PRIVACY POLICY

What We Collect

• •Email address — account creation, login, and password reset
• •Workout logs — exercises, sets, reps, and weights
• •Video metadata — titles, tags, notes, and thumbnails for videos you add
• •Anonymous usage events — which screens you open, when you import a video, when you start and finish a workout. Helps us understand which features are useful. You can switch this off in Profile → Privacy.
• •Anonymous crash reports — when the app crashes or hits an unexpected error, we record the error type, message, and stack trace so we can fix it. No personal data is included. You can switch this off in Profile → Privacy.

What We Don't Collect

• ✕No location data
• ✕No cross-app or cross-site tracking
• ✕No third-party advertising, analytics, or crash-reporting trackers (no Google Analytics, Firebase, Crashlytics, Sentry, Mixpanel, etc.)
• ✕No IDFA, advertising ID, or device fingerprint
• ✕No contacts, phone, or health data
• ✕Locally recorded videos stay on your device — never uploaded to our servers

How Your Data Is Stored

• •Stored securely in Supabase (PostgreSQL with row-level security)
• •All data is isolated to your account — no other user can access it
• •Local video files are stored on your device only
• •Video thumbnails are in a private storage bucket accessible only to you

Analytics

• •We record anonymous events about how the app is used — for example, when you open a screen, import a video, or finish a workout — so we can fix friction and prioritise features people actually use.
• •Events never include the content of your videos, exercise notes, set logs, or tags. They include things like a screen name, a platform name (YouTube / Instagram / TikTok / Facebook / local), counts, and timestamps.
• •Events are stored on our own Supabase database under the same row-level security as the rest of your data — no third-party analytics provider receives them.
• •Opt out anytime in Profile → Privacy → "Share anonymous usage data". Off = no events recorded and any buffered events are deleted.
• •Legal basis under GDPR: legitimate interest in improving Fitness Vault (Article 6(1)(f)).

Crash Reporting

• •When the app crashes or hits an unhandled error, we record the error type (e.g. "NetworkException"), a short message, the stack trace, the app version, and the platform (iOS / Android / web). This lets us fix bugs we'd otherwise never see.
• •Crash reports never include the content of your videos, exercise notes, set logs, tags, or any personal data. We do not capture screen contents, keystrokes, or user inputs.
• •Reports are stored on our own Supabase database under the same row-level security as the rest of your data — no Crashlytics, no Sentry, no third-party crash SDK.
• •Opt out anytime in Profile → Privacy. Off = no crashes recorded and any buffered reports are deleted.
• •Legal basis under GDPR: legitimate interest in keeping Fitness Vault reliable (Article 6(1)(f)).

Third-Party Services

All API calls go through our server — your device never contacts these services directly.

Your Rights (GDPR / UK GDPR)

• •Access — all your data is visible in the app
• •Correct — edit exercises, notes, tags, and video details anytime
• •Delete — use "Delete Account" in Settings to permanently remove all data
• •Object — we don't do automated decision-making or profiling

To exercise any of these rights, email hello@fitnessvault.fit

Data Retention

• •Your data is kept for as long as you have an account
• •When you delete your account, all data is permanently removed immediately
• •We do not keep backups of deleted accounts

Children

Fitness Vault is not intended for children under 16. We do not knowingly collect data from anyone under 16.

Changes

If we make changes to this policy, we will update the "Last updated" date above and notify users in the app.

Contact

For privacy questions or data requests: hello@fitnessvault.fit