Privacy Policy
Personal Trainer
Effective date: May 14, 2026
This privacy policy describes how Personal Trainer ("the App", "we", "our") collects, uses, and protects your information when you use our mobile application.
1. Information We Collect
Information from Google Sign-In
When you sign in with Google, we receive:
- Name — your Google account display name
- Email address — your Google account email
- Profile photo URL — loaded for display only, not stored
- An opaque account identifier — used internally to scope your data to your account; never displayed and never shared with third parties
Information You Provide
You may voluntarily enter:
- Body weight (stored in your profile)
- Training plans (plan names, training days, exercises, sets, reps)
- Workout sessions (exercises performed, weight lifted, reps completed, difficulty ratings, timestamps)
- Profile preferences (display name, experience level, timezone, rest timer duration)
- Notification preferences (reminder times and days)
- Favorite exercises
- Custom movements (exercises you create with names, descriptions, and muscle group targeting)
Information Generated by the App
- Achievements, streaks, and personal records — computed from your workout history and stored with the rest of your profile data.
- Friend code — a deterministic
XXXX-YYYYcode derived from a hash of your Google email. The same email always produces the same code. The original email is never transmitted or stored alongside the code.
Information from My Crew (Friends Leaderboard)
If you opt in to the My Crew feature, the following is synced to the cloud so your friends can see you on the shared leaderboard:
- Your display name and avatar URL
- Your friend code
- Aggregated training statistics (total volume lifted, total sets, total time, active days — aggregated over week / month / year windows)
- Friendship records between you and another user (pending / accepted status, who initiated the request)
- Timestamps of your most recent workouts
You control whether friends can see your statistics via the "Allow friends to see my stats" toggle on the Profile screen. When disabled, your stats are hidden from friends' leaderboards although your display name stays visible so friends can identify you.
Information from Google Health Connect (Android, optional)
If you enable the Health Connect integration on the Profile screen, the app can:
- Write your completed workout sessions (start time, end time, title, and per-set details such as exercise name, weight, reps, series, and duration) to Health Connect so they appear in any Health Connect–compatible app you choose to use (Fitbit, Samsung Health, Pixel Watch, MyFitnessPal, Strava, etc.).
- Read your most recent body weight from Health Connect on demand (only when you tap the "Pull latest body weight from Health Connect" button), to save you from typing it in manually.
The Health Connect integration is fully optional, off by default, and controlled by toggles on the Profile screen. The app requests only the Health Connect permissions strictly required for these two features (WRITE_EXERCISE and READ_WEIGHT) and never reads any other health data. Health Connect itself is governed by Google's own privacy controls on your device — you can revoke our access at any time from Settings → Health Connect.
Information We Do NOT Collect
- Location data (fine or approximate)
- Financial or payment information (purchase verification is handled entirely by Google Play Billing and RevenueCat — we never receive your card details. See Section 8 below.)
- Contacts, calendar, or messages
- Photos, audio, or files from your device
- Device identifiers or advertising IDs
- Browsing history
- Analytics or usage tracking data
- Biometric data
2. How We Use Your Information
All data you enter is used solely to provide app functionality:
- Displaying your profile and personalizing the experience
- Storing and displaying your training plans and workout history
- Tracking personal records and progress
- Calculating muscle recovery status
- Sending local workout reminders (if you opt in)
- Syncing your data across devices via cloud sync (if connected)
- Showing your aggregated stats to friends on the My Crew leaderboard (if you opt in)
- Verifying your VIP Premium purchase status (if you upgrade)
We do not use your data for advertising, analytics, profiling, machine learning training, or any purpose other than app functionality.
3. Data Storage
Local Storage
All your data is stored locally on your device using AsyncStorage. The app works fully offline without an internet connection. Your data is scoped to your user account — switching accounts loads only that account's data.
Cloud Sync
When you are connected to the internet, your data is automatically synced to a managed Google Cloud database for backup and cross-device sync. This data is:
- Encrypted in transit using HTTPS/TLS for every request between your device and the cloud
- Encrypted at rest by Google Cloud's standard storage encryption
- Scoped to your account — stored under an opaque per-user identifier and isolated from every other user's data
- Protected by server-enforced security rules — only you can read or write your own data, with the exception of the small public leaderboard documents your accepted friends are allowed to read
- Not accessible to other users or third parties beyond the explicit friend-visibility rules described in Section 1
We follow industry-standard security procedures to protect the confidentiality of your data and use strong encryption to protect your information both in transit and at rest.
Cloud storage is operated by Google. Their data handling is governed by the Google Cloud Privacy Notice.
4. Data Sharing
We do not share, sell, rent, or trade your personal data with any advertisers, data brokers, or third parties for their own purposes.
Your data is transmitted only to:
- Google — to verify your identity and store your synced data
- Google Play Billing — to process VIP Premium purchases
- RevenueCat — to verify VIP Premium purchase status and unlock features across your devices (see Section 8)
- Your accepted friends on My Crew — limited to the fields listed in Section 1, and only if you have enabled friend visibility on Profile
These transmissions are for app functionality only and do not constitute sharing with third parties for their independent commercial use.
5. Data Retention and Deletion
- Local data is stored on your device until you uninstall the app or sign out.
- Cloud data is retained under your opaque account identifier. Soft-deleted records (e.g., deleted plans, sessions, custom movements) are marked with a deletion timestamp and propagated across your devices so the deletion is consistent everywhere you're signed in.
- Friendship and leaderboard records are deleted from the cloud when you remove a friend or when your friend removes you.
- To request full deletion of your cloud data, submit a request using the in-app delete option (Profile → Advanced Options → Delete my data). We will delete your cloud record and friendship entries within 30 days.
- Uninstalling the app removes all local data but does not automatically delete cloud data — use the in-app delete option to remove your cloud data.
6. Children's Privacy
Personal Trainer is not directed at children under 13. The target audience is adults who strength train at the gym.
- We do not knowingly collect personal information from children under 13.
- The Google Play Store listing is tagged for audiences 18 and older.
- We do not use child-directed marketing, content, or design patterns.
- We do not participate in the Google Play Families program.
If you believe we have inadvertently collected information from a child under 13, please request to delete the information promptly using the option in the app.
7. Security
Security procedures are in place to protect the confidentiality of your data. We use encryption to protect your information both in transit and at rest, and we restrict access to your data through server-enforced security rules.
Specific safeguards include:
- Encryption in transit — all network communication between the app and the cloud uses HTTPS/TLS
- Encryption at rest — your cloud data is encrypted at rest by Google Cloud's standard storage encryption
- Per-user isolation — server-enforced security rules guarantee that only you can read or write your own data; the small public leaderboard documents shared with friends are the only exception
- Friendship integrity — friendship transitions (
pending → accepted) can only be performed by the non-initiator at the database level, making self-accepts impossible - No sensitive data stored by us — passwords, payment cards, billing addresses, and Health Connect data are never collected or stored on our servers
- Authentication delegation — handled by Google Sign-In; we never see or store your Google password
- Payment delegation — purchase verification is handled by Google Play Billing and RevenueCat; we never see your payment card or billing address
- Permission-scoped Health Connect access — when you enable Health Connect on Android, the app requests only the two permissions strictly required (
WRITE_EXERCISE,READ_WEIGHT) and you can revoke them at any time from your device's Health Connect settings
8. Third-Party Services
The app uses the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Sign-In | User authentication | Google Privacy Policy |
| Google Cloud (managed database) | Identity management, cloud data sync and backup | Google Cloud Privacy Notice |
| Google Play Billing | VIP Premium one-time purchase processing | Google Play Billing Terms |
| RevenueCat | VIP Premium purchase verification and entitlement state | RevenueCat Privacy Policy |
| Google Health Connect (optional, Android only) | Sync workouts and read body weight to/from your other health apps | Google Health Connect |
When you upgrade to VIP Premium, Google Play Billing handles the payment entirely within the Play Store. We receive only a boolean entitlement status from RevenueCat — we never receive or store your payment details. RevenueCat uses an opaque per-user identifier to track your entitlement across devices; this identifier is not your email or any personally identifiable value.
9. Permissions
| Permission | Purpose |
|---|---|
INTERNET | Google Sign-In and cloud sync |
VIBRATE | Haptic feedback during workouts and rest timer alerts |
POST_NOTIFICATIONS | Optional daily workout reminders and rest timer alerts |
FOREGROUND_SERVICE | Allow the rest timer to play its completion chime while the app is backgrounded mid-workout |
FOREGROUND_SERVICE_MEDIA_PLAYBACK | Same — rest timer audio chime on Android 14+ |
com.android.vending.BILLING | Process the one-time VIP Premium in-app purchase |
android.permission.health.WRITE_EXERCISE | Write your completed workouts to Google Health Connect — only requested if you enable the Health Connect integration on the Profile screen |
android.permission.health.READ_WEIGHT | Read your latest body weight from Google Health Connect on demand — only requested if you enable the Health Connect integration and tap the body-weight pull button |
No sensitive permissions (camera, location, contacts, microphone, storage, SMS, or call logs) are requested. Health Connect permissions are optional, off by default, and revocable at any time from your device's Health Connect settings.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate personal information
- Request deletion of your personal information
- Object to or restrict certain processing
- Portability of your data in a machine-readable format
- Withdraw consent previously given (e.g., turn off friend visibility, sign out, delete your account)
11. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be reflected by updating the "Effective date" at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy. You can always find the current version at the URL where you're reading this document.