Privacy Policy

This Privacy Policy sets out how GymPlan+ collects and processes your personal data and explains your rights in relation to your personal data. If you have any questions about this Privacy Policy or wish to exercise any of your rights, you can contact us at info@ciresk.com.

We may update this Privacy Policy from time to time. If we do so, and the changes substantially affect your rights, we shall take reasonable measures to notify you. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes.

This application is not intended for children under 13, and we do not knowingly collect data relating to children.

By personal data we mean any identifiable information about you, such as your name, email address, or a photo of you which you upload to our application.

We will only use your personal data where we have a lawful basis to do so.

We use your data to provide the service, including storing and syncing your workout data across devices. We generate statistics and calculate workout history, progress charts, and muscle distribution. We enable Live Activities to display workout progress on your iOS lock screen. We sync your data between local storage and cloud backup. We analyze anonymized usage patterns to improve the app. We communicate important service updates or respond to support requests.

GymPlan+ uses a local-first architecture. Your data is stored on your device first using secure SQLite storage, ensuring you can access your workouts even without an internet connection. When online, data syncs to our secure cloud servers.

Your data is synced to secure cloud servers hosted by trusted infrastructure providers including Neon for serverless PostgreSQL with encryption at rest, Firebase for authentication and secure token management, Google Cloud Storage for media files (photos, GIFs, and videos), and Vercel for secure API hosting.

We implement industry-standard security measures including encryption in transit via TLS/SSL, encryption at rest for stored data, secure authentication via Firebase Auth, and regular security audits.

Although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure. If there is a security breach, we will do all that we can to stop the breach and minimize any loss of data.

We do not sell your personal information. We may share your personal data with service providers, sub-contractors, and agents that we appoint to perform functions on our behalf and in accordance with our instructions.

Under certain circumstances we may have to disclose your personal data under applicable laws, for example to protect a third party's rights, property, or safety, or as part of a merger, acquisition, or sale of assets.

Your data may be transferred to and processed in countries other than your own. Where your personal data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

You have a number of rights under applicable data protection legislation.

Right of access: You can obtain a copy of the personal data we hold for you. Right to rectification: You can require us to correct inaccurate or incomplete data. Right to portability: You can request we transfer your data to another service. Right to restriction: You can require us to restrict processing in certain circumstances. Right to be forgotten: You can require us to delete your personal data.

To exercise any of these rights, please contact us at info@ciresk.com. We try to respond to all legitimate requests within one month.

You can delete your account at any time directly within the GymPlan+ app. Go to Profile → Account → Delete Account. You will be asked to confirm this action twice to prevent accidental deletion.

When you delete your account, all your data is permanently and immediately deleted, including your profile information, all workout plans and routines, all workout history and sessions, all body measurements, all custom exercises, and all uploaded media (photos, GIFs, and videos).

This action cannot be undone. Once deleted, your data cannot be recovered.

We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted immediately. We do not retain backups of deleted user data.

In some circumstances we may anonymize usage data so that it can no longer be associated with you, in which case we may use this information indefinitely for analytics and service improvement.

You can contact us with any questions or comments about your personal data, this Policy, or any other privacy-related enquiries by emailing info@ciresk.com.