GymTempo
EN

Privacy

Privacy Policy

What we collect, what we don't, and how to get your data out.

GymTempo is a one-person project built around a simple rule: collect as little as possible, and never sell anything we collect. This page explains exactly what that means.

Last updated: May 11, 2026.

What we collect

If you use GymTempo without an account: nothing. The app stores your workouts in your browser’s local storage. We don’t see them, we don’t have them, we don’t want them.

If you create an account: an email address (or just a passkey identifier — your choice), and the workouts you choose to sync. That’s it. No name, no phone number, no birthday, no payment info — there’s nothing to pay for.

What we don’t collect

  • No analytics. No Google Analytics, no Plausible, no Posthog, no anything.
  • No tracking pixels. No third-party scripts. No ad networks.
  • No fingerprinting. No location. No contacts. No camera. No microphone.
  • No “anonymous usage data”. When something is “anonymized” it usually isn’t.

Cookies

We use one cookie, and only if you sign in: a session cookie so the server knows it’s you. It’s HTTP-only, secure, and tied to your browser. We don’t set it until you actively log in.

Where your data lives

Workouts are stored in your browser first. If you sign in, an encrypted copy syncs to our server (Supabase, hosted in the EU). We can technically read your workout data — we have to, in order to show it back to you on a different device — but we have no business reason to look, and we don’t.

Authentication uses passkeys. We never see your password, because you never type one.

Who can see your data

Just you. We don’t share data with advertisers, data brokers, or analytics vendors, because we don’t work with any. The only third party with access is our hosting provider (Supabase), and only to the extent needed to run the service.

If a government agency demands access through valid legal process, we’d comply — and tell you, if we’re legally allowed to.

Your rights

You can:

  • Export everything to CSV from settings. Always, free, no support ticket needed.
  • Delete your account from settings. We hard-delete account data within 30 days. Backups roll off within 90.
  • Ask what we have on you by emailing hello@gymtempo.app. We’ll send you a copy within a reasonable time, free.
  • Object, restrict, correct — GDPR rights apply to everyone, not just EU users.

Children

GymTempo isn’t aimed at kids. If you’re under 13 (or under 16 in the EU), don’t create an account. If we find out we have data about a child, we delete it.

Changes to this policy

If we change anything material, we’ll update the date above and post a note on the homepage. We won’t quietly start collecting more data — that would defeat the entire point of this project.

Contact

Questions, requests, complaints, or curiosity: hello@gymtempo.app. A real person reads it.