Privacy Policy
TouchDumbbell(“we,” “us,” or “our”) operates the TouchDumbbell mobile application (the “App”) and related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Services.
By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.
1. Information We Collect
1.1 Information you provide directly
| Category | Examples | How collected |
|---|---|---|
| Account & profile | Name, email address, password, display username, bio (“about”), country, timezone, profile photo | Sign-up, login, account settings, onboarding |
| Fitness & wellness profile | Age range (e.g., 18–24), sex, height, weight, fitness goals, workout frequency/duration, experience level, preferred workout types | Onboarding and profile updates |
| Workout & journal data | Workout check-ins, mood, energy level, notes, workout duration/types, streaks, achievements | In-app workout flows, journal, feedback screens |
| Photos & images | Workout verification photos, optional post-workout photos, profile avatar, body scan photos, meal scan photos | Camera, photo library (where permitted) |
| Social data | Friends, friend requests, leaderboard visibility, public profile fields | Friends tab, profiles, search |
| Support communications | Message content, optional contact email | Support ticket form |
| Purchases | Subscription status (premium/free) | In-app purchases via app stores |
We do not require your precise date of birth in the App; onboarding uses age ranges starting at 18–24.
1.2 Information from device permissions & integrations
| Source | Data | Purpose |
|---|---|---|
| Camera | Photos for workout verification, body/meal scans, optional workout/avatar images | Core app features |
| Photo library (if you choose) | Images for avatar or optional uploads (e.g., post-workout photos) | Profile and workout features |
| Apple Health (HealthKit) — iOS only | Steps, active calories, walking/running distance, Apple Exercise Time; optional write access for workout-related data | Progress tracking and sync to your account |
| Push notifications | Device push token (FCM/APNs), device type (iOS/Android), notification preferences | Reminders, workout-related alerts |
| Apple Screen Time / Focus — iOS only | Authorization status and scheduling you configure; we do not receive contents of other apps, messages, or browsing history | Optional app-blocking during workouts (on-device via Apple APIs) |
| Device & app technical data | Device timezone, language/locale, app version, OS type | Service delivery, localization, reliability |
We do not collect precise GPS/location data based on our current mobile client.
1.3 Information collected automatically
- Authentication tokens: JWT access token and refresh token (stored securely on device).
- Usage & product analytics: Event types such as onboarding completion (sent to our API).
- Crash & diagnostic data: Error reports, stack traces, device/OS metadata, and (when logged in) a user identifier via Firebase Crashlytics (production builds).
- Caching: Temporary local and in-memory caches of API responses and images to improve performance.
- Logs: Server-side logs associated with API requests (e.g., IP address, timestamps, endpoints).
1.4 Information from third parties
- Apple App Store / Google Play: Purchase and subscription status via RevenueCat.
- Apple Health: Health metrics you authorize (iOS only).
2. How We Use Information
We use information to:
- Create and manage your account and authenticate you.
- Provide core features: daily workout accountability, photo verification, streaks, journal, leaderboard, friends, and profiles.
- Sync and display health-related metrics (where you connect Apple Health).
- Analyze photos you submit—including workout verification (dumbbell check-in), body scans, and meal scans—using automated and AI-assisted systems on our servers to verify workouts, estimate body metrics, and identify meals and nutrition information.
- Send push notifications you enable (e.g., workout reminders, friend nudges).
- Operate optional Screen Time–based app blocking on your device (iOS).
- Process subscriptions, restore purchases, and manage premium access.
- Improve, secure, and debug the Services (analytics, crash reporting).
- Respond to support requests and enforce our Terms.
- Comply with law and protect rights, safety, and integrity of the Services.
Legal bases (EEA/UK users): performance of contract, legitimate interests (security, improvement), consent (where required—for HealthKit, notifications, camera, Screen Time), and legal obligation.
2.1 Automated & AI image analysis
When you take or upload a photo for workout verification, a body scan, or a meal scan, the image is sent to our servers and, for AI analysis, to OpenAI (via the ChatGPT API). We use automated and AI-assisted technology to:
- Workout verification: confirm that your check-in photo includes a dumbbell or satisfies our verification criteria.
- Body scans: generate estimated body-composition insights (e.g., weight, fat ratio, muscle ratio).
- Meal scans: identify food and estimate nutritional information (e.g., calories, protein, carbs, fat).
AI-generated results are automated estimates, not medical or professional advice. Some AI features may require a Premium subscription. Content submitted to OpenAI through their API is processed under OpenAI's Privacy Policy; under OpenAI's API terms, that content is not used to train OpenAI's models. Images are stored as described in Sections 5 and 6.
3. How We Share Information
We do not sell your personal information. We share information only as follows:
3.1 Service providers (processors)
| Provider | Role |
|---|---|
| Our hosting/backend infrastructure | Account, workout, health, social, and media data storage and APIs |
| OpenAI (ChatGPT API) | AI analysis of workout verification, body scan, and meal scan images and related content |
| Cloud storage / CDN (e.g., Cloudflare R2) | Hosting profile and media assets |
| Google Firebase | Crash reporting (Crashlytics), push messaging (FCM); Analytics SDK may be present in the app build |
| RevenueCat | In-app subscription and purchase management |
| Apple | HealthKit, Screen Time APIs, App Store payments, push (APNs) |
| Play Store payments (Android), FCM (Android push) |
These providers process data under contractual obligations consistent with this Policy.
3.2 Other users (social features)
Depending on your settings and features used, other users may see display name, username, avatar, bio, streaks, workout counts, achievements, and related public profile information on leaderboards and friend features.
Workout verification photos are submitted for accountability; sharing visibility with other users depends on product design on our servers—treat uploaded workout photos as sensitive.
3.3 Legal and safety
We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of TouchDumbbell, our users, or others.
3.4 Business transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred subject to this Policy.
4. Health & Sensitive Data
Health and fitness data (including HealthKit data, body metrics, and meal-related information) may be sensitive under applicable law. We use it only to provide the Services you request. On iOS, you control HealthKit permissions in device settings and can revoke access at any time.
Apple Screen Time:When you enable app blocking, scheduling uses Apple's APIs on your device. We cannot see your messages, personal content, or activity inside other apps.
5. Photos & User-Generated Content
You may upload photos and text (e.g., workout verification, avatars, body/meal scans, notes). You retain ownership of your content, but you grant us a license to host, process, store, and display it as needed to operate the Services (see our Terms of Service). Do not upload unlawful, infringing, or others' private data without permission.
6. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.
When you delete your account (available in Account Settings), we will delete or anonymize your personal information within a reasonable period, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, backup systems, aggregated non-identifying data).
7. Security
We use administrative, technical, and organizational measures designed to protect your information, including encrypted storage for authentication tokens on device, HTTPS for API communication, and access controls on our systems.
No method of transmission or storage is 100% secure. You are responsible for safeguarding your password and device.
8. Your Rights & Choices
Depending on where you live, you may have rights to:
- Access a copy of your personal information.
- Correct inaccurate data (via Account Settings or by contacting us).
- Delete your account and associated data.
- Restrict or object to certain processing.
- Data portability (where applicable).
- Withdraw consent for processing based on consent (e.g., HealthKit, notifications).
California (CCPA/CPRA): California residents may have additional rights. We do not sell or share personal information for cross-context behavioral advertising as defined under California law.
EEA/UK: You may lodge a complaint with your local supervisory authority.
How to exercise rights: Email support@touchdumbbell.com or use in-app account deletion. We may verify your identity before responding.
- Push notifications: Disable in device settings and/or in-app notification preferences.
- HealthKit: Manage in iOS Settings → Health → Data Access & Devices.
9. Children's Privacy
The Services are intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us data, contact support@touchdumbbell.com and we will delete it.
10. International Transfers
We may process and store information in the United States and other countries where we or our service providers operate. Those countries may have different data protection laws than your country. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.
11. Third-Party Links & Stores
The App may link to our website for legal documents. App Store and Play Store terms apply to downloads and payments. Third-party services have their own privacy policies (e.g., Apple, Google, Firebase, RevenueCat, OpenAI).
12. Changes to This Policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where required, provide additional notice (e.g., in-app or email). Continued use after changes constitutes acceptance.
13. Contact Us
TouchDumbbell
Email: hello@touchdumbbell.com
Support: support@touchdumbbell.com