Privacy Policy

Effective May 19, 2026

Gym AI ("we", "our", or "the app") is an AI-powered exercise form analysis app for iOS. This policy explains what we collect, why we collect it, who we share it with, and what control you have over it. We've designed the app to minimize the data it handles.

What we collect

• Workout videos you choose to analyze. Short clips you record or pick from your photo library are sent to our servers and then forwarded to Google Gemini (via Replicate) for analysis.
• Analysis results. The form score, feedback, and coaching notes returned by the AI are stored on your device.
• An anonymous device identifier. A random UUID generated on first launch. We use it to enforce daily analysis limits per device on our servers. It is not linked to your name, email, Apple ID, or any personal information.
• Subscription status. If you subscribe, RevenueCat and Apple manage the transaction. We receive only the subscription status (active / inactive) tied to the anonymous device identifier.

We do not collect your name, email address, phone number, location, or any contact information. We do not require you to create an account.

How we use this data

• To provide the AI form analysis feature.
• To enforce per-device daily analysis quotas, separating free vs. paid users.
• To manage your subscription via Apple and RevenueCat.

Who we share data with

We use the following third parties only for the limited purposes below. Each operates under their own privacy practices.

• Apple Inc. — processes in-app subscription purchases. We also use Apple's DeviceCheck framework to store two bits of per-device state on Apple's servers; this lets us enforce the lifetime free-trial allowance without holding any identifier of our own. The two bits are anonymous and cannot be used to identify or contact you.
• RevenueCat, Inc. — receives the anonymous device identifier to validate subscription entitlements.
• Replicate, Inc. — receives uploaded video clips and runs the AI model on them. Files are typically deleted from Replicate's servers within a few hours of analysis.
• Google LLC — operates the Gemini AI model used by Replicate to perform the form analysis.
• Cloudflare, Inc. — hosts our backend proxy and stores uploaded videos for up to one hour for the purpose of delivering them to the AI model.

We do not sell, rent, or trade your data to advertisers or anyone else.

How long we keep your data

• Videos on our servers: automatically deleted after one hour. They are kept only long enough for the AI to analyze them.
• Videos and analysis results on your device: stored locally in the app. They are deleted when you uninstall the app.
• Anonymous quota counters: automatically expire after 36 hours.

Your choices

• Don't upload videos you don't want analyzed.
• Manage or cancel your subscription anytime in Settings → Apple Account → Subscriptions on your iPhone.
• Uninstall the app to delete all locally stored videos and analyses.
• Contact us at balint245@gmail.com if you have questions or want us to delete server-side data associated with your device identifier.

Children

Gym AI is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has used the app, contact us and we will remove any associated data.

Security

All traffic between the app and our servers uses HTTPS. Videos are stored encrypted at rest on Cloudflare and Replicate. We can't promise perfect security, but we follow standard industry practices.

Changes to this policy

If we change this policy materially, we'll update the effective date at the top. Continued use of the app after changes means you accept the updated policy.

Contact

Questions? Email balint245@gmail.com.