Privacy Policy

Effective: May 9, 2026

This Privacy Policy describes how GymGrade ("we," "us," "our") collects, uses, and shares information when you use the GymGrade mobile application and the gymgrade.app website (together, the "Service"). By using the Service you agree to the terms of this Policy.

1. Information We Collect

We collect only the minimum information needed to deliver the Service.

• Photos you submit for scoring. When you scan your physique, your photo is sent to our analysis API and forwarded to a third-party AI vision model. Photos are used only to generate your score and are not stored on our servers beyond a short-lived cache (currently up to 24 hours) used to keep the score consistent for the same image. We do not retain your photos for training, marketing, or any other purpose.
• Anonymous device identifier. The app generates a random UUID stored on your device. This identifier links your purchases and scan history to your install. It is not tied to your name, email, Apple ID, or any other personal identifier.
• Scan results. Your scan history (overall score, muscle scores, body fat estimate, etc.) is stored locally on your device only. We do not have a server-side copy of your results.
• Purchase receipts. Subscription and in-app purchase receipts are handled by Apple and our subscription processor (RevenueCat). We receive a non-personal entitlement state ("active" / "expired") and an anonymous user ID for billing reconciliation.
• App diagnostics. Standard error and crash logs may be collected through Apple's standard reporting mechanisms when you opt in via iOS Settings.

2. How We Use Information

• To analyze your photo and return a physique score.
• To deliver subscription benefits and verify entitlement.
• To detect and prevent abuse (e.g., enforce one-free-scan-per-device).
• To improve the Service through aggregated, non-personal usage statistics.

We do not sell your information. We do not run advertising in the app and do not share your information with advertisers.

3. Third-Party Services

To deliver the Service we rely on the following processors, each with its own privacy practices:

• OpenAI — vision AI used to analyze the photo you submit. Photos are transmitted only at scan time and are subject to OpenAI's API data-handling policy.
• Google AI (Gemini) — alternative vision model that may be used in future versions. Subject to Google's API data-handling policy.
• RevenueCat — subscription management and entitlement verification. RevenueCat receives an anonymous user ID and Apple receipt data.
• Apple App Store — handles all in-app purchases. Apple's privacy policy applies to all transactions.
• Vercel — hosts our analysis API.
• Upstash Redis — short-lived cache for scan results to keep scoring consistent.

4. Data Retention

Photos are retained only for the duration of the analysis call and a short-lived cache (currently up to 24 hours). Scan results live on your device only and are removed if you uninstall the app or use the in-app "Clear all data" option. Purchase records held by Apple and RevenueCat follow their own retention policies.

5. Your Rights

You can request access to or deletion of any information we hold about you by emailing support@gymgrade.app. Because we operate without user accounts and do not retain personally identifiable information beyond what is described above, deletion in most cases is immediate and self-serve via "Clear all data" in the app.

If you are a California resident, you have the right under the CCPA to request disclosure of the categories of personal information we collect (described above), and to request deletion. We do not sell personal information.

If you are in the European Economic Area or United Kingdom, you have rights under the GDPR/UK GDPR including access, correction, deletion, portability, and the right to object to processing. Contact us at the email above to exercise these rights.

6. Children

GymGrade is rated 17+ and is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has used the Service, contact us and we will delete any associated data.

7. Security

We use industry-standard transport encryption (HTTPS/TLS) for all communication between the app and our servers. No method of transmission or storage is 100% secure, but we apply the controls reasonably necessary to protect the limited information we handle.

8. Changes to This Policy

We may update this Policy from time to time. The "Effective" date at the top reflects the most recent revision. Material changes will be communicated through the app and the website.

9. Contact

Questions about this Policy? Email support@gymgrade.app.