🔒 Legal

Privacy Policy

Last updated: April 14, 2026

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Data Sharing & Disclosure
  4. Data Retention
  5. Your Rights
  6. Children's Privacy
  7. Third-Party Services
  8. Data Security
  9. International Transfers
  10. Changes to This Policy
  11. Contact Us

GymRPG ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and associated services (collectively, the "Service").

By using GymRPG, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Email address, username, and password when you create an account.
  • Profile Information: Display name, bio, and any profile customization you choose to add.
  • Fitness Data: Workout logs, exercise entries, sets, reps, and weights you record.
  • Nutrition Data: Food entries, meal logs, and calorie goals you set and track.
  • In-App Communications: Messages sent in global chat, party chat, and friend interactions.

1.2 Information Collected Automatically

  • Usage Data: How you interact with the app, features you use, screens visited, and actions taken.
  • Device Information: Device model, operating system version, unique device identifiers, and mobile network information.
  • Log Data: App crashes, errors, IP address, timestamps, and diagnostic information.
  • Analytics Data: Aggregated behavioral data to understand how users engage with the Service.

1.3 Camera & Barcode Scanning

The nutrition barcode scanning feature requires access to your device camera. We do not store images or video from your camera. Camera access is used exclusively for real-time barcode recognition and is not transmitted to our servers.

1.4 In-App Purchase Data

When you make purchases, payment is processed by Apple (App Store) or Google (Play Store). We do not receive or store your payment card details. We receive confirmation of your purchase and associated subscription or product status via RevenueCat, our payment management provider.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the GymRPG Service
  • Create and manage your game account and character progression
  • Process in-app purchases and manage subscription status
  • Enable social features including parties, friends, chat, and leaderboards
  • Send push notifications (with your permission) for daily reminders and social activity
  • Analyze usage patterns to improve the app experience
  • Detect, prevent, and address technical issues, fraud, and abuse
  • Comply with legal obligations
  • Respond to support inquiries

We do not sell your personal data to third parties for advertising purposes.

3. Data Sharing & Disclosure

3.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • Supabase: Database, authentication, and real-time infrastructure (hosted in the EU/US)
  • RevenueCat: In-app purchase management and subscription tracking
  • PostHog: Product analytics (anonymized usage events)
  • OpenFoodFacts: Food database queries for nutrition tracking (open-source, no personal data shared)
  • Firebase (Google): Push notification delivery

All service providers are contractually obligated to use your data only to provide services to us and in accordance with applicable law.

3.2 Public Profile Data

Certain profile information — including your username, level, titles, achievements, and equipped cosmetics — is visible to other GymRPG users by design as part of the social and competitive features of the game.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

3.4 Business Transfers

If GymRPG is acquired, merged, or undergoes a change of ownership, your data may be transferred as part of that transaction. We will notify you in advance of any such transfer and any choices you may have.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 30 days, except where we are legally required to retain it longer. Anonymized, aggregated analytics data may be retained indefinitely.

5. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for certain purposes.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@gymrpg.app. We will respond to your request within 30 days.

You may also delete your account directly within the GymRPG app under Settings → Account → Delete Account.

6. Children's Privacy

GymRPG is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@gymrpg.app and we will promptly delete such information.

In the European Economic Area (EEA), GymRPG is intended for users aged 16 and older. Users between 13 and 16 in the EEA require verifiable parental consent.

7. Third-Party Services & Links

GymRPG may contain links to third-party websites or integrate with services not operated by us (e.g., app stores, social platforms). We have no control over, and assume no responsibility for, the privacy practices of those third parties. We encourage you to review their privacy policies.

8. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Authentication and access controls on our infrastructure
  • Regular security reviews

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States and European Union. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission where applicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page and, where appropriate, by sending you an in-app notification or email. We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

GymRPG Privacy

Email: support@gymrpg.app

Support: support@gymrpg.app