Privacy Policy

Gymi AI Workouts  ·  Petruccelli Labs  ·  privacy@gymiapp.com

1. Information We Collect

Account & Onboarding Data

During onboarding we collect information you provide directly — your name, age, height, weight, fitness goals, dietary preferences, and target weight. This data is stored locally on your device in encrypted storage.

Apple Health Data

If you grant permission, Gymi reads step count, active calories, resting heart rate, sleep analysis, and workout history from Apple HealthKit. This data is read in real time to personalize your AI trainer and is never transmitted to our servers or stored beyond the current session.

Subscription Data

We use RevenueCat to process subscriptions. RevenueCat may collect a pseudonymous customer ID and purchase receipts. We never receive your full payment card details.

Usage Data

We collect anonymous usage metrics (e.g. app opens, feature interactions) to improve the product. This data cannot be linked back to you individually.

2. How We Use Your Information

• To generate personalized workout plans via our AI engine
• To personalize workout recommendations using your Apple Health data
• To manage your subscription and restore purchases
• To send workout reminders and post-workout nudges (only if you enable notifications)
• To improve app performance and fix bugs through anonymous analytics

3. Apple HealthKit

Gymi's use of Apple HealthKit data is limited to providing in-app personalization features. We do not share HealthKit data with third parties, use it for advertising, or store it on external servers. All HealthKit reads happen on-device and are discarded after each AI session. We comply fully with Apple's HealthKit guidelines.

4. AI & Third-Party Services

Workout plans and fitness responses are generated by a large language model (Claude by Anthropic) via a server-side proxy. Messages you send in chat — including any health context you have enabled — are transmitted to this service for processing. We do not store these messages after the response is returned. Anthropic's privacy policy governs their handling of API data.

5. Data Retention

Chat history is stored locally on your device for up to 72 hours and then automatically deleted. Onboarding preferences are stored locally until you delete the app. We do not maintain a server-side database of your personal information.

6. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

• RevenueCat — subscription management
• Anthropic — AI response generation, per-session only
• Apple — HealthKit, StoreKit, governed by Apple's policies

All third-party partners are bound by data processing agreements consistent with applicable privacy law.

7. Children's Privacy

Gymi is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it promptly.

8. Your Rights

You may delete all locally stored data at any time by deleting the app. To request deletion of any RevenueCat subscriber data associated with your account, contact us at the address below. Residents of the EEA, UK, and California may have additional rights under GDPR, UK GDPR, or CCPA respectively.

9. Security

We implement industry-standard safeguards including encrypted local storage, HTTPS for all network requests, and server-side rate limiting. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this document. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact:

Petruccelli Labs
privacy@gymiapp.com