Privacy Policy
This policy explains what Workout Buddy (“the app”, “we”) collects, why, where it lives, and how to delete it. If anything here is unclear, email cantrellco.13@gmail.com.
Who we are
Workout Buddy is a personal workout tracker. It is published by an individual developer based in the United States. We do not sell user data, share it with advertisers, or use it for cross-app tracking.
What we collect
We only collect what the app needs to work. Everything below is tied to your account and stored in our database (Supabase, hosted in the United States) unless noted.
Account & profile
- Email address (used to sign in and to recover your account)
- Display name (set by you, or pulled from your Apple/Google account on first sign-in)
- Authentication identifiers from Apple or Google when you use Sign in with Apple / Google
- Per-account preferences: weight unit, theme, accent color, rest timer settings
Workout & fitness data you create in the app
- Bodyweight entries (weight + date) you log
- Workouts: programs, days, exercises, sets, reps, weights, completion status, and post-session feedback (recovery / pump / volume ratings)
- Custom exercises you create (name, muscle group)
- Session timestamps and duration
Diagnostics (Sentry)
- Crash reports and unhandled errors, including stack trace, device model, OS version, and app version
- A small sample of performance traces (20% in production)
- Your account ID and email are attached to crash reports so we can debug your specific issue
- Screenshots are not captured
Product analytics (PostHog)
- App lifecycle events (open, background, etc.) and a small set of in-app events used to improve the product
- Your account ID and email are attached so we can answer questions like “did this user hit the bug we fixed?”
- Hosted on PostHog Cloud (United States)
Stored only on your device
- Cached workouts, programs, and preferences (so the app works offline)
- Authentication tokens needed to keep you signed in
What we do not collect
- Location (precise or coarse)
- Photos, camera, microphone, or contacts
- Apple HealthKit or Google Fit data
- Browsing or search history outside the app
- Advertising identifiers (IDFA / GAID)
- Payment information — there are no purchases in the current version
How we use it
- Run the app: sign you in, sync your workouts across devices, render your history.
- Fix bugs: crash and error reports help us reproduce issues you hit.
- Improve the product: anonymous-ish usage patterns help us see which features are used.
We do not use your data for advertising, do not share it with data brokers, and do not link it with data from other companies’ apps or websites for tracking purposes.
Who we share it with
Data is processed by these service providers on our behalf:
| Provider | Purpose | Where |
|---|---|---|
| Supabase | Authentication, database | United States |
| Sentry | Crash reporting | United States |
| PostHog | Product analytics | United States |
| Apple | Sign in with Apple | Per Apple’s policy |
| Sign in with Google (if used) | Per Google’s policy |
That’s the full list. We do not share data with anyone else.
How long we keep it
- Account & workout data: kept until you delete your account.
- Crash reports: retained by Sentry per their default retention (typically 90 days).
- Analytics events: retained by PostHog per their default retention.
How to delete your data
Open the app → Profile → Delete Account, type DELETE to confirm. This:
- Deletes your Supabase user, which cascades and removes your profile, programs, sessions, sets, custom exercises, and bodyweight log in a single transaction.
- Signs you out on the device.
If you can’t access the app for any reason, email cantrellco.13@gmail.com from the address on your account and we will delete it manually.
To purge analytics or crash records tied to your old account, mention that in the email and we’ll forward a deletion request to Sentry / PostHog.
Children
Workout Buddy is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, email us and we’ll remove it.
Your rights
Depending on where you live (e.g., GDPR in the EU, CCPA in California), you may have the right to access, correct, export, or delete the data we hold about you. The in-app delete flow handles deletion. For access or export, email cantrellco.13@gmail.com and we’ll respond within 30 days.
Security
- All traffic between the app and our backend uses HTTPS / TLS.
- Supabase enforces row-level security so one account can never read or modify another account’s data.
- Authentication tokens on your device are stored in the platform’s secure storage (
AsyncStorageon top of OS-level protections).
No system is perfectly secure. If you discover a vulnerability, please report it to cantrellco.13@gmail.com before disclosing it publicly.
Changes to this policy
If this policy changes, we will update the “Last updated” date at the top and, for material changes, prompt you in the app on next launch.
Contact: questions, deletion requests, or privacy concerns — cantrellco.13@gmail.com.