Privacy Policy
Last Updated: February 16, 20261. Introduction
This Privacy Policy explains how Powerhouse Fitness ("the App," "we," "us," or "our") collects, uses, stores, and protects your personal information. By using the App, you agree to the collection and use of information as described in this policy.
We are committed to protecting your privacy. The App is designed with a local-first approach — your data is stored on your device by default, and cloud features are entirely optional.
2. Information We Collect
2.1 Information You Provide
- Profile Information: Display name, bio, age, gender, profile photo
- Body Measurements: Height, current weight, target weight, body measurements (waist, chest, arms, thighs, hips, shoulders), body weight history
- Fitness Data: Workout history, exercise logs (sets, reps, weight), personal records, saved routines, weekly schedules, fitness goals, and goal progress
- Progress Photos: Photos you take or import to track physical progress, along with associated notes and metadata
- Custom Content: Custom exercises and workout routines you create
- Account Information: Email address (only if you upgrade from a guest account to a full account)
2.2 Information Collected Automatically
- Firebase Anonymous ID: When you first open the App, a unique anonymous identifier is created through Firebase Authentication. This ID is not linked to any personal information unless you choose to create an account.
- Device Identifier: A randomly generated device ID (not a hardware identifier) used solely to identify backup sources when you use cloud backup features.
- Subscription Status: If you subscribe to Powerhouse Pro, your subscription status and purchase timestamps are cached locally for verification.
2.3 Information We Do NOT Collect
- We do not collect your location data.
- We do not use advertising identifiers or tracking pixels.
- We do not integrate any analytics, advertising, or crash-reporting SDKs.
- We do not collect hardware device identifiers (IMEI, serial number, etc.).
- All notifications are scheduled locally on your device — we do not collect push notification tokens or send remote push notifications.
3. How We Use Your Information
We use the information you provide solely to deliver the App's core functionality:
| Purpose | Data Used |
|---|---|
| Display your profile and workout statistics | Profile info, workout history, personal records |
| Track your fitness progress over time | Body measurements, weight history, progress photos, goals |
| Generate personalized workout schedules | Saved routines, weekly schedule, calendar assignments |
| Sync data across your devices (optional) | All fitness data, synced via Firebase Realtime Database |
| Back up your data to Google Drive (optional) | All fitness data and progress photos |
| Process subscription purchases | Firebase user ID, purchase transaction data |
| Sync with Health Connect (optional, Android) | Workout sessions, calories burned, weight, step counts |
| Connect with friends (optional) | Display name, profile photo, bio, fitness level, shared goals |
| Send local workout reminders | Workout schedule, streak count, goal deadlines |
4. Data Storage
4.1 Local Storage (Default)
All your data is stored locally on your device using secure on-device storage. This includes all workout data, profile information, progress photos, and preferences. The App functions fully offline with local storage only.
Sensitive data such as authentication tokens is stored using platform-native secure storage (iOS Keychain / Android Keystore), which provides hardware-backed encryption.
4.2 Cloud Storage (Optional)
- Firebase Realtime Database: Your fitness data is synced to Google's Firebase infrastructure, encrypted in transit via TLS. Data is stored under your authenticated user account and is accessible only to you. Firebase security rules enforce that each user can only read and write their own data.
- Google Drive: If you connect your Google account for backup, your data is stored in a private app-specific folder (
appDataFolder) within your Google Drive. This folder is hidden from your main Drive view and is accessible only through the App. Up to 5 versioned backups are retained.
5. Third-Party Services
The App uses the following third-party services. Each service has its own privacy policy governing its data practices:
5.1 Firebase (Google)
- Purpose: User authentication and real-time data synchronization
- Data Shared: Anonymous user ID, email (if account is upgraded), display name, and synced fitness data
- Privacy Policy: firebase.google.com/support/privacy
5.2 Google Drive
- Purpose: Optional data backup and restore
- Data Shared: Fitness data and progress photos (stored in your private Drive folder)
- Privacy Policy: policies.google.com/privacy
5.3 RevenueCat
- Purpose: Subscription and in-app purchase management
- Data Shared: Firebase user ID, purchase transactions, subscription status
- Privacy Policy: revenuecat.com/privacy
5.4 Health Connect (Android Only)
- Purpose: Optional integration with Android's Health Connect platform
- Data Exchanged: Workout sessions, total calories burned, weight records, and daily step counts
- Note: Health Connect data remains on your device and is managed by Google Health Connect. The App does not transmit Health Connect data to any external server.
6. Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.
Your data is shared with third-party services only as described in Section 5 above, and only to the extent necessary to provide the App's functionality.
Social Features
If you use the App's social features (friend connections, activity feed, shared goals), the following information is visible to users you have accepted as friends:
- Display name, profile photo, and bio
- Fitness level
- Goals you choose to share
- Workout activity you choose to post
You control who can see this information by managing your friend connections.
7. Data Security
We implement the following measures to protect your data:
- Encryption in Transit: All communication with Firebase and Google services uses TLS encryption.
- Secure Token Storage: Authentication tokens are stored using platform-native secure storage (iOS Keychain / Android Keystore) with hardware-backed encryption.
- Firebase Security Rules: Database access rules ensure users can only read and write their own data.
- OAuth with PKCE: Google authentication uses the PKCE (S256) standard, eliminating the need for client secrets.
- Data Validation: All data received from cloud services is validated and sanitized before being applied locally.
- Private Backup Storage: Google Drive backups are stored in your account's private
appDataFolder, inaccessible from your main Drive interface.
8. Your Rights and Choices
8.1 Access and Export
You can access all your data directly within the App. You can export a complete copy of your data by creating a Google Drive backup, which produces a downloadable JSON file containing all your fitness data.
8.2 Deletion
- Delete Local Data: You can delete all locally stored data from the App's Profile settings.
- Delete Account: If you have a Firebase account, you can delete your account, which removes all associated data from Firebase servers.
- Delete Backups: You can disconnect Google Drive from the App's settings. Backups previously stored in your Google Drive can be removed through Google Drive's storage management.
- Revoke Access: You can revoke the App's access to your Google account at any time through your Google Account settings.
8.3 Opt-Out of Optional Features
All cloud and integration features are optional. You can use the App entirely offline with local storage only.
9. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to delete such information.
10. Data Retention
- Local Data: Stored on your device until you delete it or uninstall the App.
- Firebase Data: Retained as long as your account exists. Deleted when you delete your account.
- Google Drive Backups: Retained in your Google Drive until you delete them. The App retains up to 5 versioned backups and automatically removes older versions.
- RevenueCat Data: Purchase and subscription data is retained by RevenueCat in accordance with their data retention policy.
11. International Data Transfers
Firebase and Google services may process your data in data centers located outside your country of residence, including in the United States. By using cloud features, you consent to the transfer of your data to these locations. Google complies with applicable data protection frameworks for international transfers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this document. Your continued use of the App after any changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: support@powerhousefitness.app
This privacy policy is effective as of February 16, 2026.