Legal
Privacy Policy
Effective June 4, 2026
This Privacy Policy explains how Grind Track ("Grind Track", "we", "us") collects, uses, shares and protects information when you use the Grind Track mobile application and grindtrack.co (together, the “Service”). We built the Service to be a private training journal: the workouts, meals, measurements and photos you log are yours.
We follow Apple’s App Store requirements and applicable data-protection laws, including the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) and India’s Digital Personal Data Protection Act. By using the Service you agree to this Policy.
01The short version
- We collect only what we need to run the Service — your account, the activity you log, and basic technical data.
- We do not sell your personal data, and we do not use it for third-party advertising.
- Body measurements, progress photos and health-related data are private to you and only shared when you choose to share them.
- You can export or permanently delete your account and data from inside the app at any time.
02Information we collect
We collect the categories of information below. Some are provided directly by you; some are generated as you use the Service.
| Category | Examples | Why we collect it |
|---|---|---|
| Account & profile | Name or username, email, phone number, password (hashed), profile photo, date of birth, sex, height, units and goals. | To create and secure your account and personalize targets. |
| Training data | Routines, exercises, sets, reps, weights, RPE, workout times and notes. | Core function — to log and analyze your training. |
| Nutrition data | Logged foods and meals, quantities, macros, recipes and saved foods. | To track intake against your macro and calorie targets. |
| Body & health data | Body weight, body-fat, circumferences and progress photos you add, plus activity, heart, sleep and recovery metrics you choose to sync from Apple Health or Android Health Connect. | To show body-composition, activity, sleep and recovery trends. Treated as sensitive (see below). |
| Social content | Posts, comments, reactions, follows, and trainer–client or gym links you create. | To power optional social and coaching features. |
| Purchases | Subscription status and entitlements. Apple processes payment — we never receive your card number. | To unlock and manage premium features. |
| Device & technical | Device model, OS version, app version, language, IP address, crash logs and diagnostic events. | To keep the app stable, secure and debuggable. |
The app requests camera access only when you scan a barcode or add a photo, and access to your photo library only when you choose a picture. With your explicit permission, the app can also read activity, heart, sleep and body data from Apple Health (HealthKit) on iOS or Android Health Connect — see “Health & fitness data” below. We do not collect your precise location or your contacts. You can decline or revoke any of these permissions at any time in iOS Settings, the Apple Health app, or the Android Health Connect app.
03How we use your information
- Provide, maintain and personalize the Service — including your targets, charts, streaks and recovery estimates.
- Detect personal records, compute rollups, and generate the analytics you see in-app.
- Operate optional social, leaderboard and coaching features at your direction.
- Authenticate you, prevent fraud and abuse, and keep accounts secure.
- Diagnose crashes, monitor performance and improve the product.
- Send transactional messages (for example, verification codes, security and account notices). We do not send marketing email without your consent.
- Comply with law and enforce our Terms.
We rely on the following legal bases where GDPR applies: performance of our contract with you, your consent (for optional features and any marketing), our legitimate interests in securing and improving the Service, and compliance with legal obligations.
04Health & fitness data
Body measurements, body-fat estimates and progress photos can reveal information about your health. We treat them as sensitive: they are visible only to you by default, are never used for advertising, and are only shared with another person when you explicitly share them (for example, by linking a trainer or posting publicly). You can delete any measurement or photo at any time.
If you connect Apple Health (HealthKit) on iOS or Android Health Connect, the app reads only the data types you approve — which may include steps, distance, active and resting energy, heart rate, resting heart rate, heart-rate variability, VO₂ max, respiratory rate, blood-oxygen, sleep, workouts, body weight and body fat. We use this data solely to provide in-app features: computing your recovery and readiness score, energy balance, and your activity, sleep and heart-rate trends. The analysis runs on our servers and the results are shown only to you in the app.
Health data obtained through Apple Health or Health Connect is never used for advertising or marketing, is never sold, and is never disclosed to third parties. It is used only to deliver the features described above, consistent with Apple’s HealthKit terms and the Google Health Connect Permissions policy. You can review or revoke our access at any time in the Apple Health app (Sharing) or the Health Connect app (App permissions); revoking access stops further reads but does not erase data already synced — delete your account or contact us to remove it. We keep hour-by-hour intraday detail for about 48 hours and a technical sync log for about 30 days; daily summaries persist until you delete them or your account.
05Sign-in & authentication
You can create an account with email and password, a phone number with a one-time code, or by using Sign in with Apple, Google or Facebook. When you use a third-party sign-in we receive a basic identifier and, depending on your settings, your name and email; we do not receive your social password. Sign in with Apple lets you hide your email via Apple’s private relay, and we support that.
06Subscriptions & purchases
Premium features are sold as auto-renewable subscriptions through the Apple App Store. Apple processes the payment and manages billing and renewals under Apple’s own privacy policy; we receive your subscription and entitlement status but never your full payment-card details. You manage or cancel a subscription in your Apple ID settings.
08Data retention
We keep your information for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or irreversibly anonymize your personal data within 30 days, except where we must retain limited records to comply with legal, tax or security obligations or to resolve disputes. Backups are purged on a rolling schedule.
09Your rights & choices
Depending on where you live, you have some or all of these rights:
- Access and obtain a copy of your data, and export your logged data.
- Correct inaccurate data — most fields are editable directly in the app.
- Delete your account and personal data.
- Object to or restrict certain processing, and withdraw consent at any time.
- For California residents: to know, delete, correct, and to opt out of “sale” or “sharing” — note we do not sell or share personal information as those terms are defined. We will not discriminate against you for exercising these rights.
To exercise any right, use the in-app controls or email privacy@grindtrack.co. You may also have the right to lodge a complaint with your local data-protection authority.
10Deleting your account & data
You can permanently delete your account from inside the app: open Settings, then Account, then Delete Account, and confirm. This removes your profile and your logged training, nutrition, body and social data as described in “Data retention.” If you cannot access the app, email privacy@grindtrack.co from your registered address and we will process the deletion.
11Security
We protect your data with encryption in transit, hashed passwords, access controls and routine security practices. No method of transmission or storage is perfectly secure, but we work to safeguard your information and will notify you and the authorities of a material breach as required by law.
12Children’s privacy
The Service is not directed to children under 13 (or the minimum age of digital consent in your country, which may be higher). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@grindtrack.co and we will delete it.
13International transfers
We may process and store information in countries other than yours, including where our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.
14Changes to this Policy
We may update this Policy as the Service evolves. We will post the new version here with a revised effective date and, for material changes, notify you in the app or by email. Continued use after an update means you accept it.
15Contact us
Questions or requests about privacy? Email privacy@grindtrack.co. For general support, support@grindtrack.co.
