Privacy Policy

Effective date: 21 April 2026 · Last updated: 21 April 2026

This Privacy Policy describes how GymLedger ("GymLedger", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our mobile application (the "App") and related services (together, the "Service").

GymLedger is operated by Rohit Saluja, an independent developer based in Jaipur, Rajasthan, India.

By downloading, accessing, or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

At a glance

• We collect only what the App needs to function — your account, your workouts, and your subscription status.
• We do not sell your personal information.
• We do not use your data for advertising and we do not track you across other apps or websites.
• You can request a copy of your data, correct it, or delete your account at any time.
• The Service is not directed to children under 13.

Table of contents

1. Information we collect
2. How we use your information
3. Legal bases for processing (EEA / UK)
4. How we share your information
5. Third-party service providers
6. Data retention
7. Data security
8. International data transfers
9. Your privacy rights (incl. in-app account deletion)
10. Children's privacy
11. App Store privacy information
12. Tracking and "Do Not Track"
13. Changes to this Privacy Policy
14. Contact us

1. Information we collect

We limit collection to what is strictly necessary to run the Service. The categories below align with the data-type categories used by Apple in the App Store Privacy Nutrition Labels.

1.1 Contact information

• Email address — used to create and authenticate your account, deliver critical service messages, and respond to support requests.

1.2 User identifiers

• Account identifier — a unique internal ID assigned when you create your account.
• Sign-in provider ID — if you sign in with Google, we receive a Google-issued user ID and your display name.

1.3 User content

• Workout data — exercises, sets, reps, weights, notes, and workout templates you create.
• Body metrics — body-weight entries and, where you choose to log them, related measurements.

1.4 Purchases

• Subscription status — whether you hold an active GymLedger Pro subscription, received from Apple via RevenueCat. We do not receive or store your payment card details; all payments are processed by Apple.

1.5 Diagnostics

• Crash and performance data — if the App crashes or encounters an error, our error-monitoring service may receive anonymized diagnostic information (stack traces, device model, OS version, App version). This data is not linked to your identity.

1.6 What we do not collect

GymLedger does not collect:

• Precise or approximate location
• Contacts, photos, camera, or microphone
• Health data from Apple Health or HealthKit
• Browsing or search history
• Advertising identifiers (IDFA) or any identifiers used for cross-app tracking
• Financial information other than subscription status (no card numbers, no bank details)

2. How we use your information

We use the information we collect solely to provide, maintain, and improve the Service:

• Provide the Service — create and authenticate your account, sync your workouts across devices, and deliver app functionality.
• Subscription management — verify your entitlement to GymLedger Pro features.
• Customer support — respond to questions, feedback, and reported issues.
• Security and fraud prevention — detect, investigate, and prevent unauthorized access, abuse, or misuse of the Service.
• Service improvements — diagnose crashes and performance issues so we can fix bugs.
• Legal compliance — comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

We will not use your personal information for materially different, unrelated, or incompatible purposes without providing you notice.

3. Legal bases for processing (EEA / UK)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the legal bases on which we rely to process your personal data are:

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to secure, maintain, and improve the Service (balanced against your rights and freedoms).
• Legal obligation — where required by applicable law.
• Consent — where we rely on consent, you may withdraw it at any time.

4. How we share your information

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes. We disclose information only in the limited circumstances below:

• Service providers — the infrastructure vendors listed in Section 5, who process data on our behalf under contractual confidentiality obligations.
• Legal and safety — when we believe in good faith that disclosure is required by law, court order, or is necessary to protect the rights, property, or safety of GymLedger, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via in-app notice or email before your information becomes subject to a different privacy policy.
• With your consent — where you have explicitly directed us to share information.

5. Third-party service providers

GymLedger uses the following processors to operate the Service. Each provider is bound by its own privacy policy, which we encourage you to review:

• Supabase, Inc. — Hosts our database and manages authentication. Stores your account information and workout data. Privacy policy.
• Google LLC (Google Sign-In) — Used only when you choose Google as your sign-in method. Google returns your email address, display name, and a unique user ID. Privacy policy.
• RevenueCat, Inc. — Processes subscription entitlements and receives a user identifier and your App Store purchase events. Privacy policy.
• Apple Inc. (App Store) — Processes all payments and delivers the App. We never receive or store your payment details. Privacy policy.
• Sentry (Functional Software, Inc.) — Receives anonymized crash reports and diagnostic data used strictly to fix bugs. Privacy policy.

6. Data retention

• Account and workout data — retained for as long as your account remains active.
• Diagnostic data — retained for up to 90 days, then permanently deleted or irreversibly anonymized.
• Deleted accounts — upon account deletion, all personal data is permanently removed from our production systems within 30 days. Limited, anonymized records may be kept where required for legal, accounting, or security purposes.
• Backups — deleted data may persist in encrypted backups for up to 90 days before being overwritten in the normal course of backup rotation.

7. Data security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• Encryption in transit (TLS 1.2+).
• Encryption at rest for data stored in our database.
• Access controls limiting internal access to personal data on a need-to-know basis.
• Periodic review of our security posture and third-party processors.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You are responsible for keeping your sign-in credentials confidential.

8. International data transfers

GymLedger is operated from India. The providers listed in Section 5 may store and process your information in the United States, the European Union, or other countries where they or their sub-processors operate.

Where personal data of EEA, UK, or Swiss residents is transferred outside those regions, we rely on the European Commission's Standard Contractual Clauses or other lawful transfer mechanisms adopted by our providers.

9. Your privacy rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access — obtain a copy of the personal information we hold about you.
• Correction — request that inaccurate or incomplete information be corrected.
• Deletion — request that we delete your personal information.
• Portability — receive your information in a structured, commonly used, machine-readable format.
• Objection / restriction — object to, or request restriction of, certain processing activities.
• Withdraw consent — where processing is based on consent, withdraw it at any time.
• Complaint — lodge a complaint with your local data protection authority.

Region-specific rights:

• European Economic Area / United Kingdom — rights under the GDPR / UK GDPR as described above.
• California (CCPA / CPRA) — right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as defined by the CCPA.
• India (DPDP Act, 2023) — rights to access, correction, erasure, and grievance redressal.

To exercise any of these rights, email us at the address in Section 14. We will verify your request and respond within the timeframes required by applicable law (typically within 30 days).

9.1 In-app account and data deletion

You can permanently delete your GymLedger account and all associated data directly from inside the App, without contacting us. From the App, go to Settings → Account → Delete Account and confirm. Deletion takes effect immediately in the App and is reflected on our servers within 30 days; encrypted backups roll over within 90 days. This complies with App Store Review Guideline 5.1.1(v).

If you cannot access the App, you may also email us from the address tied to your account using the subject line "Delete My Account" and we will process the request manually.

10. Children's privacy

GymLedger is rated 4+ on the App Store and is intended for users aged 13 and older (or 16 and older in the European Economic Area, or the minimum age of digital consent in your jurisdiction, whichever is higher). The Service is not directed to children under that age, and we do not knowingly collect personal information from them.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us using Section 14 and we will delete it.

11. App Store privacy information

In addition to this Privacy Policy, Apple requires us to disclose our data-collection practices on the App Store through Privacy Nutrition Labels. The labels shown on GymLedger's App Store page summarize the categories described in Section 1. In case of any inconsistency, this Privacy Policy governs.

Our Privacy Nutrition Label declares the following data is collected and linked to your identity:

• Contact Info — email address (for account and support)
• Identifiers — account / sign-in provider user ID
• User Content — workout entries, body-weight entries, notes
• Purchases — subscription status

The following data is collected but not linked to your identity:

• Diagnostics — anonymized crash logs and performance data

GymLedger does not use any data for tracking purposes as defined by Apple's App Tracking Transparency framework.

11.1 Permissions the App may request

GymLedger requests only the system permissions strictly required for features you choose to use:

• Notifications — used solely to deliver rest-timer alerts and optional workout reminders. You may decline at the system prompt or revoke later in iOS Settings → Notifications → GymLedger. The App functions without notifications enabled.

GymLedger does not request access to camera, microphone, contacts, photos, location, HealthKit, motion, or any tracking-related permission.

12. Tracking and "Do Not Track"

GymLedger does not engage in cross-site or cross-app tracking. We do not integrate advertising SDKs, third-party analytics that fingerprint users, or any feature covered by Apple's App Tracking Transparency (ATT) framework. Because we do not perform tracking, we do not need to prompt you with an ATT permission request.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make a material change, we will:

• Update the "Last updated" date at the top of this page.
• Provide prominent notice in the App or by email (if we have your email on file) before the change takes effect.

Your continued use of the Service after an update constitutes your acceptance of the revised Privacy Policy.

14. Contact us

If you have any questions, concerns, or requests about this Privacy Policy or our handling of your personal information, please contact us:

• Email (general / privacy requests): support@getgymledger.com
• Website: getgymledger.com
• Developer: Rohit Saluja
• Location: Jaipur, Rajasthan, India

We aim to respond to all privacy inquiries within 7 business days and to formal rights requests within the timeframes required by applicable law.