GymMaxer Privacy Policy
Last Updated: May 17, 2026
Effective Date: October 8, 2025
1. Controller and Contact Information
Owner and Data Controller:
IRON FROG
Company Code: 307436163
Tiltų g. 19
LT-91249 Klaipėda
Lithuania (European Union)
Contact Email: gymmaxerapp@gmail.com
Business Email: ironfrogbusiness@gmail.com
Privacy Requests: gymmaxerapp@gmail.com
By using GymMaxer (the "App", "Service"), you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.
---
2. Data We Collect
2.1 Account Information (Required)
To create and maintain your GymMaxer account, we collect:
• Email address (for authentication and account recovery)
• Name (user display name)
• Password (stored in hashed/encrypted form only)
• Authentication tokens (for session management)
• Date of birth (required for age verification to comply with legal age restrictions)
• Country of residence (required to determine applicable minimum age requirements by jurisdiction)
2.2 Profile Information (Optional/User-Provided)
• Height and height unit (cm or inches)
• Weight unit preference (kg or lbs)
• Sex/Gender (male, female, other, unspecified)
• Premium status (free, premium, trial information)
• Premium subscription dates (start, expiration)
• Superuser flag (for authorized testing accounts only)
2.3 Workout and Training Data
GymMaxer is a comprehensive fitness tracking platform. You provide and we store:
Program Structure:
• Training programs (strict and flexible types)
• Program titles, descriptions, tags, colors
• Program status (active, retired, retirement reasons)
• Program order and organization
• Program unlock status (which programs free users have access to)
• Library import records (which pre-built programs you've imported)
• Last used timestamps for programs
Training Days:
• Day titles, notes, and order within programs
• Day completion timestamps
• Rest timer preferences (enabled, duration, sound settings, scope)
• Acceptance status (whether program structure is locked)
Exercises:
• Exercise titles and order
• Muscle group targeting (primary and secondary muscles)
• Custom exercise definitions you create (name, muscles, category, descriptions)
• Predefined exercise favorites
• Exercise discontinuation status and logs
• Exercise notes
• Tracking method (weight/reps, bodyweight, time-based, etc.)
Sets and Performance:
• Planned sets (target weight and reps)
• Completed sets (actual weight and reps achieved)
• Set-level notes (max 32 characters per set)
• Set completion timestamps
Supersets:
• Superset groupings (which exercises are grouped together)
• Superset order and structure
2.4 Workout Session Data
• Session start and completion times
• Session duration
• In-progress session state (current exercise, current set, ability to resume)
• Session completion flags
• Completion order (for rotation tracking)
• Session summaries (displayed after workout completion)
2.5 Performance Metrics and Progress
GymMaxer calculates and stores performance analytics:
• e1RM (Estimated One-Rep Max) per set using Epley formula
• Total exercise e1RM per session (pre-aggregated for performance)
• Exercise session metrics (performance for each exercise per session)
• Session exercise summaries (progress percentages, totals)
• Progress snapshots over time
• Workout improvements logs (calculated improvements between sessions)
• Program rotation progress records (rotation number, dates, totals)
2.6 Body Measurements (Optional)
If you choose to track body metrics:
• Weight history with timestamps
• Body fat percentage
• Body part circumferences: Neck, shoulders, chest, Left and right arms, Left and right forearms, Waist, hips, Left and right thighs, Left and right calves
• Measurement unit (cm or inches)
• Measurement timestamps
2.7 User Preferences and Settings
• Home screen preferences (show/hide various widgets)
• Workout reminder schedules (day of week, time, enabled/disabled), stored in our database to restore your settings when you sign in on a new device
• App sound and vibration preferences for workout reminders and in-workout timer alerts (stored locally on your device)
• Preference to show or hide the optional in-app reminder suggestion on the home screen (stored locally on your device)
• Favorite exercises (predefined and custom)
• Premium/Free unlock preferences
2.7.1 Notifications and Alerts (Optional)
If you use workout reminders or in-app alerts:
• Reminder times you enable are scheduled as local notifications on your device (we do not send unsolicited marketing or "come back to the app" push messages)
• On Android 13 and later, the system may ask for notification permission when you turn on reminders and save your schedule
• We may show a short in-app message on the home screen (at most about once per week) if you have no reminders enabled, suggesting you set a schedule; you can dismiss it or turn it off under Workout Reminders → Preferences
• During workouts, optional timer sounds are short alerts; other audio playing on your device (such as music or podcasts) is generally lowered briefly rather than stopped
2.8 Badge and Achievement Data
• Badge definitions (rules, categories, unlock requirements, images)
• Earned badges with unlock timestamps
• Badge progress (current progress toward badge milestones)
• Progress targets for incomplete badges
2.9 Social and Sharing Data
• Social share logs (platform type, timestamp)
• Share count (for badge calculations)
• Note: We do NOT store the actual content you share, only that a share occurred
2.10 Program Access and Quota Data
• Program creation logs (for enforcing daily premium limits)
• Program deletion logs
• Library program imports (which programs imported and when)
• Program unlock records (for free user 2-program limit)
• Unlock update timestamps
2.11 Automatically Collected Data
California Privacy Rights:
We DO NOT sell your personal information. We DO NOT share your personal information with third parties for their own marketing purposes. We only share data with service providers who assist us in delivering the Service under strict confidentiality agreements.
Usage and Diagnostic Data:
• Feature usage patterns (which features you use and when)
• App interactions (taps, navigations, session duration)
• Crash reports and error logs (for debugging; pseudonymized where possible)
• Performance metrics (load times, response times)
Device Information:
• Device type and model
• Operating system and version
• App version
• Device language and region settings
Session Information:
• Login times and duration
• Authentication method used (email/password, Google Sign-In)
• IP address (for security and fraud prevention; not stored long-term)
---
3. How We Use Your Data
3.1 Legal Bases for Processing (GDPR)
We process your personal data based on the following legal grounds:
• Contract Performance: To provide the workout tracking and fitness services you signed up for
• Legitimate Interest: To improve the app, fix bugs, ensure security, prevent fraud, and develop new features
• Consent: For optional features like workout notifications and body measurements tracking
• Legal Obligation: To comply with applicable laws, regulations, and legal processes (including age verification requirements under COPPA, GDPR Article 8, and similar laws)
Where we rely on consent, you may withdraw it at any time through app settings or device settings without affecting the lawfulness of processing before withdrawal.
3.2 Specific Purposes
We use your data to:
Age Verification and Legal Compliance:
• Verify that you meet the minimum age requirement in your jurisdiction (13+ in USA, 16+ in EU/EEA)
• Comply with children's privacy laws (COPPA, GDPR Article 8, and similar regulations)
• Prevent access by underage users
• Maintain age verification records as required by law
Core Service Delivery:
• Authenticate and maintain your account
• Store and synchronize your workout data across devices
• Enable creation and management of training programs
• Track workout sessions and exercise performance
• Calculate performance metrics (e1RM, volume, progress percentages)
• Generate progress charts and analytics
• Resume interrupted workouts from saved state
• Enforce training day rotation system
Premium Features and Access Control:
• Manage subscription status and entitlements
• Enforce program limits (2 for free users, 50 for premium users)
• Track program unlock status for free users
• Manage premium daily creation quotas (after 50 programs)
• Handle free/premium transitions and notifications
Personalization and Insights:
• Award badges based on achievements
• Display strength percentiles and comparative metrics
• Suggest exercises based on your history
• Calculate and display training load balance
• Generate personalized home screen widgets
• Detect training plateaus and suggest strategies
Notifications and Alerts:
• Deliver local workout reminders at days and times you choose (only if you enable them and grant device notification permission where required)
• Store your reminder schedule so it can be restored when you use your account on another device
• Show optional in-app suggestions to set reminders (not push notifications); you can disable this in Workout Reminders settings
• Play optional short sounds or vibration for rest-timer and chronometer alerts during workouts, according to your app settings
• Notify you about important account or subscription changes (for example, premium status ending)
Analytics and Improvement:
• Understand feature usage patterns
• Identify and fix bugs and crashes
• Optimize app performance
• Develop new features based on usage data
• Generate aggregate, anonymized statistics
Security and Compliance:
• Protect against unauthorized access and fraudulent activity
• Enforce age restrictions (minimum 12 years old)
• Respond to legal requests and comply with legal obligations
• Investigate and prevent abuse of the service
---
4. Third-Party Services and Data Sharing
We do NOT sell your personal information to anyone. We share data only with trusted service providers under strict confidentiality and data protection agreements, or as required by law.
4.1 Backend Infrastructure and Hosting
Supabase (Supabase Inc.)
• Purpose: Database hosting, authentication, backend services, real-time synchronization
• Data Processed: All user data listed in Section 2
• Location: EU North region (Stockholm, Sweden) - Region code: eu-north-1
• Safeguards: Data stored within EU, encryption at rest and in transit, GDPR-compliant infrastructure
• Privacy Policy: https://supabase.com/privacy
4.2 Authentication Services
Google Sign-In / Google Identity Services (Google LLC / Google Ireland Limited)
• Purpose: Alternative registration and login method
• Data Processed: Google account identifier, email address, authentication tokens
• Location: Global (processed according to Google's policies)
• Privacy Policy: https://policies.google.com/privacy
4.3 Analytics Services
Google Analytics for Firebase / Google Analytics (Google LLC / Google Ireland Limited)
• Purpose: Usage analytics, performance monitoring, crash reporting
• Data Processed: Pseudonymous usage data, device information, feature interactions, crash logs
• Controls: Device-level opt-out available; we enable IP anonymization where supported
• Location: Global infrastructure
• Privacy Policy: https://policies.google.com/privacy
4.4 Payment and Subscription Management
RevenueCat (RevenueCat Inc.)
• Purpose: Subscription management, entitlement verification, receipt validation
• Data Processed: App Store/Play Store purchase receipts, subscription status, transaction metadata
• Location: United States
• Privacy Policy: https://www.revenuecat.com/privacy
Google Play Store (Google LLC / Google Ireland Limited)
• Purpose: Android app distribution and billing
• Data Processed: Purchase information, subscription status, basic usage/diagnostics
• User Control: Opt-out of analytics via device settings
• Privacy Policy: https://policies.google.com/privacy
Apple App Store and In-App Purchases (Apple Inc.)
• Purpose: iOS app distribution and billing (when available)
• Data Processed: Purchase information, subscription status, basic usage/diagnostics
• User Control: Opt-out of analytics via device Settings
• Privacy Policy: https://www.apple.com/legal/privacy/
---
5. International Data Transfers
5.1 Cross-Border Processing
Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including the United States, where data protection laws may differ from those in your country.
Primary Storage Locations:
• Supabase: EU North region (Stockholm, Sweden) - Within European Union
• Google Services: Global infrastructure (Ireland for EU users)
• RevenueCat: United States
5.2 Safeguards for EU/EEA Users
For users in the European Economic Area (EEA), United Kingdom, and Switzerland:
• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to third countries
• Our service providers implement appropriate safeguards for international data transfers
• We conduct transfer impact assessments as required by law
• You may request copies of the SCCs we rely upon by contacting gymmaxerapp@gmail.com
5.3 Your Consent
By using GymMaxer, you acknowledge and consent to the transfer and processing of your personal data in the United States and other countries as described in this Policy.
---
6. Data Security
6.1 Security Measures
We implement industry-standard technical and organizational measures to protect your personal data:
Technical Safeguards:
• TLS/HTTPS encryption for all data in transit
• Encryption at rest for database storage
• Hashed and salted passwords (we never store plain-text passwords)
• Row-Level Security (RLS) policies in the database
• Secure authentication via Supabase Auth with token-based sessions
• API security with authentication and authorization checks
Organizational Safeguards:
• Principle of least privilege (access restricted to necessary personnel only)
• Regular security audits and vulnerability assessments
• Access logging and monitoring
• Incident response procedures
• Employee training on data protection
6.2 Security Limitations
IMPORTANT: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee absolute security.
You are responsible for:
• Maintaining the confidentiality of your account credentials
• Using a strong, unique password
• Not sharing your account with others
• Logging out from shared devices
6.3 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:
• Notify affected users without undue delay
• Notify relevant supervisory authorities as required by law (within 72 hours for GDPR)
• Provide information about the nature of the breach and steps being taken
---
7. Data Retention
7.1 Retention While Account is Active
We retain your personal data for as long as your account is active or as needed to provide you with the Service.
7.2 Retention After Account Deletion
When you delete your account:
• Personal data deletion: Within 30 days of account deletion request
• Backup retention: Deleted from backups within 90 days
• Legal retention: Certain records may be retained longer if required by law
• Anonymized data: We may retain anonymized, aggregated data that cannot identify you
7.3 Retention for Specific Purposes
• Support emails: Retained for up to 3 years to improve customer service
• Security logs: Retained for up to 1 year for security monitoring
• Payment records: Retained as required by tax and accounting laws (typically 7 years)
• Legal compliance: As required by applicable laws and regulations
---
8. Your Privacy Rights
8.1 Rights Available to All Users
Regardless of your location, you have the following rights:
• Right to Access: Request a copy of your personal data
• Right to Correction: Update inaccurate or incomplete information
• Right to Deletion: Request deletion of your account and all associated data
• Right to Export: Request export of your data in CSV or JSON format
• Right to Withdraw Consent: Withdraw consent for optional features
8.2 Additional Rights for EU/EEA Users (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR:
• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Lodge a Complaint: File a complaint with your national data protection authority
• Right to Transfer: Receive your data in a portable format
8.3 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights:
• Right to Know: Categories of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: We do NOT sell or share your personal information. California residents have a right to opt-out of the sale of personal information, but we do not engage in such activities.
• Right to Non-Discrimination: We will not discriminate for exercising rights
8.4 How to Exercise Your Rights
In-App Tools:
• Export Data: Settings → Data Export (JSON and CSV formats available)
• Delete Account: Settings → Delete Account (permanently removes all your data)
• Update Profile: Settings → Profile
• Manage workout reminders: Home → Workout Reminders, or Settings → Notifications → Workout Reminders
• Manage reminder sound/vibration and in-app reminder suggestions: Settings → Notifications
• Disable device notifications: your device system settings (Android/iOS)
Account Deletion Process:
When you delete your account through Settings → Delete Account:
• All your personal data is permanently removed from our databases
• Your workout history, programs, and body measurements are deleted
• Your authentication credentials are removed from our system
• This action cannot be undone
• You must re-enter your password to confirm deletion
• Deletion is completed immediately and irreversibly
Email Requests:
• Send requests to: gymmaxerapp@gmail.com
• Include: Your name, email address, and specific request
• We will respond within 30 days (GDPR) or 45 days (CCPA)
---
9. Children's Privacy
GymMaxer is not intended for users under the applicable minimum age in their jurisdiction:
• 13 years old in the United States and most countries
• 16 years old in the European Union/EEA
• The applicable minimum age in your country or region
The app enforces age requirements through birthday validation during registration. If we become aware that a user under the applicable minimum age has provided personal information:
• We will delete the account immediately
• We will delete all associated data from our systems
• We will notify the user (or parent/guardian if applicable)
To report underage users: Contact us at gymmaxerapp@gmail.com
---
10. Health and Wellness Disclaimer
GymMaxer provides fitness tracking and analytics for informational purposes only. It is not a medical device and does not provide medical advice. Consult a healthcare professional before starting any fitness program.
---
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through:
• In-app notification
• Email notification
• Updated "Last Updated" date
Your continued use of GymMaxer after changes constitutes acceptance of the updated Privacy Policy.
---
12. Contact Information
General Privacy Inquiries:
Email: gymmaxerapp@gmail.com
Business Email: ironfrogbusiness@gmail.com
In-App: Settings → Support → Contact Us
Mailing Address:
IRON FROG
Company Code: 307436163
Tiltų g. 19
LT-91249 Klaipėda
Lithuania (European Union)
Supervisory Authority:
State Data Protection Inspectorate of the Republic of Lithuania
Address: L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
Phone: +370 5 271 2804
Email: ada@ada.lt
Website: https://vdai.lrv.lt/
---
By using GymMaxer, you acknowledge that you have read, understood, and agree to this Privacy Policy.
This Privacy Policy is effective as of October 8, 2025 and was last updated on May 17, 2026.