Privacy Policy

Last updated: April 20, 2026

This Privacy Policy describes how GymUp (https://gymup.ai) collects, uses, stores, and protects your personal data. GymUp is an AI-powered strength coaching platform available on web and mobile (iOS/Android). By using GymUp, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address — used for authentication and transactional communications.
  • Name — used to personalize your experience.
  • Profile image — optional, provided via Google sign-in if you choose that method.
  • Authentication method — email (via one-time password) or Google OAuth.

Athlete Profile

If you choose to provide it, we collect fitness-related information to personalize your coaching:

  • Body metrics: weight, height, age, gender.
  • Fitness level and training experience (years).
  • Primary training goal and preferred split type.
  • Available training days and session duration.
  • Injuries (location, description, severity).
  • Exercise preferences (likes and dislikes).
  • Daily macros (carbs, protein, fat, calories).
  • Body measurements.

All athlete profile data is optional and provided by you directly through the app.

Training Data

When you use the coaching features, we store:

  • Training programs generated by the AI coach.
  • Exercise details within programs (sets, reps, weights, RPE, rest periods, tempo).
  • Activity logs (workout completions, exercise history).
  • Body metrics history (weight and measurement entries over time).

AI Coaching Data

When you interact with the AI coach:

  • Chat messages — your conversations with the AI are stored to maintain chat history and provide continuity.
  • Semantic memories — the AI generates contextual summaries (embeddings) of your coaching interactions to provide more personalized recommendations over time. You can view and delete individual memories from your account.

Technical Data

We automatically collect limited technical data with each authenticated session:

  • IP address and User-Agent string — stored with session tokens for security purposes.

2. How We Use Your Information

We use your data to:

  • Provide and personalize the AI coaching service.
  • Generate training programs tailored to your profile, goals, and history.
  • Track your progress and performance trends.
  • Process payments and manage your subscription.
  • Send transactional emails (one-time password codes, account deletion confirmations).
  • Improve the service based on aggregated, anonymized usage patterns.

We do not sell your personal data to third parties.

3. Cookies

GymUp uses a minimal number of cookies:

CookiePurposeDuration
{SESSION_COOKIE_NAME}Authentication sessionUntil session expires
{SIDEBAR_COOKIE_NAME}Remembers sidebar open/closed state (UI preference)7 days

GymUp does not use analytics cookies, tracking cookies, or third-party advertising cookies.

4. Third-Party Services

We share data with the following third-party services, strictly to operate the platform:

ServicePurposeData Shared
StripePayment processing (web)Email, payment method, billing info
RevenueCatSubscription management (web + mobile)User ID, subscription status
Apple App Store / Google Play StorePayment processing (mobile)Payment method, subscription info
ResendTransactional email deliveryEmail address, email content
MiniMaxAI language model for coaching chatChat messages, uploaded documents
Cloudflare AISemantic embeddings for coaching memoryText summaries of coaching interactions
NeonPostgreSQL database hostingAll stored data (encrypted at rest)

Each service processes data under its own privacy policy. We encourage you to review their respective policies.

5. Data Storage and Security

  • Your data is stored on Neon PostgreSQL, a managed database service with encryption at rest.
  • Authentication uses secure, session-based cookies managed by Better Auth.
  • Passwords are never stored in plain text — only hashed values are retained.
  • We implement rate limiting on authentication endpoints to prevent brute-force attacks.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

Your data is retained for as long as your account is active.

Account deletion is fully supported and can be initiated from your account settings:

  1. You request account deletion in the app.
  2. A verification email is sent to confirm the request.
  3. You have 24 hours to confirm via the email link.
  4. Upon confirmation, your account and all associated data (profile, programs, workout logs, chat history, AI memories, body metrics) are permanently deleted.

After deletion, your data is removed from our active database. Residual copies in database backups may persist for a limited period consistent with our infrastructure provider's retention schedule, after which they are automatically purged.

7. Your Rights

You have the right to:

  • Access your personal data through the app (profile, training history, chat history, AI memories).
  • Delete your account and all associated data at any time.
  • Request a data export by contacting us at [email protected].
  • Rectify inaccurate data by updating your profile in the app.

If you are located in the European Union, you may also have additional rights under the GDPR, including the right to data portability, the right to restrict processing, and the right to object to processing. To exercise these rights, contact us at [email protected].

8. Children's Privacy

GymUp is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at [email protected] and we will promptly delete that information.

9. International Data Transfers

GymUp is operated from France. If you access the service from outside France, your data may be transferred to and processed in countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last updated" date at the top of this page.
  • We will notify you via email or in-app notification.
  • Your continued use of the service after the changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or how we handle your data, contact us at [email protected].