Privacy Policy

Last updated: 6/22/2025

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided through Google OAuth)
  • Google profile information (when using Google sign-in)

Workout Data

To provide personalized workout plans, we collect:

  • Muscle soreness levels (9 muscle groups, 1-5 scale)
  • Equipment preferences and availability
  • Generated workout plans and exercise data
  • Uploaded files (workout history, images, PDFs)

Usage Information

We automatically collect:

  • IP address and browser information
  • Page views and interaction data
  • API usage for rate limiting (3 generations per day)

2. How We Use Your Information

  • Workout Generation: Create personalized AI-generated workout plans based on your soreness levels and equipment
  • Account Management: Maintain your account, authenticate access, and provide customer support
  • Service Improvement: Analyze usage patterns to improve our AI models and user experience
  • Rate Limiting: Enforce usage limits (3 AI generations per day for free tier)
  • Communication: Send service-related notifications and updates

3. Data Sharing and Third Parties

We share your data with the following service providers:

  • Groq AI: Your workout preferences are sent to Groq to generate personalized plans
  • Google OAuth: Authentication data when you sign in with Google
  • UploadThing: File upload and storage service for workout history files
  • Upstash Redis: Rate limiting and session management
  • PostgreSQL Database: Secure data storage with encryption

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

We implement industry-standard security measures:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure database storage with access controls
  • JWT-based authentication with secure session management
  • Regular security audits and updates
  • Rate limiting to prevent abuse

5. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to data processing based on legitimate interests

To exercise these rights, contact us at radu.stochitoiu+planmyworkout@gmail.com

6. Data Retention

We retain your data for the following periods:

Account and Personal Data

  • Account information: Until account deletion
  • Authentication data: Until account deletion
  • Consent records: 2 years after account deletion (legal compliance)

Workout and Exercise Data

  • Workout plans: Until manually deleted or account closure
  • Soreness tracking data: Until account deletion
  • Equipment preferences: Until account deletion

Files and Content

  • Uploaded files: Until manually deleted or account closure
  • File metadata: Until account deletion

Usage and Technical Data

  • Usage analytics: 12 months maximum
  • Error logs: 6 months
  • IP addresses: 30 days (then anonymized)
  • Session data: 30 days from last activity

Legal and Compliance

  • Support communications: 2 years
  • Data export requests: 2 years (audit trail)
  • Account deletion logs: 2 years (compliance)

Automated Deletion: We automatically delete expired sessions, old analytics data, and temporary files. You can request immediate deletion of your account and all associated data through your account settings.

7. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Rate limiting enforcement
  • Basic analytics (page views, user flows)

You can manage cookie preferences through your browser settings.

8. International Data Transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through appropriate safeguards and comply with applicable data protection laws.

9. Changes to This Policy

We may update this privacy policy periodically. Material changes will be communicated through email or prominent website notices. Continued use constitutes acceptance of updates.

10. Contact Information

Data Controller: Workout AI Planner

Email: radu.stochitoiu+planmyworkout@gmail.com

Data Protection Officer: radu.stochitoiu+planmyworkout@gmail.com

Share Feedback 💬