← Back to Home

Privacy Policy

Effective date: November 5, 2025

Last updated: November 15, 2025

1. Who we are and scope

PledgeFit ("PledgeFit", "we", "us") is a mobile fitness app focused on personalized workout planning and progress tracking. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the PledgeFit mobile app and related services. If you do not agree with this policy, please do not use PledgeFit.

Contact: team@pledgefit.ai

2. What we collect

We collect only what we need to provide the app. Below reflects how PledgeFit actually works today based on our implementation.

2.1 Account and authentication

  • Email address and (optional) full name from sign-in (email/password or OAuth providers like Apple/Google).
  • Authentication metadata (e.g., provider, email verification status).
  • Session tokens are stored on your device using secure local storage to keep you signed in.

2.2 Profile and fitness preferences

  • Onboarding profile data is required to use core features. This includes: gender, experience level, primary fitness goal, training environment, workout duration, days per week, measurement units, and body metrics (height, weight, birth year).
  • Optional onboarding screens: Pledge amount and Additional Preferences (free‑text you provide, e.g., equipment or constraints).

2.3 User content (progress photos)

  • Photos you choose to upload for progress tracking. Photos are processed on-device (resized/compressed) and stored in a private, access-controlled storage bucket. EXIF metadata is not retained by the app during upload.

2.4 Purchases and subscriptions (iOS)

  • Product ID, transaction ID, original transaction ID, purchase and expiry dates, and auto-renew status for App Store subscriptions. We do not collect or store full payment card details; Apple handles payments. We verify receipts with Apple to validate your subscription.

2.5 Push notifications and reminders

  • Notifications are enabled by default when you create an account. You can disable them at any time in Settings → Preferences.
  • Push notification token (Expo Push Token) is collected when notifications are enabled. This allows us to send you workout reminders.
  • Device timezone (e.g., "America/New_York", "Asia/Tokyo") is automatically detected to send reminders at the appropriate time in your local timezone.
  • Notification logs (date sent, notification type, delivery status) to ensure reliable delivery and troubleshoot issues.
  • When you disable notifications, your push token is immediately removed from our system.

2.6 Technical diagnostics and app cache

  • Basic technical information (e.g., app version, OS version) and error logs as needed for support. Some temporary data (e.g., local app cache and session state) is stored on your device to support offline use and fast loading.

2.7 What we do not collect

  • Precise location: PledgeFit does not access GPS/location services. Timezone is detected from your device settings, not GPS.
  • Contacts, calendars, or microphone.
  • Third‑party analytics or advertising IDs: No third‑party analytics SDKs or ad tracking are integrated at this time.

3. How we use information

  • Provide core features (authentication, personalized workouts, progress tracking).
  • Personalize plans using your profile data and preferences.
  • Send workout reminders via push notifications (enabled by default, using your push token and timezone). You can disable this at any time.
  • Store and display your progress photos to you.
  • Manage purchases/subscriptions, including verifying receipts with Apple.
  • Provide support, detect/prevent abuse, and maintain security and reliability.
  • Comply with legal obligations.

Legal bases (for users in the EEA/UK):

  • Contract: To provide the app and subscription features you request.
  • Legitimate interests: Security, service improvement, and support.
  • Consent: Optional data you choose to provide (e.g., additional preferences, photos), and for push notifications (enabled by default, but you can opt out).

4. Sharing and disclosure

We do not sell your personal information and we do not share it for cross‑context behavioral advertising.

We share data only with:

  • Service providers (data processors) necessary to run the app, including:
    • Supabase: authentication, database, file storage, and serverless functions.
    • Expo Push Notification Service: delivery of push notifications (only when you enable notifications).
    • Apple: App Store billing and receipt validation (iOS subscriptions), and Apple Push Notification service (APNs) for iOS notifications.
    • Email service provider (when enabled) for account/support emails.
  • Legal/disclosure: When required by law or to protect rights, safety, or our service.
  • Business transfers: If we undergo a merger, acquisition, or asset sale.

5. Data retention

  • Account and profile: Kept while you maintain an account. Deleted upon account deletion.
  • Push notification tokens and timezone: Kept while notifications are enabled. Removed when you disable notifications or delete your account.
  • Notification logs: Kept for troubleshooting and analytics and are deleted periodically.
  • Progress photos: Kept until you delete them or delete your account.
  • Subscription records: Kept as needed for billing, fraud prevention, and legal/tax compliance.
  • Local device cache (e.g., query cache): Stored on your device and periodically refreshed or cleared by the app.

6. Your choices and rights

You can:

  • Update profile information and app preferences in Settings.
  • Disable push notifications at any time in Settings → Preferences (notifications are enabled by default). Disabling notifications immediately removes your push token from our system.
  • Upload or delete progress photos.
  • Manage subscription via Apple's subscription settings.
  • Request a copy or deletion of your data or request account deletion by emailing team@pledgefit.ai. We will verify your request and respond as required by applicable law.

For California residents (CCPA/CPRA):

You have the right to know, access, correct, delete, and limit use of sensitive information, and to opt‑out of any "sale" or "sharing" as defined by law. PledgeFit does not sell or share your information for cross‑context behavioral advertising.

For EEA/UK residents (GDPR):

You have rights to access, rectify, erase, restrict, object, and portability, and to lodge a complaint with your data protection authority.

7. Children's privacy

PledgeFit is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us at team@pledgefit.ai and we will delete it.

8. Security

We employ technical and organizational measures such as encrypted transport (TLS), access controls, and private storage for photos. In particular:

  • Row‑Level Security (RLS) is enforced on all application tables. Policies ensure each person can only access their own records after sign‑in.
  • Your progress photos are kept in private storage. Access requires authenticated, time‑limited authorization; we do not expose public links to private content.
  • Server‑side processes operate with the minimum permissions needed (least‑privilege).

No system can be 100% secure; we continuously improve safeguards and limit what we collect.

9. International data transfers

Our service providers may process data in locations outside your country. Where required, we use appropriate safeguards for international transfers.

10. App permissions

  • Camera and Photos/Library: Only when you choose to capture or upload progress photos.
  • Notifications: Notification permissions are requested when you first open the app (notifications are enabled by default, but you can decline the permission or disable them later in Settings). We use notifications solely to send workout reminders at the time you schedule them.
  • Timezone: Automatically detected from your device settings (not GPS) to send reminders at the correct local time.
  • Location: Not used. We do not access GPS or precise location.

11. Changes to this policy

We may update this policy to reflect changes in our practices or the law. We will update the "Last updated" date and make the policy available in‑app and/or via our listing. Material changes will be communicated via reasonable means.

12. Contact us

Email: team@pledgefit.ai