Privacy Policy
Effective date: [[EFFECTIVE_DATE]]
Developer: Jamal Guliyev
Country / jurisdiction: Azerbaijan
1) Summary
TrainIQ is a fitness app designed with a local-first approach:
workout and profile data are stored on the user’s device.
Cloud services are used only for authentication (sign up / sign in) via Supabase.
We do not sell personal data, do not use advertising tracking,
do not collect IDFA, and do not use third-party analytics SDKs
(such as Firebase, Amplitude, etc.).
2) Data we collect
2.1 Account data (required)
- Email (for registration and login via Supabase Auth)
- Password (stored as a hash by Supabase; the app never stores your password in plaintext)
2.2 Profile data (provided by the user during onboarding)
- Gender (male/female/other)
- Age
- Height (cm/in)
- Body weight (kg/lb)
- Training goal (strength/hypertrophy/endurance/general)
- Training days per week
- Workout duration
- Preferred language
- Theme (light/dark)
- Unit system (metric/imperial)
- Warm-up protocol (standard/minimal/extended)
2.3 Health-related data (provided by the user)
- Injuries (type/location/severity) — may be stored locally in JSON format
- Pain level during exercises (0–10 + location)
- Body weight history
2.4 Workout data (generated during use)
- Workout sessions (date, duration, title)
- Exercises in a session (name, order, notes)
- Sets (weight, reps, RPE, set type, rest time)
- Personal records (calculated automatically)
- Training programs (saved plans)
2.5 Device data (automatic)
- Device type / OS version (standard platform / Expo information)
- Notification settings (time, days)
2.6 Gym data (optional, entered by user)
- Gym name
- Equipment list
- Gym zones (if configured)
3) Data we do not collect
- Location data
- Contacts
- Camera/photos
- Microphone
- Advertising Identifier (IDFA)
- Third-party analytics (Firebase, Amplitude, etc.)
- Payment or card data
- Cookies (this is not a web app)
- Tracking across other apps or websites
4) How we store data
- SQLite (on-device): workouts, profile, programs, history, gyms
- AsyncStorage (on-device): Supabase session token
- Supabase Auth (cloud): email, password hash, registration metadata (AWS eu-central-1, Frankfurt)
Important: TrainIQ does not sync workout data to the cloud.
Supabase is used only for authentication.
5) Sharing with third parties
We share only the minimum required to operate the app:
- Supabase (supabase.com): email and authentication data (login / registration)
- Expo (expo.dev): device push token for workout reminders
- Apple Calendar / Google Calendar: workout title and date/time — only if the user enables calendar sync
We do not share data with advertising networks, data brokers, or analytics providers.
6) User rights
- Access: export in JSON/CSV (Profile → Export data)
- Deletion: delete account (Profile → Delete account) removes local data and the Supabase account
- Portability: import from Strong/Hevy/CSV; export to JSON/CSV
7) Security
- All network traffic uses HTTPS
- Supabase uses TLS 1.2+
- On-device SQLite is not additionally encrypted by the app, but is protected by OS-level device encryption
ITSAppUsesNonExemptEncryption: false (the app does not use its own non-exempt encryption beyond standard HTTPS).
8) Permissions
- Notifications: for workout reminders (only if enabled by the user)
- Calendar access: only if the user enables schedule sync
- Reminders: only if the user enables reminders
- Apple Health (future): if implemented, will be requested separately and only with user consent
9) Children
TrainIQ is not intended for children under 13 and does not knowingly collect children’s personal data.
10) International transfers
Authentication data may be processed on AWS infrastructure in eu-central-1 (Frankfurt)
via Supabase, where applicable.
11) Changes to this policy
We may update this policy from time to time. The latest version will always be available at the Policy URL above,
with an updated effective date.
12) Contact
For privacy questions, contact: [[PRIVACY_EMAIL]]
Back to Legal