BodyRank — Privacy Policy

Last updated: 13 June 2026

This Privacy Policy explains what data the BodyRank mobile app ("BodyRank", "we") collects, why, and your rights over it. The data controller is David Gombau (sole developer), Catalonia, Spain. Contact: dgombau@gmail.com.

1. Data we collect

• Account: email address and display name (via Firebase Authentication).
• Profile: sex, weight, height, age and fitness goal that you enter.
• Training data: workouts, sets, reps, weights, muscle ranks, total volume and streaks.
• Nutrition: calories you log and diet plans you generate.
• Health data (optional): active calories and steps imported from Google Health Connect or Apple Health, only after you explicitly enable it and grant permission.
• Location (optional): GPS data while you actively use the route/cardio tracking feature, only with your permission. Routes are used to show your activity; we do not track you in the background for advertising.
• Photos and videos (optional): images or short videos you choose to submit for AI body-composition or exercise-technique analysis.
• Social: posts, comments, likes, friends, challenges and leaderboard entries. Your display name and aggregate stats (e.g. rank, volume) are visible to other users when you use these features.
• Feedback & diagnostics: messages and optional screenshots you send through the in-app feedback form, plus crash reports (error details, app version, device model and OS) used to fix bugs.

2. How we use your data

• To provide the core service: track training, calculate ranks, calories and progress.
• To generate AI coaching, diets and technique feedback you request.
• To power social features (feed, friends, challenges, leaderboard).
• To fix bugs and improve the app (crash reports and feedback).
• To manage subscriptions and, for free users, show ads (see third parties).

3. Third-party processors

We share the minimum data needed with these providers:

• Google Firebase (Authentication & Firestore database) — stores your account, profile, training and social data.
• Groq, Inc. — processes the text prompts and any images/videos you submit for AI features. Submitted images are sent to Groq to generate the analysis.
• Google Play / Google AdMob — app distribution and, for free users, advertising. AdMob may use advertising identifiers; you can control consent through the in-app prompt and your device settings.
• RevenueCat — manages premium subscriptions (when enabled).

These providers may process data outside the EU; where they do, they rely on appropriate safeguards (e.g. Standard Contractual Clauses).

4. Legal basis (GDPR)

• Contract — to provide the features you ask for.
• Consent — for optional permissions (health data, location, camera/photos, personalized ads). You can withdraw consent at any time in your device settings.
• Legitimate interest — to keep the app secure and fix crashes.

5. Data retention

We keep your data while your account is active. If you delete your account or ask us to, we delete your personal data within 30 days, except where we must keep it to comply with the law.

6. Your rights

You can request access, correction, deletion, a copy (portability) of your data, or object to processing. Email dgombau@gmail.com and we will respond within 30 days. You also have the right to lodge a complaint with your data protection authority (in Spain, the AEPD).

7. Children

BodyRank is intended for users aged 16 or older (or the age of digital consent in your country). It is not directed at children under 13. If you are a minor, use the app only with the consent of a parent or guardian.

8. Security

Data is transmitted over encrypted connections (HTTPS) and stored with our providers' security controls. No method of transmission or storage is 100% secure, but we take reasonable measures to protect your data.

9. Changes

We may update this policy. We will change the "Last updated" date above and, for material changes, notify you in the app.

← Back to BodyRank