automatic recognition.
  • Body Metrics and Biometrics: Body weight, height, body fat percentage, muscle mass percentage, water percentage, target weight goals, and measurement notes.
  • Body Measurements: Any measurements you manually record (e.g., waist, arms, chest).

2.3 AI Coach Interactions

We collect messages, text prompts, meal logging descriptions, routine requests, and conversational history exchanged with our AI Coach feature. This data is used to provide personalised insights, nutritional tracking, and workout generation.

2.4 Device and Technical Information

  • Device model and operating system version.
  • App crash logs and performance data.
  • Advertising IDs (Google Advertising ID / IDFA) — only collected after obtaining your explicit consent where required by law (e.g., via Apple's App Tracking Transparency framework on iOS).

2.5 Information We Do Not Collect

We do not collect precise real-time GPS location, payment card details (processed entirely by app stores or payment processors), or any biometric identifiers used for authentication (e.g., fingerprint or face data).

3. Legal Bases for Processing (GDPR / Spain / LATAM)

For users in the EU, Spain, and jurisdictions requiring a legal basis for data processing, we rely on the following:

  • Performance of a Contract (Article 6(1)(b) GDPR): Processing necessary to provide the Services you have requested, including account creation, workout and nutrition tracking, and AI Coach features.
  • Legitimate Interests (Article 6(1)(f) GDPR): App performance monitoring, crash analysis, fraud prevention, and service improvement, where not overridden by your interests or fundamental rights.
  • Consent (Article 6(1)(a) GDPR): Processing of health data and biometrics under Article 9(2)(a) GDPR; use of advertising IDs for ad personalisation; and any non-essential analytics or marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Compliance with Legal Obligations (Article 6(1)(c) GDPR): Where required by applicable law.

4. How We Use Your Information

4.1 Service Provision

  • Creating and managing your account.
  • Syncing your workout and nutrition data across devices.
  • Tracking your progress and providing analytics, charts, and 1RM estimates.
  • Providing the AI Coach feature, meal recognition, and routine generation.

4.2 Advertising (Free Tier)

For users on the free tier, we display advertisements via Google AdMob. AdMob may use advertising IDs to personalise ads. On iOS, we will request your permission via the App Tracking Transparency (ATT) prompt before accessing your IDFA. If you decline, only non-personalised ads will be displayed. You may opt out of personalised advertising at any time in your device settings.

4.3 App Improvement

We analyse aggregated, de-identified performance data and crash logs to improve the app's functionality and fix bugs. We do not use your health data for this purpose without your explicit consent.

4.4 Legal Compliance

We may process your information to comply with applicable legal obligations, respond to lawful requests from public authorities, and enforce our Terms of Service.

5. Third-Party Services and Data Sharing

We do not sell your personal information. We share data only with the following categories of trusted service providers, under contractual obligations to protect your data:

5.1 Infrastructure and Authentication

Supabase: Backend database and authentication provider. Your personal data and workout/nutrition logs are stored on Supabase servers. Supabase is SOC 2 compliant.
Privacy Policy: https://supabase.com/privacy

5.2 AI Processing

Third-Party AI Providers: Meal photos, text prompts, and AI Coach conversations are transmitted to third-party AI interfaces for processing. Data is processed temporarily to deliver AI functionality and is not retained by providers for training purposes under our agreements.

5.3 Advertising

Google AdMob: Displays advertisements to free-tier users. AdMob may process advertising IDs.
Google Privacy Policy: https://policies.google.com/privacy

5.4 Payment Processing

Apple App Store / Google Play: All subscription payments are processed by the respective app stores. We do not collect or store payment card details.

5.5 Legal and Safety Disclosures

We may disclose your information to law enforcement or government authorities if required by law, court order, or to protect the rights, safety, or property of Gymary or its users.

6. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or our data practices: