Quick Links
Introduction
Gymex Fitness ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Gymex Fitness mobile application (also known as "Locked In").
Information We Collect
When you use Gymex, we may collect the following types of information:
- Account Information: Your name, email address, username, avatar, and profile details when you create an account. If you sign in with Apple, we receive your name and email (or Apple's private relay email) as authorised by you.
- Fitness Data: Workout logs, exercises, sets, reps, weight lifted, RIR (Reps in Reserve), personal records, training volume, workout duration, and program configurations that you enter into the app.
- Nutrition Data: Calories, macronutrients (protein, carbs, fat), meals logged, food items (including barcode scans via OpenFoodFacts), and daily nutrition goals.
- Body Metrics: Body weight, height, and up to 13 body measurements (chest, waist, hips, shoulders, neck, biceps, forearms, thighs, calves, and more) that you choose to record.
- Progress Photos: Photos you upload to track your physical progress, along with any notes or timestamps you attach.
- Voice Data: Voice recordings you provide when using AI-powered features such as voice-based workout logging. These recordings are processed by ElevenLabs (a third-party speech recognition service) and are not stored beyond the duration of processing.
- AI Interaction Data: Conversations and queries you submit to the AI Coach feature, including contextual fitness data sent alongside your messages to generate personalised responses.
- Social Content: Posts, messages, shared workouts, shared programs, and other content you share in the community feed or direct messages.
- Usage Data: Information about how you interact with the app, such as features used, session duration, and app version.
- Device Identifiers: A device-level identifier used solely for account security, device ban enforcement, and preventing misuse.
- Push Notification Tokens: Device tokens used to deliver push notifications such as workout reminders, calorie alerts, and hydration reminders.
How We Use Your Information
We use the information we collect to:
- Provide and maintain the Gymex app and all of its features.
- Track your workouts, nutrition, body metrics, progress photos, and personal records.
- Provide personalised AI coaching, workout recommendations, program generation, and training analysis.
- Process voice input for speech-to-text workout logging.
- Detect plateaus, suggest deload weeks, and recommend periodization adjustments.
- Generate weekly AI recaps summarising your training progress.
- Enable social features including the community feed, friend system, and direct messaging.
- Send push notifications for workout reminders, smart calorie alerts, hydration reminders, and overtraining alerts.
- Manage your subscription and account via RevenueCat.
- Enforce our Terms of Service, including preventing misuse, content moderation, and account bans.
- Improve and develop new features for the app.
- Send important updates about your account or the service.
Data Storage and Security
Your data is stored securely using Supabase, an industry-standard cloud infrastructure provider with PostgreSQL databases, row-level security (RLS) policies, and encrypted connections. Authentication tokens are stored securely using your device's native keychain (via Expo SecureStore).
Data cached locally on your device for offline use is encrypted using AES-256 encryption. We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.
Third-Party Services
We do not sell your personal data to third parties. We use the following third-party services to operate the app:
- Supabase: Cloud database, authentication, file storage, and real-time messaging infrastructure.
- RevenueCat: Subscription management and in-app purchase processing. RevenueCat does not have access to your payment card details — billing is handled by Apple App Store or Google Play.
- DeepSeek: AI language model used for the AI Coach, AI Program Builder, workout analysis, and periodization recommendations.
- ElevenLabs: Speech-to-text processing for voice-based workout logging and custom AI voice features.
- OpenFoodFacts: Open-source food database used for nutrition search and barcode scanning. No personal data is sent to OpenFoodFacts.
- Apple Sign-In: Optional authentication method that provides your name and email (or private relay email) as authorised by you.
- Expo: App distribution, push notification delivery, and over-the-air updates.
Each of these services has its own privacy policy governing the use of your information.
AI-Powered Features
Gymex uses AI extensively to enhance your training experience. AI-powered features include the AI Coach, AI Program Builder, AI-generated workouts, smart weight recommendations, auto periodization, plateau detection, overtraining alerts, post-workout analysis, workout summary chat, and weekly AI recaps.
When you use these features, relevant fitness data — including workout history, exercise preferences, body metrics, nutrition data, and program configurations — may be sent to DeepSeek (our AI provider) via secure, encrypted Edge Function proxies. Your API keys and credentials never leave our servers.
This data is used solely to generate personalised coaching and recommendations. It is not used for advertising, tracking, or sold to third parties.
AI Coaching & Data Processing
When you use the AI Coach feature, personal information including your name, date of birth, sex, height, weight, body measurements, workout history, nutrition data, and personal records is sent to DeepSeek (a third-party AI service) to generate personalised coaching responses. The AI Coach can also suggest modifications to your programs, nutrition goals, and training schedule.
This data is transmitted securely via encrypted connections through our Edge Function proxies. DeepSeek does not store your data beyond the duration of the request. Use of the AI Coach feature constitutes consent to this data processing.
Voice Data & ElevenLabs
When you use the AI Voice Logger or custom AI voice features, your voice recordings are sent to ElevenLabs for speech-to-text processing. Voice data is transmitted securely via encrypted Edge Function proxies and is processed only for the purpose of converting your speech to text for workout logging. ElevenLabs does not store your voice recordings beyond the duration of processing.
Voice features are only available with a paid subscription (Core tier or above). You can choose not to use voice features, and no voice data will be collected.
Body Metrics & Progress Photos
Body metrics (weight, height, and body measurements) and progress photos are stored securely in your account. Progress photos are uploaded to Supabase Storage with access controls that ensure only you can view your photos unless you explicitly choose to share them.
Body metrics data may be shared with the AI Coach when you use coaching features, to provide more personalised recommendations. You can delete your progress photos and body metrics data at any time from within the app.
Device Integrations
Gymex supports pairing with Garmin fitness devices. When you pair a Garmin device, a pairing code is generated and stored temporarily (10-minute expiry) to establish the connection. Device pairing status and device identifiers are stored in your account to maintain the connection. You can unpair your device at any time from Settings.
Data Sharing
Information you post on the community feed is visible to other Gymex users. Your profile information (username and profile picture) is visible to other users. Workout data, body metrics, nutrition data, progress photos, and personal statistics are private unless you choose to share them (for example, by sharing a workout or program via the community feed or direct messages).
Programs can be shared with other users via secure share links. Shared programs do not include your personal performance data — only the program structure (exercises, sets, reps, and rest periods).
Push Notifications
With your permission, Gymex sends push notifications including workout reminders, smart calorie notifications, hydration reminders, overtraining alerts, and important account updates. You can manage notification preferences within the app's Settings or through your device's system settings. Disabling notifications does not affect other app functionality.
Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and all associated data (including workout history, body metrics, progress photos, and social content).
- Export your data in a portable format.
- Withdraw consent for data processing at any time.
- Opt out of AI-powered features and voice data collection by not using those features.
- Manage or disable push notifications at any time.
To exercise any of these rights, please contact us at gymex374@gmail.com.
Children's Privacy
Gymex is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly.
Subscriptions
Gymex offers auto-renewable subscriptions (Core, Premium, and Pro Premium) managed through RevenueCat. Payment is processed through Apple's App Store or Google Play Store. We do not have access to your payment card details. Subscription management, billing, and cancellation are handled through your Apple ID or Google Play settings.
RevenueCat processes subscription events (purchase, renewal, cancellation) to manage your access to premium features. RevenueCat's privacy policy governs their handling of this data.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy within the app or via email. Your continued use of Gymex after changes are posted constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: