Gains

Privacy Policy

Last updated: 2026-05-26

Project Gains ("we", "our", "us") provides a lifting tracker and coaching app. This Privacy Policy explains what we collect, why, who we share it with, and the choices you have. By using the app you agree to the practices described here.

1. What we collect

We collect only what's needed to run the product.

  • Account info: email, display name, organization membership. From Supabase Auth.
  • Training data: workout sessions, sets, exercises, routines, programs, personal records, body measurements, progress photos (only if you upload them), session notes.
  • Optional health data: body weight, heart rate, and workouts imported from Apple Health, Google Health Connect, Fitbit, or Garmin only after you connect those services. We never read your health data unless you explicitly enable a sync.
  • Optional images: progress photos and form-check stills, stored in private buckets only you can read.
  • Payment info: Stripe holds your card details — we only see the last 4 digits and your subscription status.
  • Usage telemetry: AI-call counts (for rate limiting), session-completion timestamps, sign-in events. No third-party advertising trackers, no analytics SDKs.

2. How we use it

  • To render your workouts, routines, programs, and analytics.
  • To compute personal records, projections, recommendations, and aggregate stats unique to your training.
  • To process AI-coaching requests you initiate. Text and images you submit to AI features are sent to our AI providers only for that request. We don't train on your data.
  • To process subscriptions via Stripe.
  • To send service emails (verification, password reset, receipts).
  • To enforce rate limits and detect abuse (e.g., quotas on AI calls).

3. Who we share it with

  • Supabase — primary database, storage, and auth host.
  • Stripe — payment processing and subscriptions.
  • OpenAI and/or Anthropic — AI features. These providers do not train on API inputs.
  • Resend — transactional email delivery.
  • Coaches you've explicitly linked yourself to (and only those coaches) can read your training data, scoped through server-enforced row-level security policies.
  • People you share a session or routine link with. Public share links you generate are revocable.

We do not sell your data, run ads on it, or share it with data brokers.

4. Your rights and controls

  • Export your training history as Strong-compatible CSV from the progress page.
  • Delete individual workouts, photos, form checks, and share links from inside the app.
  • Revoke health integrations at any time from Settings → Integrations.
  • Cancel your subscription at any time via Billing.
  • Account deletion: delete your account from inside the app via Settings → Account → Delete account. Your data is removed from our active systems immediately and from encrypted backups within 30 days. You can also email support@projectgains.app if you need help.

5. Where data lives

Your data is stored on Supabase infrastructure. Backups are retained according to Supabase's policies. AI-call payloads transit briefly through OpenAI / Anthropic endpoints and are not retained by us beyond the call.

6. Children

Project Gains is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, contact us and we'll remove the account.

7. Changes to this policy

We may update this Privacy Policy. Material changes will be announced via email or an in-app notice at least 14 days before they take effect.

8. Contact

Questions about this Privacy Policy? Email support@projectgains.app.