Privacy Policy

Effective date: May 30, 2026  ·  Last updated: June 7, 2026

This Privacy Policy describes how Gymsies ("we," "us," or "our") collects, uses, and shares information when you use the Gymsies mobile application (the "App"). We built Gymsies to help people connect with the gym mates they already train alongside. This policy is meant to be read in plain English; if anything is unclear, please contact us at support@gymsies.app.

Information we collect

Information you provide

• Account information: email address, name, and (if you choose to add one) a profile photo. If you sign in with Apple or Google, we receive your email and (optionally) name from those providers.
• Subscription status: if you subscribe to Gymsies Premium, we collect and store the status of your subscription (active, expired, free trial, etc.) so we can deliver the features you've paid for. We do not collect or store your payment card details — all billing is handled by Apple.
• Authentication credentials: when you sign in with email and password, we store your password using Firebase Authentication's hashed-credential system. We never see your plaintext password.
• Gym memberships: the gyms you join through the App. This includes gym names and approximate coordinates of public gym locations.
• Profile content: your fitness goals (experience level, training objectives, available times) and "today's training" (exercise types and muscle groups you plan to train).
• Messages and images: the text and photos you send in direct messages and gym group chats.
• Workout invites and friend requests: invites you send or accept, including scheduled times, gym selections, and optional messages.
• Social graph: your list of friends, the users you've blocked, and pending requests.
• Trainer status and endorsements: if you enable Trainer mode (a Gymsies Premium feature), we store this status and any endorsements you receive from other members.
• Reports: when you report another user, we collect the report reason and any details you provide.

Information collected automatically

• Location data: if you enable the "Active" toggle in the App, we use your device's location to detect when you arrive at or leave one of your gyms (a geofence-based presence feature). We do not store a continuous location history — only your current "at gym" status (which gym, when you arrived). Location is processed by Apple's CoreLocation framework on your device; we receive only the geofence triggers, not raw coordinates.
• Push notification token: when you allow notifications, we store a Firebase Cloud Messaging (FCM) token associated with your account so we can deliver push notifications to your device.
• Device and diagnostic data: crash reports, error logs, and basic device information (iOS version, app version) via Google Firebase Crashlytics. These are used to identify and fix bugs.
• Performance data: app launch times, network request timing, and similar performance metrics via Google Firebase Performance Monitoring. These are used to identify and fix performance issues.
• Product interaction data: anonymized app open events, screen views, and in-app actions (such as opening the paywall, completing onboarding, sending a Spot Me request, or enabling Trainer mode) via Google Firebase Analytics. We have disabled Firebase Analytics' collection of the Identifier for Advertisers (IDFA), ad personalization signals, and ad user-data sharing. We use the resulting data in aggregate only — it is keyed to a per-install Firebase identifier, not to your account identity, and is not used for advertising.
• Usage data: server-side logs recording API calls made by your account (timestamps, function names, error rates).

Information from third parties

If you sign in with Apple or Google, we receive your basic profile information (email, name, unique identifier) from those services as authorized by your sign-in choices.

How we use information

We use the information we collect to:

• Provide, maintain, and improve the App;
• Authenticate you and secure your account;
• Show other Gymsies users who share a gym with you, including your name, profile photo, fitness goals, and current presence status if you've enabled it;
• Deliver direct and gym chat messages between you and other users;
• Send push notifications about messages, workout invites, and friend requests;
• Detect when you arrive at or leave your gyms (geofence presence);
• Enforce community standards (responding to reports, blocking abusive accounts);
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal obligations.

How we share information

With other Gymsies users

The following information is visible to other Gymsies users who share a gym with you:

• Your name and profile photo
• Your fitness goals and today's training
• Your "at gym" status when Active is enabled
• Messages you send in shared gym chats and direct messages you initiate

We do not share your email, exact location coordinates, or device identifiers with other users.

With service providers

We use the following third-party services to operate Gymsies:

• Google Firebase (Authentication, Firestore, Storage, Cloud Functions, Cloud Messaging, Crashlytics) — to host our backend, deliver notifications, and collect crash reports. Firebase's privacy practices are described at firebase.google.com/support/privacy.
• Apple Push Notification Service — to deliver notifications to your iOS device.
• Apple Sign In and Google Sign-In — if you choose to use these options for authentication.
• Apple App Store / In-App Purchase — to process subscription purchases, free trials, renewals, refunds, and cancellations for Gymsies Premium. Apple handles all payment information directly; Gymsies does not see your card details. Apple's privacy practices are described at apple.com/legal/privacy.
• RevenueCat — to manage subscription state across devices and synchronize your entitlement (active, trial, expired, etc.) with our servers. RevenueCat receives your subscription transaction identifiers and a pseudonymous user ID we generate for you; it does not receive your name, email, or payment details. RevenueCat's privacy practices are described at revenuecat.com/privacy.

These providers process information on our behalf and are bound by contractual obligations to handle data securely.

For legal reasons

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Gymsies, our users, or others.

Business transfers

If Gymsies is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

Data retention

• Account data: we retain your account information until you delete your account. When you delete your account through the App (Settings → Delete Account), your user profile, gym memberships, friend list, and blocked list are removed.
• Messages: direct and gym messages are retained until you delete your account or the conversation is otherwise cleared.
• Workout invites: automatically deleted 24 hours after their scheduled time.
• Friend requests: accepted friend requests are automatically deleted from the system 24 hours after acceptance (the friendship itself persists in your friend list).
• Crash logs: retained by Firebase Crashlytics for up to 90 days.
• Backups: encrypted backups may be retained by our cloud providers for up to 30 days after deletion.

Your rights and choices

• Access: you can review your account information directly in the App (Settings → Edit Profile).
• Delete: you can permanently delete your account in the App (Settings → Delete Account). This removes your profile, social graph entries, and Gymsies-stored data. Some derivative records (server-side audit logs, backups) may persist briefly before being purged.
• Block: you can block any user from contacting you (User detail → Block). Blocked users cannot message you and are removed from each other's friend lists automatically.
• Report: you can report any user for inappropriate behavior (User detail → Report).
• Notification controls: you can disable push notifications in iOS Settings → Notifications → Gymsies.
• Location controls: you can disable location tracking by turning off the Active toggle in the App or revoking location permission in iOS Settings → Privacy & Security → Location Services → Gymsies.
• California residents (CCPA): you have the right to know what information we collect about you, request deletion, and not be discriminated against for exercising your rights. Contact us at support@gymsies.app to make a request.

Security

We use industry-standard practices to protect your information, including encrypted transport (HTTPS / TLS) for all network communication and access controls on our backend infrastructure. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

Children's privacy

Gymsies is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at support@gymsies.app and we will take steps to delete that information.

International users

Gymsies is operated from the United States (Maryland). If you use Gymsies from outside the United States, your information will be transferred to and processed in the United States. By using Gymsies, you consent to this transfer.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or by other appropriate means. The "Last updated" date at the top of this policy indicates the most recent revision.

Contact us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: support@gymsies.app
Subject line: Privacy inquiry