GainTraxBack to Home

Privacy Policy

Last updated: February 28, 2026

1. Introduction

GainTrax ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the GainTrax platform ("the Service"), including our web and mobile applications.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely via hashing, never in plain text)
  • Display name
  • Profile information (avatar, bio, fitness goals)

2.2 Fitness and Health Data

When you use the Service, you may provide:

  • Workout logs (exercises, sets, reps, weight)
  • Nutrition data (foods, meals, calories, macronutrients)
  • Habit tracking data
  • Body measurements (height, weight, body fat percentage)
  • Fitness goals and progress

2.3 Wearable Device Data

If you connect wearable devices (Apple Watch, Fitbit, Oura Ring, or Google Health Connect-compatible devices), we may receive:

  • Heart rate data
  • Step counts and activity data
  • Sleep data
  • Calorie burn estimates

You control which wearable devices are connected and can disconnect them at any time from your settings.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, CVC, or full card details on our servers. Stripe may collect payment information in accordance with their own Privacy Policy. We store only a reference to your Stripe customer ID and subscription status.

2.5 AI Interaction Data

When you use AI-powered features (workout generation, meal planning, food search, AI coaching), we send relevant context (such as your fitness goals, recent workouts, and dietary preferences) to our AI provider to generate personalized responses. We log the type and count of AI generations for usage tracking and rate limiting.

2.6 Automatically Collected Data

We automatically collect:

  • Device type and operating system
  • Browser type (for web users)
  • IP address
  • General usage patterns (pages visited, features used)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Personalize your experience (AI-generated workouts, meal plans, coaching responses)
  • Process subscription payments
  • Send account-related communications (verification emails, password resets)
  • Display your progress, charts, and analytics
  • Enable trainer-client features (if applicable)
  • Detect and prevent abuse or fraud

We do not use your data for advertising. We do not sell your personal information to third parties.

4. Third-Party Services

We use the following third-party services to operate the platform:

ServicePurposeData Shared
SupabaseAuthentication, database, file storageAccount data, fitness data
StripePayment processingEmail, payment details
Anthropic (Claude)AI-powered featuresFitness context for personalization
VercelWeb hostingStandard web request data
Fitbit / OuraWearable data syncOAuth tokens, health data
USDA / Open Food FactsFood nutrition dataFood search queries

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

5. Data Storage and Security

Your data is stored securely in Supabase-managed PostgreSQL databases with Row Level Security (RLS) enabled, ensuring you can only access your own data. All data is transmitted over HTTPS/TLS encryption.

Passwords are hashed using industry-standard algorithms and are never stored in plain text. API keys and secrets are stored in encrypted environment variables and are never exposed to client-side code.

6. Trainer-Client Data Sharing

If you connect with a trainer through the Service, your trainer will be able to view your workout logs, nutrition data, and progress. You can disconnect from a trainer at any time, which will revoke their access to your data.

Trainers are bound by these same terms and may not export, share, or misuse client data outside of the Service.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account (available in Settings > Account), all your personal data is permanently deleted from our systems, including:

  • Profile and account information
  • Workout and nutrition logs
  • Habit tracking data
  • Wearable connection data
  • AI generation history
  • Subscription records

Account deletion is irreversible. Stripe may retain payment records independently per their data retention policies.

8. Your Rights

You have the right to:

  • Access your personal data through the Service
  • Export your data (available on Elite plans via Settings > Export)
  • Correct inaccurate data through your profile settings
  • Delete your account and all associated data
  • Disconnect wearable integrations at any time
  • Withdraw consent for optional data collection

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will promptly delete their account and data.

10. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Our authentication system uses secure, HTTP-only cookies to maintain your login session.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us at support@gaintrax.com.