Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains how GYM: GETTING YOU MOVING collects, uses, and stores your personal data. We take your privacy seriously and are committed to keeping your data secure.

1. Who We Are

GYM: GETTING YOU MOVING is operated by the app owner. For data-related enquiries, please use the feedback section within the app.

2. Data We Collect & Why

The following data is collected when you use the app:

Sex, age & fitness level
Collected at onboarding to personalise AI training plans and workout recommendations.
Device ID
A unique identifier linked to your account, used to store and sync your data across sessions.
Workout logs
Exercise name, weight, sets, reps, rest periods, and date — stored to track your progress and generate AI training plans.
Cardio logs
Distance, duration, pace, and heart rate — stored to power the AI Pace Maker and generate personalised cardio plans.
Class logs
Class name, duration, and heart rate timeline — stored to enable performance review and heart rate comparison between sessions.
Walk logs & step count
Daily step data, walk distance, and duration — stored to power the step counter, consistency score, and predictive catch-up feature.
GPS route data
Stored only when you choose to save a route for the AI Pace Maker ghost racer feature. Location is not tracked continuously or in the background.
Smart Notes
Injury flags and fatigue notes you enter — stored so the AI can safely adjust future workout recommendations based on your physical condition.
Push notification token
Used only to send workout reminders and milestone celebration notifications. Never used for marketing.
PT enquiry messages
Messages sent through the Personal Training chat — stored so the app owner can vet and respond to your enquiry.
Anonymised lift data
Exercise name, weight lifted, sex, and age bracket — used in aggregate only to build average strength benchmarks across the user base. This data is never linked back to an individual user, never sold, and never shared with third parties.

3. Where Your Data Is Stored

4. Data Sharing

We do not share your personal data with any third parties except as strictly necessary to operate the app (e.g. the Supabase database provider, who processes data under a Data Processing Agreement). No data is shared for marketing, advertising, or analytics purposes.

5. Data Retention & Account Deletion

Your data is retained only for as long as it is necessary to provide the app's features. You can delete your account and all associated data at any time from within the app: Profile → Delete Account. On confirmation, your account, workout history, shared logs, game records, and social connections are permanently removed.

6. Your Rights (UK GDPR)

If you are located in the UK or European Union, you have the following rights regarding your personal data:

To exercise any of these rights, contact us via the Feedback section within the app. We will respond within 30 days.

7. Children's Privacy

This app is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse. All data in transit is encrypted using HTTPS/TLS.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app. Continued use of the app after a change constitutes acceptance of the updated policy.

10. Compliance

This app complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

11. Contact

For any privacy-related questions or to exercise your rights, please contact us through the feedback section within the app.