1. Introduction
Welcome to Gym Optimized (“we,” “us,” or “our”). We operate the Gym Optimized mobile application (the “App”) and are committed to protecting your personal information and your right to privacy.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your data. By downloading, accessing, or using the App, you agree to the terms of this Privacy Policy.
This App is operated from the State of Utah, United States. All matters relating to this Privacy Policy are governed by the laws of the State of Utah and the applicable federal laws of the United States.
If you have any questions, contact us at support@gymoptimized.com.
2. Health Data Disclaimer
IMPORTANT — PLEASE READ CAREFULLY
Gym Optimized is a fitness tracking application. It is not a medical device, does not provide medical advice, and is not a substitute for professional medical advice, diagnosis, or treatment.
- The App tracks workout performance, body weight, and user-entered health metrics for personal fitness tracking purposes only
- Nothing in the App should be interpreted as medical advice
- Always consult a qualified physician or healthcare provider before beginning any new exercise program, especially if you have a pre-existing medical condition, injury, or health concern
- If you experience pain, discomfort, dizziness, or any adverse symptoms while using the App or during exercise, stop immediately and seek medical attention
- Gym Optimized assumes no responsibility for any injury, illness, or adverse health outcome resulting from use of the App or reliance on information contained within it
HIPAA Disclaimer: Gym Optimized is not a healthcare provider, health plan, or healthcare clearinghouse as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The App is not a HIPAA-covered entity and the health-related data you enter is not protected health information (“PHI”) under HIPAA. By using the App, you acknowledge that HIPAA does not apply to the data you submit through the App and that your data is governed solely by this Privacy Policy.
3. Information We Collect
3.1 Information You Provide Directly
- Account Information — your name, email address, and password when you create an account
- Profile & Body Stats — height, weight, age, and body weight log entries you choose to enter
- Progress Photos — photos you voluntarily upload through the body weight tracking feature. These are stored securely and are private to your account only
- Workout Data — exercises, sets, reps, weights, duration, and notes you log during workouts
- Custom Exercises — exercise names, descriptions, and notes you create
- Communications — messages you send to us through the Report an Issue feature or directly via email
3.2 Information Collected Automatically
- Device Information — device type, operating system, app version, and unique device identifiers
- Usage Data — features you use, screens you visit, and how you interact with the App
- Performance Data — crash reports and error logs to help us identify and fix issues
- Purchase Information — subscription status and transaction history (processed by Apple, Google, or Stripe — we do not store your payment card details)
3.3 Information We Do Not Collect
- We do not collect precise GPS or location data
- We do not access your contacts, camera roll, or microphone without explicit permission
- We do not collect data from children under 13 years of age
4. How We Use Your Information
We use the information we collect to:
- Provide and improve the App — deliver the features and services you use, fix bugs, and improve performance
- Manage your account — authenticate your identity, maintain your session, and process password changes
- Sync your data — store your workout history, PRs, body weight logs, and settings securely across your devices
- Process subscriptions — manage your Free, Pro, or AI tier access and handle billing through our payment processors
- Send important communications — password reset emails, account security alerts, and service updates (we do not send marketing emails without your consent)
- Provide customer support — respond to your issue reports and questions
- Ensure safety and security — detect fraud, prevent unauthorized access, and enforce our Terms of Service
- Comply with legal obligations — respond to lawful requests from authorities where required by law
We do not sell your personal data to third parties. We do not use your data to serve third-party advertisements.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:
5.1 Service Providers
We work with trusted third-party companies that help us operate the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway | Backend hosting and database | Account data, workout data |
| Cloudflare R2 | Secure photo storage | Progress photos |
| Stripe | Payment processing | Subscription and billing data |
| Apple / Google | In-app purchase processing | Purchase records |
| RevenueCat | Subscription management | Subscription status |
| Cloudinary | Exercise video hosting | No user data |
All service providers are contractually obligated to handle your data securely and only for the purposes we specify.
5.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Gym Optimized, our users, or others.
5.3 Business Transfers
If Gym Optimized is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5.4 Leaderboards (Future Feature)
When Leaderboards launch, your display name and performance statistics (total volume, Big 3 totals, workout streak) may be visible to other users on the global leaderboard. You will be able to opt out of leaderboard participation in your settings. Progress photos are never shared on leaderboards.
6. International Data Transfers and Standard Contractual Clauses
Gym Optimized is operated from the United States. If you are accessing the App from outside the United States, including from the European Economic Area (“EEA”), the United Kingdom, or Switzerland, your personal data will be transferred to and processed in the United States.
The United States may not provide the same level of data protection as the laws of your home country. We take the following measures to ensure your data is adequately protected during international transfers:
6.1 Standard Contractual Clauses (SCCs)
For transfers of personal data from the EEA, United Kingdom, or Switzerland to the United States, we rely on the Standard Contractual Clauses approved by the European Commission as a lawful transfer mechanism under GDPR Article 46(2)(c). By using the App, users in the EEA, UK, and Switzerland consent to their data being transferred to and processed in the United States under these protections.
6.2 Supplementary Measures
In addition to SCCs, we implement the following supplementary technical and organizational measures to protect your data during international transfers:
- End-to-end TLS/HTTPS encryption for all data in transit
- Encryption at rest for all stored personal data
- Access controls limiting who can access your data
- Data minimization — we transfer only the data necessary to provide the App’s services
6.3 Your Rights Regarding International Transfers
If you are located in the EEA, UK, or Switzerland and have concerns about international data transfers, you have the right to contact your local data protection authority. You may also contact us at support@gymoptimized.com to request a copy of the relevant Standard Contractual Clauses governing your data transfer.
7. Data Storage and Security
- Your data is stored on secure servers hosted by Railway in the United States
- Progress photos are stored in Cloudflare R2 with encrypted access controls
- All data is transmitted using industry-standard TLS/HTTPS encryption
- Passwords are hashed using industry-standard algorithms and are never stored in plain text
- Access to your data is restricted to authorized personnel only
- We regularly review our security practices to protect against unauthorized access, disclosure, or destruction
However, no method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your information, we cannot guarantee absolute security.
8. Progress Photos
Progress photos deserve special attention given their personal nature:
- Photos are private by default and visible only to you
- Photos are stored in secure cloud storage (Cloudflare R2) with access controls
- Photos are never shared with other users, third parties, or used for any purpose other than displaying them within your account
- You can delete any progress photo at any time from within the App
- When you delete your account, all progress photos are permanently deleted from our servers within 30 days
- In future versions of the App, you may have the option to voluntarily share comparison photos — this will always be opt-in and clearly disclosed
9. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
9.1 Access and Portability
You have the right to request a copy of the personal data we hold about you. Contact us at support@gymoptimized.com and we will provide your data in a readable format within 30 days.
9.2 Correction
You can update most of your personal information directly within the App through your Settings. For other corrections, contact us at support@gymoptimized.com.
9.3 Deletion
You can delete your account at any time through Settings → Account → Delete Account. This will permanently delete all your data from our servers within 30 days. Some data may be retained longer if required by law or for legitimate business purposes such as fraud prevention.
9.4 Opt-Out of Communications
You can opt out of non-essential communications by adjusting your notification settings in the App or by contacting us at support@gymoptimized.com.
9.5 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell your data)
- Not be discriminated against for exercising your privacy rights
To exercise these rights, contact us at support@gymoptimized.com.
9.6 European Residents (GDPR)
If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation including:
- The right to access your personal data
- The right to rectification of inaccurate data
- The right to erasure (“right to be forgotten”)
- The right to restriction of processing
- The right to data portability
- The right to object to processing
- The right to lodge a complaint with your local supervisory authority
Our legal basis for processing your data is contractual necessity (to provide the App’s services), legitimate interest (to improve the App and ensure security), and your consent where explicitly obtained.
10. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the App’s services. Specifically:
- Account data — retained for the life of your account plus 30 days after deletion
- Workout and health data — retained for the life of your account and deleted within 30 days of account deletion
- Progress photos — deleted within 30 days of account deletion or immediately upon your request
- Issue reports — retained for up to 2 years for quality assurance purposes
- Billing records — retained for 7 years as required by financial regulations
11. Indemnification
By using the App, you agree to defend, indemnify, and hold harmless Gym Optimized and its owners, officers, employees, contractors, agents, licensors, and service providers from and against any and all claims, damages, obligations, losses, liabilities, costs, or debt, and expenses (including but not limited to attorney’s fees) arising from:
- Your use of or inability to use the App
- Your violation of any term of this Privacy Policy or our Terms of Service
- Your violation of any third-party right, including without limitation any privacy right, intellectual property right, or proprietary right
- Any claim that content you submitted caused damage to a third party
- Your violation of any applicable law, rule, or regulation
- Any injury, illness, or adverse health outcome resulting from physical activity undertaken in connection with use of the App
- Any unauthorized access to or use of our servers and/or any personal information stored therein resulting from your actions
This indemnification obligation will survive termination of your account and your use of the App.
12. Children’s Privacy
Gym Optimized is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@gymoptimized.com and we will delete that information promptly.
For users between 13 and 18, we recommend parental guidance when using the App. Users between 13 and 18 represent that they have obtained parental or guardian consent to use the App and to the collection and use of their data as described in this Privacy Policy.
13. Third-Party Links and Services
The App may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through the App. Gym Optimized is not responsible for the privacy practices or content of any third-party services.
14. Trainer and Coaching Features
When the Trainer Coaching feature launches:
- Communication between you and your assigned trainer will be conducted through the App
- Trainers will have access to the workout data and progress information you share with them
- Trainers are independent contractors bound by confidentiality agreements
- You control what data your trainer can see and can remove trainer access at any time
- Trainers are not medical professionals and their guidance does not constitute medical advice
15. AI Coaching Features
When AI Coaching features launch:
- Your workout data may be processed by AI systems to generate personalized recommendations
- AI coaching data is processed securely and is not used to train third-party AI models
- AI-generated recommendations are for fitness guidance purposes only and do not constitute medical advice
- You can opt out of AI features at any time by downgrading your subscription tier
16. Governing Law and Jurisdiction
This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of the State of Utah, United States, without regard to its conflict of law principles.
Any legal action or proceeding arising under this Privacy Policy that is not subject to arbitration under Section 17 shall be brought exclusively in the federal or state courts located in Utah, and you hereby consent to the personal jurisdiction and venue therein.
17. Dispute Resolution and Arbitration
PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS.
17.1 Informal Resolution
Before initiating any formal legal proceedings, you agree to first contact us at support@gymoptimized.com and attempt to resolve the dispute informally. We will attempt to resolve the dispute within 30 days of receiving your written notice. If the dispute is not resolved within 30 days, either party may proceed to arbitration as set forth below.
17.2 Binding Arbitration
Except as otherwise provided in this Section, any dispute, controversy, or claim arising out of or relating to this Privacy Policy, your use of the App, or our collection or use of your data, shall be resolved by final and binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules, which are available at www.adr.org.
- Arbitration shall take place in Salt Lake City, Utah, or at the election of the consumer, by telephone or videoconference
- The arbitration shall be conducted by a single arbitrator
- The arbitrator’s decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction
- The arbitrator may award any remedy available at law or in equity, but may not award any remedy not available in court
- Each party shall bear its own costs and attorneys’ fees, except as may be awarded by the arbitrator for frivolous claims
17.3 Class Action Waiver
YOU AND GYM OPTIMIZED AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION. Unless both you and Gym Optimized agree otherwise, the arbitrator may not consolidate more than one person’s claims and may not otherwise preside over any form of a representative or class proceeding.
17.4 Exceptions to Arbitration
Notwithstanding the foregoing, the following claims are not subject to mandatory arbitration:
- Claims for injunctive or other equitable relief to prevent unauthorized use of intellectual property
- Claims that may not be subject to arbitration under applicable law
- Small claims court actions where eligible
17.5 Opt-Out
You may opt out of the arbitration agreement within 30 days of first using the App by sending written notice to support@gymoptimized.com with the subject line “Arbitration Opt-Out.” Opting out does not affect any other provision of this Privacy Policy.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy
- Notify you through the App or via email
- For significant changes, require your acknowledgment before continuing to use the App
Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
We will respond to all legitimate requests within 30 days.
This Privacy Policy was last updated on May 8, 2026.