Privacy Policy

GymTracker ("we," "us," or "our") operates the gym-tracker.me website and application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect information provided through our authentication provider (Clerk), which may include:

• Name (first and last)
• Email address
• Profile image
• Authentication identifiers (e.g., Google account ID)

1.2 Health and Fitness Data

To provide our fitness tracking services, we collect data you voluntarily enter, including:

• Body measurements (weight, height, arms, legs, chest, waist)
• Fitness goals and activity level
• Workout logs (exercises, sets, reps, personal records)
• Nutrition data (meals, ingredients, macronutrients, calories)
• Daily step counts
• Recipes and meal plans
• TDEE and macro targets

1.3 AI-Processed Data

When you use our AI-powered features, we process the following:

• Nutrition Label Images: Photos you upload for Vision AI OCR scanning are sent to third-party AI providers (Anthropic Claude or OpenAI) for text extraction. Images are processed in real time and are not stored permanently by us after extraction is complete.
• Barcode Scans: Barcode numbers are sent to food databases (OpenFoodFacts, FatSecret, Edamam) to retrieve product information.
• AI-Generated Content: Prompts sent to AI providers to generate ingredient descriptions, recipe instructions, and exercise guides. These prompts may contain data you have entered (e.g., ingredient names, recipe titles).

1.4 Automatically Collected Data

When you use the Service, we automatically collect:

• Analytics Data: Page views and Web Vitals (LCP, FID, CLS) via Vercel Analytics
• Device Information: Browser type, operating system, and screen size
• Usage Patterns: Features accessed and interaction patterns

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Track your fitness progress and provide personalized insights
• Process nutrition label scans and barcode lookups
• Generate AI-powered content (descriptions, instructions)
• Calculate personalized TDEE and macro targets
• Manage subscription tiers and feature access
• Analyze usage patterns to improve the Service
• Respond to your inquiries and provide support
• Comply with legal obligations

3. Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy policy governing the use of your information:

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Neon with encryption at rest. Images are stored in AWS S3 with server-side encryption. We implement industry-standard security measures to protect your personal information, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication via Clerk
• Server-side validation and input sanitization
• HTML sanitization for AI-generated content (DOMPurify)
• Role-based access controls

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

Nutrition label images submitted for AI OCR processing are not permanently stored after extraction is complete. Barcode scan queries are not stored beyond the immediate lookup.

6. Your Rights

Depending on your location, you may have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data and account
• Data Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at contact@gym-tracker.me. We will respond to your request within 30 days. contact@gym-tracker.me

7. Cookies and Tracking

We use essential cookies required for authentication and session management (provided by Clerk). We use Vercel Analytics for anonymous performance monitoring (Web Vitals). We do not use advertising cookies or sell your data to advertisers.

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. Our infrastructure providers (Vercel, AWS, Neon) and AI providers (Anthropic, OpenAI) may process data in the United States and other jurisdictions. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: contact@gym-tracker.me
• Website: gym-tracker.me/contact