Privacy Policy

Last updated: January 16, 2026

1. Introduction

Welcome to PumplAI ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered fitness coaching platform.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register for an account
• Use our services
• Contact us for support
• Participate in surveys or promotions

This information may include:

• Name and email address
• Account credentials (encrypted)
• Profile information (age, fitness level, goals)
• Payment information (processed securely through third-party providers)

2.2 Health and Fitness Data

To provide personalized fitness coaching, we collect health and fitness-related information:

• Workout history and exercise logs
• Physical measurements and fitness assessments
• Exercise form videos and images (for AI analysis)
• Progress metrics and performance data
• Health conditions or limitations you choose to share

2.3 Usage and Technical Data

We automatically collect certain information when you use our Service:

• Device information (type, operating system, browser)
• IP address and location data
• Usage patterns and feature interactions
• Error logs and performance data
• Cookies and similar tracking technologies

2.4 AI Analysis Data

Our AI-powered form analysis processes video and image data to provide feedback on exercise technique. This data includes:

• Body pose landmarks and joint angles
• Movement patterns and exercise execution data
• Form quality scores and recommendations

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain our Service
• Personalize your fitness experience and recommendations
• Process your transactions and manage subscriptions
• Communicate with you about updates, features, and support
• Analyze and improve our AI models and Service quality
• Ensure platform security and prevent fraud
• Comply with legal obligations
• Conduct research and development (with anonymized data)

4. Data Sharing and Disclosure

4.1 With Your Consent

We share your information with your designated personal trainer or fitness coach when you establish a trainer-client relationship through our platform.

4.2 Service Providers

We may share data with trusted third-party service providers who assist us in:

• Cloud infrastructure and hosting (e.g., Railway, Vercel)
• Payment processing (PCI DSS compliant providers)
• Analytics and performance monitoring
• Customer support and communication
• AI model training and improvement (with anonymized data)

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

4.4 Business Transfers

In the event of a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.5 What We Don't Do

We will never:

• Sell your personal information to third parties
• Share your health data without your explicit consent
• Use your exercise videos for marketing without permission

5. Data Security

We implement industry-standard security measures to protect your personal information:

• End-to-end encryption for sensitive data transmission
• Encrypted database storage
• Secure authentication with JWT tokens
• Regular security audits and penetration testing
• Access controls and employee training
• HTTPS/TLS for all communications

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active accounts: Data retained while your account is active
• Closed accounts: Most data deleted within 90 days, except where legally required
• Workout history: Retained for statistical analysis (anonymized after account closure)
• AI training data: Anonymized and aggregated data may be retained indefinitely

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a structured, commonly used format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing
• Withdraw Consent: Withdraw consent where we rely on consent to process data

To exercise these rights, please contact us at privacy@pumpl.app. We will respond to your request within 30 days.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our Service
• Performance Cookies: Monitor and improve Service performance

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Service.

11. Third-Party Services

Our Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11.1 Third-Party Services We Use

• Railway: Cloud infrastructure hosting
• Vercel: Frontend deployment and hosting
• OpenAI: AI-powered chat and recommendations
• Stripe: Payment processing (if applicable)

12. AI and Machine Learning

Our AI models are trained to provide personalized fitness recommendations and form analysis. We use your workout data to improve our AI models, but we:

• Anonymize all training data
• Do not use identifiable images or videos in model training without explicit consent
• Aggregate data across many users to prevent individual identification
• Allow you to opt out of AI improvement programs

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising CCPA rights

We do not sell personal information. To exercise your CCPA rights, contact us at privacy@pumpl.app.

14. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent
• Contract: Processing is necessary to provide our Service
• Legal Obligation: Required to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate business interests

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for material changes

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@pumpl.app
• Support: support@pumpl.app
• Website: https://pumpl.app

By using PumplAI, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.