Privacy Policy

Welcome to Gravitix! We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information. This Privacy Policy explains our data practices when you use the Gravitix mobile application (the "Service").

By using Gravitix, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. INFORMATION WE COLLECT

We collect several types of information to provide and improve our Service:

a. Account Information
When you create an account, we may collect:
- Name
- Email address
- Profile information (age, fitness level - optional)
- Authentication credentials

b. Fitness and Training Data
To provide personalized training programs and track your progress, we collect:
- Workout history and exercise performance
- Skill progression and achievements
- Training preferences and goals
- Form videos or images you upload (if applicable)
- Custom notes and training logs
- Physical measurements you choose to input (height, weight - optional)

c. Device and Usage Information
We automatically collect certain technical data:
- Device type, operating system, and version
- App version and settings
- Device identifiers (IDFA, Android ID, or similar)
- IP address and general location (country/region level)
- App usage patterns (features used, session duration, crashes)
- Performance metrics and error logs

d. Payment Information
- Subscription and billing information is processed through Apple App Store or Google Play Store
- We do NOT directly collect or store your payment card details
- We receive confirmation of subscription status and transaction IDs from app stores

e. Communications
- Support requests and correspondence with us
- Feedback and survey responses
- Push notification preferences

2. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

a. Service Provision
- Create and manage your account
- Deliver personalized workout programs based on your fitness level and goals
- Track your progress and display skill achievements
- Sync data across your devices (if you use multiple devices)
- Process subscriptions and manage billing

b. Service Improvement
- Analyze usage patterns to improve features and user experience
- Identify and fix technical issues, bugs, and crashes
- Develop new features and training programs
- Conduct research and analytics to enhance the Service

c. Communication
- Send transactional emails (account confirmations, password resets)
- Notify you about important Service updates or changes to our Terms
- Send push notifications about workout reminders and achievements (if enabled)
- Respond to your support requests and inquiries
- Send promotional content about new features (with your consent, and you may opt-out)

d. Safety and Security
- Detect and prevent fraud, abuse, and security threats
- Enforce our Terms of Service
- Protect our legal rights and comply with legal obligations

3. DATA STORAGE AND RETENTION

a. Local Storage
- Most of your training data, progress, and preferences are stored locally on your device using SQLite database
- You control this local data and can delete it by uninstalling the app

b. Cloud Storage
- If you enable cloud sync (via Firebase/Firestore), your training data is backed up to secure cloud servers
- This allows you to access your data across multiple devices
- Cloud data is encrypted in transit and at rest

c. Retention Period
- We retain your personal data for as long as your account is active
- If you delete your account, we will delete or anonymize your data within 30 days, except:
- Data required for legal compliance (e.g., billing records for tax purposes)
- Aggregated, anonymized analytics data that cannot identify you

4. DATA SHARING AND DISCLOSURE

We do NOT sell your personal information to third parties. We may share your information only in the following limited circumstances:

a. Service Providers
We work with trusted third-party service providers who assist us in operating the Service:
- Cloud hosting and storage (Firebase, Google Cloud Platform)
- Analytics and crash reporting (Firebase Analytics, Crashlytics)
- Authentication services (Firebase Auth, Sign in with Apple, Google Sign-In)
- Payment processing (Apple, Google)
- Customer support tools

These providers are contractually obligated to protect your data and use it only for providing services to us.

b. Legal Requirements
We may disclose your information if required by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to:
- Comply with legal obligations
- Protect and defend our rights or property
- Prevent fraud or security threats
- Protect the safety of users or the public

c. Business Transfers
If Gravitix is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your options.

d. With Your Consent
We may share your information with third parties if you explicitly consent or direct us to do so.

5. THIRD-PARTY INTEGRATIONS

a. Firebase Services
We use Google Firebase for:
- Authentication (Firebase Auth)
- Cloud database (Firestore)
- Cloud storage (Firebase Storage)
- Analytics and crash reporting
- Push notifications (Firebase Cloud Messaging)

Firebase is governed by Google's Privacy Policy: https://policies.google.com/privacy

b. Social Login Providers
If you sign in using Apple, Google, or Facebook:
- We receive basic profile information (name, email)
- These providers' privacy policies govern their data practices
- You can revoke access through your provider account settings

c. Analytics Tools
We use Firebase Analytics and potentially other analytics platforms to understand app usage. These tools collect anonymized data that does not personally identify you.

6. DATA SECURITY

We implement industry-standard security measures to protect your information:

a. Technical Safeguards
- All data transmissions are encrypted using SSL/TLS
- Cloud data is encrypted at rest using AES-256 encryption
- Authentication uses secure token-based systems
- Regular security audits and vulnerability assessments

b. Access Controls
- Employee access to personal data is limited to those with legitimate business needs
- All access is logged and monitored
- We enforce strong password policies and multi-factor authentication for internal systems

c. No Guarantee
While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

a. Access and Portability
- Request a copy of the personal data we hold about you
- Export your training data from the app

b. Correction
- Update or correct inaccurate information through your account settings
- Contact us for assistance with data corrections

c. Deletion
- Delete your account and associated data through the app settings
- Request deletion by contacting us at contact@gravitix.app
- Note: Some data may be retained for legal or legitimate business purposes

d. Opt-Out
- Disable push notifications through device settings
- Unsubscribe from marketing emails via links in those emails
- Disable analytics tracking (limited by platform capabilities)

e. Data Restriction
- Request that we limit processing of your personal data in certain circumstances

f. Objection
- Object to processing of your data for direct marketing or legitimate interests

To exercise any of these rights, contact us at: contact@gravitix.app

For users in the EU/EEA (GDPR), UK, or California (CCPA), additional rights may apply. See Section 9 below.

8. CHILDREN'S PRIVACY

Gravitix is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at contact@gravitix.app, and we will delete it promptly.

Parents/guardians should supervise minors aged 13-17 who use the Service, especially given the physical nature of the training programs.

9. REGIONAL PRIVACY RIGHTS

a. European Users (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom:
- We process your data based on legal grounds: consent, contract performance, legal obligation, or legitimate interests
- You have rights to access, rectify, erase, restrict, port, and object to processing
- You may lodge a complaint with your local data protection authority
- Our GDPR representative can be contacted at: contact@gravitix.app

b. California Users (CCPA/CPRA)
If you are a California resident:
- You have the right to know what personal information we collect, use, and disclose
- You have the right to request deletion of your personal information
- You have the right to opt-out of "sales" (we do not sell personal information)
- You have the right to non-discrimination for exercising your privacy rights
- To exercise these rights, email us at: contact@gravitix.app

c. Other Jurisdictions
We respect privacy rights in all jurisdictions and will comply with applicable local laws.

10. INTERNATIONAL DATA TRANSFERS

Gravitix operates globally, and your information may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards such as:
- Standard contractual clauses approved by regulatory authorities
- Ensuring third-party processors comply with GDPR or equivalent standards
- Using encryption and security measures during transfer and storage

By using Gravitix, you consent to the transfer of your information to countries outside your residence.

11. COOKIES AND TRACKING TECHNOLOGIES

a. The mobile app does NOT use browser cookies, but may use similar technologies:
- Local storage for app preferences and session data
- Device identifiers for analytics and authentication
- Push notification tokens

b. Our website (gravitix.app) may use cookies for analytics and functionality. You can control cookies through your browser settings.

12. DO NOT TRACK SIGNALS

Our Service does not currently respond to "Do Not Track" browser signals due to lack of industry standards. We do respect your privacy choices as outlined in this Privacy Policy.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

- Material changes will be notified via email or prominent in-app notice at least 30 days before taking effect
- Non-material changes will be posted with an updated "Effective Date"
- Your continued use after changes constitutes acceptance
- If you do not agree to changes, please stop using the Service and delete your account

14. DISCLAIMER OF LIABILITY

As stated in our Terms of Service, while we strive to protect your privacy and data:

- We cannot guarantee absolute security
- We are not liable for unauthorized access, data breaches, or loss of data due to factors beyond our reasonable control
- You are responsible for maintaining the security of your device and account credentials
- Use of the Service is at your own risk

15. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@gravitix.app
Website: https://gravitix.app

For GDPR or privacy-specific inquiries:
Data Protection Officer: contact@gravitix.app

We will respond to your inquiry within 30 days (or as required by applicable law).

16. ACKNOWLEDGMENT

By using Gravitix, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein.

Last Updated: October 6, 2025