Trainer Gym AITrainer Gym AI

Privacy Policy

Last updated: March 27, 2026

1. Overview

Trainer Gym AI ("the App") is designed with privacy as a core principle. Your personal data stays on your device. This Privacy Policy explains what data we collect, how we use it, and your rights.

The App is developed by Iago Cavalcante ("we", "us"), an independent developer based in Brazil. We comply with the Brazilian General Data Protection Law (LGPD) and, where applicable, the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data We Do NOT Collect

The following data is stored ONLY on your device and is never transmitted to our servers:

  • Your name, age, email, gender
  • Body measurements (height, weight, body measurements)
  • Workout history, exercise logs, sets, reps, weight data
  • Streak data and training patterns
  • Training type and onboarding responses
  • Personal records and analytics data

We have no way to access, view, or recover this data. If you delete the App, this data is permanently lost.

3. Data We DO Process

3.1 AI Plan Generation (with consent)

When you generate a workout plan, the following data is sent to our Cloudflare Worker proxy, which forwards it to OpenAI's API:

  • Your fitness profile (age, weight, height, gender, objectives, fitness level, health conditions)
  • Training type and preferences
  • Training history summary (anonymous metrics only: adherence rate, volume trends, plateaus)

Legal basis: Explicit consent. You grant consent during onboarding and can revoke it at any time in the Privacy settings.

Data retention: Our Cloudflare Worker does not store request data. OpenAI processes the data according to their API Data Usage Policy (data is not used for model training via API).

3.2 Anonymous Analytics

We use PostHog for anonymous usage analytics. Events tracked include:

  • App opens, screen views, feature usage (e.g., "workout completed", "plan generated")
  • Training type selected, purchase events
  • Error events for debugging

What is NOT tracked: Names, emails, workout details, exercise names, body measurements, or any personally identifiable information.

Legal basis: Legitimate interest (product improvement). Analytics are disabled in development mode.

PostHog's privacy: PostHog is hosted in the US/EU. See PostHog Privacy Policy.

3.3 OTA Update Checks

The App checks for Over-the-Air updates via Expo's update service. This transmits:

  • App version and runtime version
  • Platform (iOS/Android)
  • Update channel identifier

No personal data is included in update checks. See Expo Privacy Policy.

3.4 Exercise GIF Data

Exercise demonstration GIFs are fetched from the ExerciseDB API. These requests include only the exercise name — no personal data is transmitted.

4. Local Notifications

The App may send local notifications (training reminders, streak alerts, progress celebrations). These are:

  • Generated and scheduled entirely on your device
  • Based on your local training pattern data
  • Not sent through any external push notification service
  • Controllable through your device's notification settings

You can deny notification permission at any time. The App functions fully without notifications.

5. In-App Purchase Data

Purchases are processed entirely by Apple (App Store) or Google (Play Store). We do not collect, process, or store any payment information. We receive only a confirmation that a purchase was made.

6. Children's Privacy

The App is not intended for children under 18. The onboarding process requires users to be at least 18 years old. We do not knowingly collect data from minors.

7. Your Rights

All Users

  • Revoke AI consent: In-app Privacy settings. Stops all AI data transmission.
  • Delete local data: Uninstall the App or use the in-app reset options.
  • Disable analytics: Contact us to opt out of PostHog tracking.
  • Disable notifications: Through device settings at any time.

Brazilian Users (LGPD)

Under the LGPD, you have the right to: access your data, correct inaccurate data, request anonymization or deletion, be informed about data sharing, revoke consent, and file complaints with the ANPD (National Data Protection Authority).

EU/EEA Users (GDPR)

Under the GDPR, you have the right to: access, rectification, erasure, data portability, restriction of processing, objection to processing, and to lodge a complaint with your supervisory authority.

California Users (CCPA)

We do not sell personal information. You have the right to know what data is collected, request deletion, and not be discriminated against for exercising your rights.

8. Third-Party Services

ServicePurposeData Sent
OpenAI (via Cloudflare Worker)AI plan generationFitness profile (with consent)
PostHogAnonymous analyticsUsage events (no PII)
ExpoOTA updatesApp version, platform
ExerciseDBExercise GIFsExercise name only
RevenueCatPurchase managementAnonymous purchase status
Apple / GoogleApp distribution, paymentsPer their policies

9. Data Security

Local data is stored in an encrypted SQLite database (SQLCipher on iOS). AI requests are transmitted over HTTPS through our Cloudflare Worker proxy. We do not store API keys in the app binary.

10. Service Discontinuation

If we discontinue the App or its AI services:

  • We will provide 30 days notice via in-app notification
  • All locally stored data remains on your device
  • Existing workout plans continue to work offline
  • Only AI plan generation would cease functioning
  • We will provide data export instructions if technically feasible

11. Changes to This Policy

We may update this Privacy Policy. Significant changes will be communicated via in-app notification. The "Last updated" date at the top reflects the most recent version.

12. Contact

For privacy questions, data requests, or concerns:

Email: iagocavalcante.dev@gmail.com

Developer: Iago Cavalcante

Location: Brazil

For LGPD complaints, you may also contact the ANPD (Autoridade Nacional de Protecao de Dados) at www.gov.br/anpd.