Gymmy Privacy Policy
Gymmy is operated by JCN Labs LLC, a California limited liability company ("JCN Labs," "we," "us," or "our"). This Privacy Policy describes how we collect, use, share, and protect information when you use the Gymmy iOS application and the gymmy.social website (together, the "Service").
By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Summary
- Gymmy is a social fitness application. An account is required, and the social features you choose to use (feeds, leaderboards, comments, follows) share information with other users according to the privacy controls you set.
- We do not sell your personal information. We do not share it with data brokers. We do not use it for third-party advertising, and we do not track you across other companies' apps or websites.
- Data you import from Apple Health is used only to power your own training features, is never used for advertising or marketing, and is never sold.
- You can control who sees each part of your profile, block other users, delete individual workout logs, and delete your entire account from inside the app at any time.
2. Information we collect
2.1 Account information
When you sign in with Apple or sign in with Google, we receive an account identifier and, depending on the provider and your choices, your name and email address. If you use Apple's "Hide My Email" feature, we receive the private relay address Apple generates for you. We also assign your account a unique user ID and a sequential account number.
2.2 Profile information
Your profile includes information you provide: your name, your username, your city and country, your profile photo, and training details such as height, weight, body type selection, age range, training goal, and weekly training commitment.
2.3 Fitness and activity data
The core of the Service is the training data you log or that the app derives from it: workout logs (type, duration, exercises, sets, weights, effort), personal records, muscle training data, progression statistics, levels and experience points, consistency and streak data, achievements, goals, and arena match results.
2.4 Apple Health data (optional)
If you grant permission, Gymmy reads recent workouts from Apple Health so they count toward your training profile. This access is read-only; Gymmy never writes to Apple Health. See Section 5 for the specific commitments that apply to this data.
2.5 Social content and interactions
When you use social features, we collect the content and records those features require: comments you post, likes, nudges you send and the messages they carry, the accounts you follow and that follow you, the accounts you block, and reports you submit about content or users.
2.6 Purchase information
If you subscribe to Gymmy Premium, Apple processes the payment. We never receive your payment card details. We receive and store your subscription status and an Apple transaction identifier so we can deliver your subscription across your devices and honor renewals, cancellations, and refunds.
2.7 Device and technical information
We collect limited technical information needed to operate the Service: a device identifier used to coordinate syncing between your devices, timestamps of syncs, and standard server logs (such as IP address and request metadata) generated when your device communicates with our servers.
3. How we use information
We use the information described above to:
- Provide, maintain, and improve the Service, including syncing your training data across your devices and restoring it if you get a new device.
- Operate social features: showing your activity to the audiences you choose, building feeds, computing leaderboards for your region and globally, and delivering nudges, comments, likes, and follow requests.
- Deliver and manage Gymmy Premium subscriptions and the free trial.
- Place you in a regional leaderboard bucket based on the city and country you provide.
- Send notifications you have enabled, such as goal reminders.
- Keep the Service safe: enforcing our Terms of Service, reviewing reports, moderating content, and preventing abuse.
- Provide customer support and respond to your requests.
- Comply with legal obligations.
We do not use your information for third-party advertising. We do not sell it. We do not use it to track you across other companies' apps or websites.
4. How information is shared
4.1 With other users, under your control
Gymmy is a social application, and its privacy model is built on per-domain audience controls. For each area of your profile (such as your personal records, bodygraph, activity feed, location, and others) you choose an audience: Public, Followers, Following, or No One. Some areas have a minimum audience by design, which is disclosed in the app. Content you post to social surfaces (comments, likes, nudges) is visible to the users those surfaces reach. Your region is used to place you in a local leaderboard bucket; whether your city is displayed to others is governed by your Location privacy setting.
Blocking a user removes your profile and content from their experience entirely, and theirs from yours.
4.2 With service providers
We use a small number of service providers to operate the Service, and they process data only on our instructions:
- Supabase provides our database, authentication infrastructure, and file storage.
- Apple provides sign-in with Apple, App Store payments and subscription management, and server notifications about your subscription status.
- Google provides sign-in with Google if you choose it.
4.3 Legal and safety
We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or is necessary to protect the rights, property, or safety of our users, the public, or JCN Labs.
4.4 Business transfers
If JCN Labs is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify you of any change in ownership or in the use of your personal information.
We do not share personal information with data brokers, advertising networks, or analytics companies that build profiles across apps.
5. Apple Health data
The following commitments apply specifically to data read from Apple Health:
- We use Apple Health data solely to provide fitness features to you: counting imported workouts toward your training profile, statistics, and progression.
- We never use Apple Health data for advertising, marketing, or similar purposes.
- We never sell Apple Health data or share it with data brokers.
- If you sign in, workouts imported from Apple Health become part of your training data and sync to our servers so your account works across devices, exactly like workouts you log manually. They are shared with other users only according to the privacy audiences you set.
- You can revoke Gymmy's access to Apple Health at any time in the iOS Settings app, and you can delete individual imported workouts or your entire account inside Gymmy.
6. Your choices and controls
- Privacy audiences. Set the audience for each profile domain in Settings, Privacy.
- Blocking. Block any user from their profile; manage blocked accounts in Settings.
- Reporting. Report content or users that violate our Terms from the content itself or a profile.
- Editing and deleting logs. Edit or delete any workout log. Deleting a log removes it from your records and from what others can see.
- Notifications. Control notifications in the app and in iOS Settings.
- Permissions. Grant or revoke Apple Health access in iOS Settings at any time.
- Account deletion. Delete your account in Settings, Your data. Deletion removes your data from our servers first, then from your device.
7. Data retention
We retain your information while your account is active. When you delete your account, your personal data is deleted from our production systems, subject to limited exceptions: residual copies in encrypted backups that are deleted on the backup rotation schedule, records we are legally required to retain, and records reasonably necessary to enforce our Terms or resolve disputes (such as moderation records related to serious abuse). Server logs are retained for a limited period for security and reliability purposes.
8. Security
We use reasonable technical and organizational safeguards to protect your information, including encryption in transit, row-level access controls on our database, and restricted access to production systems. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at support@gymmy.social and we will delete it. Users must meet the minimum age stated in our Terms of Service.
10. Your California privacy rights
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), gives you the following rights:
- Right to know the categories and specific pieces of personal information we collect, use, and disclose. Those categories are: identifiers (name, email, username, user ID, device identifier); characteristics and physical information you provide (height, weight, body type, age range); geolocation at the city level, as provided by you; commercial information (subscription status); and fitness and activity data as described in Section 2.
- Right to delete your personal information, which you can exercise directly in the app (Settings, Your data, Delete account data) or by contacting us.
- Right to correct inaccurate personal information.
- Right to non-discrimination for exercising your rights.
We do not sell personal information and we do not share personal information for cross-context behavioral advertising, as those terms are defined by the CCPA, and we have not done so in the preceding 12 months. We do not use or disclose sensitive personal information for purposes requiring a right to limit under the CCPA.
To exercise these rights, use the in-app controls or email support@gymmy.social. We will verify requests using information associated with your account. You may designate an authorized agent to make a request on your behalf.
11. Users outside the United States
The Service is operated from the United States and your information is stored on servers in the United States. If you use the Service from outside the United States, you understand that your information is transferred to and processed in the United States.
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases: performance of our contract with you (providing the Service you signed up for), our legitimate interests (keeping the Service safe and improving it), your consent where required (such as Apple Health access), and compliance with legal obligations. You have the right to access, rectify, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to lodge a complaint with your local supervisory authority. You can exercise these rights through the in-app controls or by contacting support@gymmy.social.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by other reasonable means before the changes take effect. The "Last updated" date at the top of this policy shows when it was most recently revised. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
13. Contact us
JCN Labs LLC
Email: support@gymmy.social
Website: https://gymmy.social
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at support@gymmy.social and we will respond as promptly as we can.