Privacy Policy

1. Introduction

Oikei LLC ("we", "our", "us") operates the Gymigo mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Gymigo, you agree to the collection and use of information in accordance with this policy.

Important: We never sell your personal information to third parties. Your fitness data is yours, and we use it solely to provide and improve your personalized coaching experience.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, profile photo, age, gender, and fitness goals
• Health and Fitness Data: Workout history, exercise performance, sets and reps completed, weight lifted, training preferences, progress metrics, body measurements, and subjective feedback (energy levels, soreness, difficulty ratings)
• Communication Data: Messages, questions, and feedback you send through the chat interface with our AI coach
• Payment Information: Processed by Apple (we do not store credit card details)

2.2 Information Collected Automatically

• Device Information: Device type, model, operating system version, unique device identifiers, mobile network information
• Usage Data: Features used, screens viewed, time spent in app, workout patterns, session frequency, interaction with AI coach, button taps, and navigation patterns
• Analytics Data: App performance metrics, crash reports, error logs, and usage statistics (collected via Firebase Analytics)
• Location Data: Approximate location based on IP address (we do not collect precise GPS location)
• Voice Data: Temporary audio recordings if you use voice input features (processed in real-time and not stored long-term)

2.3 Apple App Store Data

• Subscription Status: Information about your subscription tier and renewal dates (managed by Apple)
• Purchase History: Transaction records for in-app purchases (processed by Apple)
• Device Tokens: For push notifications

3. How We Use Your Information

3.1 Primary Service Functions

• Personalized Coaching: Provide AI-powered workout recommendations tailored to your fitness level, equipment, goals, and real-time performance
• Real-Time Adaptation: Adjust your training program based on your feedback, recovery status, and performance data
• Progress Tracking: Monitor your fitness improvements, strength gains, and workout consistency
• Account Management: Create and maintain your user account, authenticate logins, and manage subscriptions

3.2 AI and Machine Learning

• Model Training: Improve our AI coaching algorithms using aggregated, anonymized workout data
• Pattern Recognition: Identify trends in workout effectiveness and recovery patterns
• Personalization: Learn your individual response to training stimuli to optimize future recommendations

3.3 Communications and Support

• Respond to your support requests and technical issues
• Send transactional emails (account confirmations, password resets, subscription updates)
• Deliver push notifications about workouts and achievements (with your consent)
• Send optional marketing communications about new features (you can opt-out anytime)

3.4 Legal and Security

• Comply with legal obligations and respond to lawful requests
• Detect, prevent, and address fraud, security issues, and technical problems
• Enforce our Terms of Service and protect user safety

4. How We Share Your Information

WE DO NOT SELL YOUR PERSONAL INFORMATION TO ANYONE.This is a core commitment of our service.

We may share your information only in the following limited circumstances:

4.1 Service Providers

• Firebase (Google): Cloud hosting, database, authentication, analytics, and crash reporting
• OpenAI/Anthropic: AI language models for conversational coaching (data sent via encrypted API calls)
• Apple: App Store services, in-app purchases, and subscription management
• Cloud Infrastructure: Secure data storage and processing

These service providers are contractually obligated to protect your data and use it only for providing services to Gymigo. They cannot use your data for their own purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations (court orders, subpoenas)
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

4.3 Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

5. Health and Fitness Data - Special Protections

We recognize that health and fitness data is sensitive. We implement additional protections for this data:

• No Insurance Sharing: We never share your fitness or health data with insurance companies, employers, or health data brokers
• De-identification: When using data for AI training and research, we remove personally identifiable information
• Explicit Consent: You must affirmatively opt-in to share fitness data with Gymigo during onboarding
• Encryption: All health data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Limited Access: Only essential systems and authorized personnel can access health data
• No Marketing Use: Your fitness performance is never used for targeted advertising

Apple HealthKit: If you choose to connect Apple Health (future feature), data syncing is subject to your iPhone's Health app permissions. We only access data you explicitly authorize.

6. Artificial Intelligence and Automated Decision-Making

6.1 How AI Uses Your Data

Gymigo's AI coach processes your workout data, feedback, and interaction history to generate personalized training recommendations. The AI analyzes:

• Your exercise performance trends (volume, intensity, frequency)
• Subjective feedback about difficulty, fatigue, and soreness
• Equipment availability and time constraints
• Scientific principles of muscle hypertrophy and strength development

6.2 Your Rights Regarding AI Decisions

• Override Recommendations: You can always choose different exercises or modify AI suggestions
• Request Human Review: Contact support@gymigo.fitness to speak with a human coach about AI recommendations
• Understand Logic: Request an explanation of why the AI made specific recommendations
• Opt-Out of Training: You can request that your data not be used for improving AI models (though this may reduce personalization quality)

6.3 AI Limitations

Our AI provides fitness guidance based on general principles and your personal data. It is not a substitute for professional medical advice. AI recommendations may occasionally be incorrect or inappropriate for your specific situation. Always consult healthcare professionals before starting a new exercise program.

7. Apple App Store Specific Disclosures

7.1 No Data Selling

In compliance with Apple App Store requirements: We do not sell your data to third parties, data brokers, or advertisers. We do not share your personal information for targeted advertising purposes.

7.2 App Tracking Transparency (ATT)

Gymigo does not track you across other apps or websites for advertising purposes. We do not participate in cross-app tracking. If iOS prompts you about tracking, this is because:

• We use Firebase Analytics to understand app usage (no cross-app tracking)
• We collect crash reports to fix bugs (processed locally on your device when possible)

7.3 Push Notifications

If you enable push notifications, we collect your device token to send workout reminders and achievement alerts. You can disable notifications anytime in iOS Settings.

7.4 Subscription and Payment Data

All payment processing is handled by Apple through the App Store. We do not collect, store, or process your credit card information. Apple provides us with your subscription status (active/expired) and anonymized transaction identifiers for verification purposes only.

8. GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

8.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide the Gymigo service you subscribed to
• Consent: For marketing communications and optional features (you can withdraw anytime)
• Legitimate Interest: To improve our service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

8.2 Your GDPR Rights

• Right to Access: Obtain a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for data transfers
• Adequacy Decisions: Transfers to countries deemed adequate by the EU
• Service Provider Agreements: Contractual obligations for data protection

8.4 Special Category Data (Health Data)

Under GDPR, fitness and health data are considered "special category" personal data requiring enhanced protection. We process this data with your explicit consent, which you provide during app onboarding. You can withdraw this consent at any time by deleting your account.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Categories of Personal Information Collected

• Identifiers: Name, email, device ID
• Health Information: Fitness data, workout performance
• Commercial Information: Subscription status, purchase history
• Internet Activity: App usage, interaction patterns
• Inferences: AI-generated fitness predictions and recommendations

9.2 Your CCPA/CPRA Rights

• Right to Know: Request disclosure of personal information collected, used, shared, or sold
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: We don't sell personal information, so this doesn't apply
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights
• Right to Limit Sensitive Personal Information: Request limits on use of sensitive data

9.3 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not share personal information with third parties for their direct marketing purposes.

10. Data Security

We implement industry-standard technical and organizational security measures to protect your information:

10.1 Technical Safeguards

• Encryption: TLS/SSL for data in transit; AES-256 encryption for data at rest
• Secure Authentication: Firebase Authentication with industry-standard protocols
• Access Controls: Role-based access, multi-factor authentication for admin accounts
• Regular Security Audits: Vulnerability scanning and penetration testing
• Secure API Communication: Encrypted connections to AI services

10.2 Organizational Safeguards

• Limited employee access to personal data (need-to-know basis)
• Confidentiality agreements with all team members
• Regular security training for staff
• Data breach response plan
• Vendor security assessments for third-party services

10.3 Security Limitations

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Data Retention

We retain your information for different periods depending on the type of data:

• Active Account Data: Retained while your account is active and for a reasonable period afterward to allow reactivation
• Workout History: Retained indefinitely while your account is active (for historical tracking)
• After Account Deletion: Most personal data deleted within 30 days; some data retained for 90 days for fraud prevention and legal compliance
• Anonymized Analytics: Aggregated, anonymized data may be retained indefinitely for research and improvement
• Legal Requirements: Data required by law (e.g., transaction records, tax documents) retained for legally mandated periods
• Crash Reports: Retained for 90 days to diagnose and fix bugs

To delete your account and data, go to Profile Settings → Delete Account, or contact us at support@gymigo.fitness. Some data may need to be retained for legal or security reasons.

12. Children's Privacy

Gymigo is not intended for users under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@gymigo.fitness.

Upon verification, we will delete such information from our systems within 30 days. Users between 13-17 (or 16-17 in EEA) should have parental or guardian consent before using the Service.

13. Third-Party Services and Links

13.1 Third-Party Service Providers

Our Service uses the following third-party services. We encourage you to review their privacy policies:

• Firebase (Google): Google Privacy Policy
• OpenAI: OpenAI Privacy Policy
• Anthropic: Anthropic Privacy Policy
• Apple: Apple Privacy Policy

13.2 Third-Party Links

The Service may contain links to third-party websites or services not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

14. Your Privacy Choices and Controls

• Account Settings: Update personal information, preferences, and goals in-app
• Email Preferences: Unsubscribe from marketing emails via the link in any email
• Push Notifications: Disable in iOS Settings → Gymigo → Notifications
• Analytics: Limited opt-out available (may impact service quality)
• AI Training: Request exclusion from AI model improvement by emailing support
• Data Export: Request a copy of your data in machine-readable format
• Account Deletion: Delete your account and data via app settings or by contacting support

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Email notification to your registered email address
• In-app notification when you next open Gymigo
• Updating the "Last updated" date at the top of this policy

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.

16. International Users

Gymigo is operated from the United States. If you are accessing the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws different from your country. By using Gymigo, you consent to the transfer of your information to the United States and other countries.

17. Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR Requests (EEA residents): Please email privacy@gymigo.fitness with "GDPR Request" in the subject line. We will respond within 30 days as required by law.

For CCPA Requests (California residents): Please email privacy@gymigo.fitness with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days as required by law.