Privacy Policy - ArmProgress

Introduction

ArmProgress ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ArmProgress (the "App").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

Information We Collect

Personal Information

When you create an account, we collect:

Account Information: Email address, full name, and password (encrypted). All fields are required during registration.
Profile Data: Profile picture/avatar, preferred weight unit (lbs/kg), premium subscription status
Authentication Data: When using third-party sign-in (Google, Apple, Facebook), we receive your name and email address from these providers

Training and Fitness Data

We collect information you provide while using the App:

Workout Sessions: Exercise names, sets, reps, weights, duration, intensity ratings, and personal notes
Strength Tests: Test results, measurements, and associated notes
Training Goals: Goal descriptions, target values, current progress, and deadlines
Body Measurements: Weight, arm circumference, forearm circumference, wrist circumference, and measurement dates
Training Cycles: Cycle names, descriptions, types, and date ranges
Profile Pictures: Profile photos and group avatars uploaded via camera or photo library
Scheduled Training: Training session schedules and notification preferences

Note: Progress photo tracking (before/after body photos over time) is a planned future feature.

Automatically Collected Information

When you use the App, we automatically collect:

Device Information: Device type, operating system version, unique device identifiers
Usage Data: App features accessed, session duration, and interaction patterns
Crash and Performance Data: Error logs and performance metrics to improve app stability

How We Use Your Information

We use your information to:

Provide Core Functionality: Store and display your workout data, track progress, and generate insights
Account Management: Create and maintain your account, authenticate you, and manage your premium subscription
Notifications: Send scheduled training reminders (if you opt-in)
Customer Support: Respond to your inquiries and provide technical assistance
App Improvement: Analyze usage patterns to improve features and fix bugs
Security: Protect against unauthorized access and fraudulent activity
Legal Compliance: Comply with applicable laws and regulations
Research (Optional): If you opt-in, export anonymized aggregate training statistics weekly for armwrestling training science and machine learning research. No personally identifiable information is ever shared.

Camera and Photo Access

The App requests camera and photo library permission to:

Take or upload profile pictures for your user account
Take or upload avatars for training groups you create
Capture progress reports as images for sharing

We do not:

Access your camera without your explicit action (taking a photo)
Access your photo library without permission
Track body progress photos or before/after photo galleries (this is a planned future feature)
Use your photos for any purpose other than displaying them as profile pictures or group avatars

All photos are stored securely in your personal account and are not shared with other users or third parties without your consent.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers

We use trusted third-party services to operate the App:

Supabase: Database hosting and user authentication
RevenueCat: Subscription and in-app purchase management
Google AdMob: Advertising for free tier users (non-personally identifiable data)
Google User Messaging Platform (UMP): GDPR/CCPA consent management for advertising compliance in EU/EEA/UK regions
PostHog: Behavioral analytics and optional anonymized training data export for research (requires explicit user consent for data export feature)
Stripe: Payment processing for donations (optional feature, not currently active in app)

These providers have access only to the information necessary to perform their functions and are obligated to protect your data.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to:

Protect our legal rights
Enforce our Terms of Service
Investigate potential violations
Protect the safety of users or the public

Business Transfers

If ArmProgress is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

Data Storage and Security

Security Measures

We implement industry-standard security measures to protect your data:

Encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS
Password Security: Passwords are hashed and salted using secure algorithms
Access Controls: Strict access limitations to user data
Regular Security Audits: Ongoing monitoring for vulnerabilities

Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may request account deletion at any time via Profile settings or by contacting us at support@armprogress.com, after which:

Your account and all associated data will be soft-deleted immediately (marked as deleted but retained for sync purposes)
Hard deletion from all systems occurs within 30 days
Backups containing your data will be purged according to our backup retention schedule (maximum 90 days)
Profile pictures and group avatars stored in Supabase Storage will be permanently deleted within 30 days

Your Rights and Choices

Access and Portability

You have the right to:

Access all personal data we hold about you
Export your workout data in a portable format
Request a copy of your information
Export your training data in portable format (available in Profile settings)
View all analytics consent settings and revoke consent
Disable training data research export at any time

Correction and Deletion

You can:

Delete individual workouts, photos, or measurements
Request complete account deletion by contacting us at support@armprogress.com

Note: Account information (email, full name) cannot be modified after registration.

Marketing Communications

We do not send marketing emails without your explicit consent. You can opt-out at any time.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we do not sell your data)
Right to non-discrimination for exercising your rights

European Privacy Rights (GDPR)

If you are located in the European Economic Area, you have rights under GDPR:

Right to access, rectification, and erasure
Right to data portability
Right to restrict or object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

Children's Privacy

ArmProgress is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

Third-Party Services

Social Media Authentication

When you sign in with Google, Apple, or Facebook, these services may collect data according to their own privacy policies:

Analytics and Advertising

We use Google AdMob to display advertisements to free tier users. AdMob may collect:

Device identifiers
IP address (anonymized)
General location (country/region)
Ad interaction data

You can opt-out of personalized advertising through your device settings:

iOS: Settings > Privacy > Advertising > Limit Ad Tracking
Android: Settings > Google > Ads > Opt out of Ads Personalization

PostHog Analytics

We use PostHog for behavioral analytics (screen views, feature usage, app performance). PostHog analytics requires your explicit consent via an in-app consent modal. You can revoke consent at any time in Profile settings.

Training Data Research Export

If you opt-in via Profile settings, we export anonymized, aggregate training statistics weekly to PostHog for armwrestling training science research. This feature is entirely optional and can be disabled at any time. Exported data includes workout type distributions, average durations, exercise patterns, and training adherence rates. We NEVER export personally identifiable information, body measurements, strength test results, or personal notes.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

Push Notifications

If you opt-in to notifications, we will send:

Scheduled training reminders
Important account updates

You can disable notifications at any time through your device settings.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy in the App
Updating the "Last Updated" date
Sending an email notification for significant changes (if you have an account)

Your continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@armprogress.com

Your Consent

By using ArmProgress, you consent to this Privacy Policy and agree to its terms.

Effective Date: January 11, 2026
This privacy policy was last updated on January 11, 2026.