OpenWorkout Logo

Privacy Policy

Effective as of June 1, 2025

This Privacy Policy describes how OpenWorkout ("we", "our", or "us") collects, uses, and shares your personal information when you use our fitness tracking application and related services (the "Service").

1. Data Controller and Legal Entity Information

OpenWorkout is the data controller responsible for your personal information. For the purposes of data protection laws, our contact information is provided in Section 13 of this policy. We are committed to protecting your privacy and handling your personal data in accordance with applicable privacy laws.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: First name, last name, username, email address
  • Profile Data: Avatar/profile picture, workout visibility preferences
  • Contact Information: When you contact us through our support forms

2.2 Health and Fitness Data

Important Medical Data Disclaimer: OpenWorkout does not collect, store, or process medical-grade health data. All fitness tracking information is user-generated for personal tracking purposes only and should not be considered medical or diagnostic data. We do not integrate with or access your device's health apps (HealthKit, Google Fit) unless you explicitly grant permission.

  • Workout Data: Exercise routines, sets, repetitions, weights lifted, workout duration
  • Exercise Metrics: Distance covered, time duration, performance measurements
  • Workout Notes: Personal notes and comments on exercises and workouts
  • Exercise Preferences: Custom exercise names and personalization settings
  • Workout Templates: Saved workout routines and templates you create

2.3 Social and Interaction Data

  • Social Connections: Information about users you follow and who follow you
  • Comments and Likes: Comments on workouts and likes on social content
  • Notifications: Interaction notifications and engagement alerts

2.4 Technical Information

  • Device Information: Device type, operating system version, unique device identifiers, device model, system specifications
  • Usage Data: App usage patterns, features accessed, session duration
  • Log Data: Error logs, crash reports, and diagnostic information
  • Authentication Data: Login tokens and session information
  • Push Notification Data: Device tokens for notification delivery, notification preferences, delivery status, and interaction patterns
  • Widget/Live Activity Data: Workout session states, widget interaction patterns, background data updates for iOS widgets and live activities
  • Camera/Photo Access: Photo library permissions, image metadata, camera usage for profile pictures and workout documentation
  • Local Storage Data: App preferences, workout session persistence, user settings, offline data storage for app functionality

3. How We Use Your Information

3.1 App Functionality

  • Provide core fitness tracking and workout logging features
  • Store and sync your workout data across devices
  • Enable social features like following other users and sharing workouts
  • Personalize your exercise experience with custom preferences

3.2 Service Improvement

  • Analyze usage patterns to improve app performance and features
  • Debug technical issues and improve app stability
  • Develop new features based on user behavior and feedback

3.3 Communication

  • Respond to support requests and inquiries
  • Send important app updates and service notifications
  • Provide social notifications (likes, comments, follows)

4. Information Sharing and Third Parties

4.1 Third-Party Services We Use

Third-Party Liability Notice: These service providers operate under their own privacy policies and terms of service. OpenWorkout cannot be held responsible for their data practices, security measures, or any data breaches that may occur within their systems. We encourage you to review their privacy policies independently.

  • Auth0: Authentication and user identity management (account creation, login)
  • Brevo: Email services for contact form submissions and transactional emails
  • Sentry: Error tracking and performance monitoring
  • Render: Cloud deployment platform and database hosting for our backend services and data storage
  • Vercel: Website hosting and deployment platform for our web presence and contact forms
  • Firebase (Google): Photo storage for profile images and analytics for app usage tracking and performance monitoring
  • TestFlight (Apple): App distribution platform for beta testing and app deployment, including crash reporting and usage data
  • Apple Push Notification Service (APNs): Push notification delivery, device token management, and notification interaction tracking
  • iOS Widgets/Live Activities: System-level integration for workout tracking widgets, live activity updates, and background data sharing
  • React Native Device Info SDK: Device information collection including system specifications, app version tracking, and device identification
  • AsyncStorage & React Query: Local data persistence and API request caching for offline functionality and performance optimization

High-Risk Service Notice: Some services (Render, Firebase, Apple Push Notifications, iOS Widgets) handle sensitive user data including workout information, device identifiers, and personal analytics. These providers may have access to comprehensive user data and operate under their own security and privacy standards.

Platform Integration Notice: Firebase, TestFlight, Apple Push Notifications, and iOS Widgets are operated by major technology companies (Google and Apple) with extensive data collection practices. We strongly encourage reviewing their privacy policies independently.

4.2 Data Sharing Practices

  • Social Features: Workout data is shared with other users only when you choose public visibility settings
  • Service Providers: We share minimal necessary data with trusted service providers who help operate our app
  • Cloud Infrastructure: User data is processed by Render for database operations and app functionality
  • Analytics and Storage: Firebase processes profile images and usage analytics; data may be subject to Google's data processing practices
  • App Distribution: TestFlight (Apple) receives device information and crash reports for app deployment and testing
  • Apple Push Notifications: Device tokens and notification data are processed by Apple's Push Notification Service for message delivery
  • iOS System Integration: Widget and live activity data is shared with iOS system for background updates and workout tracking display
  • Device Information Processing: System specifications and device data are collected for app compatibility and performance optimization
  • Local Data Storage: AsyncStorage and React Query process user data locally for offline functionality and improved performance
  • No Data Brokers: We never sell your personal information to data brokers or advertisers
  • Legal Requirements: We may disclose information when required by law or to protect our users' safety

Data Processor Disclaimer: The third-party services listed above act as data processors on our behalf. However, some services (particularly Firebase/Google, TestFlight/Apple, Apple Push Notifications, and iOS Widgets/Apple) may also process your data for their own purposes under their respective privacy policies.

Liability Limitation: We cannot control or be held responsible for how these third-party services (including Apple's notification and widget systems) handle, store, or process your data beyond our contractual agreements with them. Users acknowledge this risk when using our Service.

5. Data Security and Protection

Security Disclaimer: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information.

Limitation of Liability: OpenWorkout shall not be liable for any unauthorized access, data breaches, or security incidents that may occur despite our security measures. Users acknowledge and accept the inherent risks associated with electronic data transmission and storage.

  • Encryption: All data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls limit who can access your personal information
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Data Minimization: We collect only the data necessary to provide our services
  • Regular Audits: Regular security assessments and updates to our protection measures
  • Incident Response: We maintain procedures for responding to security incidents, though we cannot prevent all possible breaches
  • User Responsibility: Users are responsible for maintaining the security of their account credentials and notifying us immediately of any suspected unauthorized access

6. Medical Data and Health Information Handling

Medical Disclaimer: OpenWorkout is not a medical device or healthcare provider. All fitness data collected through our app is for personal tracking and motivational purposes only.

Data Accuracy: We do not validate, verify, or guarantee the accuracy of any fitness or health-related data entered by users. This information should not be used for medical diagnosis, treatment, or health decisions.

No Medical Advice: Our app does not provide medical advice, diagnosis, or treatment recommendations. Always consult healthcare professionals for medical concerns.

  • User-Generated Data: All health and fitness data is self-reported by users and not verified by medical professionals
  • No Integration: We do not automatically sync with medical devices or electronic health records
  • Limited Processing: Health data is processed only for app functionality, not for medical or diagnostic purposes
  • User Control: Users can delete their health data at any time through the app settings

7. Your Privacy Rights and Controls

7.1 Account Controls

  • Privacy Settings: Control workout visibility (public or private)
  • Social Controls: Manage who can follow you
  • Profile Management: Update your profile information

7.2 Data Rights

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your workout data in a portable format
  • Withdraw Consent: Revoke consent for optional data processing

To exercise these rights, please contact us using the information provided in Section 13 below.

8. Data Retention and Deletion

  • Account Data: Retained while your account is active and for a limited period after deletion
  • Workout Data: Maintained to provide historical tracking unless you request deletion
  • Technical Logs: Automatically deleted after 90 days unless needed for security purposes
  • Support Communications: Contact form data retained for 2 years for support purposes
  • Account Deletion: Complete account deletion permanently removes all associated data within 30 days

9. Children's Privacy

Our Service is not directed to children under the age of 13 (or applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete such information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers are protected by appropriate safeguards, including standard contractual clauses approved by relevant authorities.

12. The rights of Users based on the General Data Protection Regulation (GDPR)

You have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the rights listed in Section 7.2 above. Our legal basis for processing your data includes:

  • Contract: Processing necessary to provide our services (Article 6(1)(b) GDPR)
  • Legitimate Interest: Improving our services and ensuring security (Article 6(1)(f) GDPR)
  • Consent: Where you have explicitly consented to processing (Article 6(1)(a) GDPR)
  • Legal Obligation: Where required by law (Article 6(1)(c) GDPR)

Your GDPR Rights Include: Access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent.

13. Limitation of Liability and Force Majeure

Privacy-Related Limitation of Liability: To the maximum extent permitted by law, OpenWorkout shall not be liable for any damages arising from:

  • Unauthorized access to or disclosure of your personal information
  • Data breaches caused by third-party service providers
  • Service interruptions affecting data availability
  • Loss of data due to technical failures or force majeure events
  • Misuse of personal information by other users

Force Majeure: We shall not be liable for any failure or delay in performance under this Privacy Policy due to circumstances beyond our reasonable control, including natural disasters, acts of terrorism, government actions, pandemics, or infrastructure failures.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you through the app or via email
  • For material changes, provide you with a choice to accept or decline continued use

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us and Data Controller Information

OpenWorkout is the data controller responsible for your personal information under this Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through our contact form in the contact section of this site. Our response time for inquiries is within 5 business days but this can be subject to change depending on the amount of requests we receive.

Apple App Store Compliance: This privacy policy meets Apple App Store requirements for privacy disclosures and user data protection. All data collection practices disclosed herein are implemented in accordance with Apple's App Store Review Guidelines and privacy requirements.

App Store Platform Disclaimer: Apple Inc. is not responsible for our privacy practices or data handling. Any privacy-related concerns should be directed to OpenWorkout, not Apple.

Data Processing Transparency: We maintain records of our data processing activities as required by applicable privacy laws. Users may request information about how their specific data is processed by contacting us through the channels listed above.