Privacy Policy
Last updated: April 9, 2026
Better Gym ("we", "our", "us") operates the Better Gym mobile application (available on iOS, Android, and as a Progressive Web App) and the Better Gym platform for gym management (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using Better Gym, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name (optional)
- Email address (required, verified before activation)
- Profile picture (optional, stored via Cloudflare)
- Preferred language
1.2 Authentication Data
Depending on how you sign in, we may collect:
- Email and password: Your password is securely hashed and never stored in plain text.
- Google OAuth: We receive your Google ID, email, name, and profile picture. We store OAuth tokens to maintain your session.
- Apple Sign-In: We receive your Apple ID and authentication tokens.
1.3 Health and Fitness Data
To provide personalized metrics, we collect data you voluntarily provide:
- Biometric profile: Body weight, height, age, gender, body fat percentage, muscle percentage, experience level.
- Exercise records: Reps, sets, weight lifted, duration, intensity rating, rest intervals, and notes.
- Workout routines: Routines assigned by your trainer or created by you.
This data is used exclusively to calculate your fitness metrics (volume, strength progression, recovery, muscle balance, predictions, and more). We do not sell or share your health and fitness data with third parties for advertising purposes.
1.4 Gym Membership Data
- Gym membership status and role (member, trainer, admin, owner)
- Join requests and approval dates
- Activity/class registrations and attendance
1.5 Payment Information
Payment processing is handled by our third-party payment provider, TicketEasy. We store:
- Payment transaction IDs and status
- Subscription plan, billing period, and renewal dates
- Payment amounts and currency
We do not store credit card numbers, bank account details, or other sensitive financial information. All payment card data is processed directly by TicketEasy in compliance with PCI-DSS standards.
1.6 Device and Session Data
- Session data: IP address, browser user agent, session tokens (stored in secure httpOnly cookies)
- Push notification tokens: Firebase Cloud Messaging (FCM) device tokens to deliver notifications, along with device platform (Android, iOS, web)
1.7 Images and Media
You or your gym may upload images (profile pictures, gym logos, activity images, exercise form tips). These are stored on Cloudflare's image hosting service.
1.8 Automatically Collected Data
- Usage analytics: Page views, feature interactions, and conversion events via PostHog.
- Request logs: HTTP method, URL path, response times, and status codes. Sensitive data (passwords, tokens, API keys) is automatically redacted from logs.
2. How We Use Your Information
We use your information to:
- Provide the Service: Authenticate your account, calculate fitness metrics, deliver routines, manage gym memberships, and process payments.
- Personalize your experience: Adjust metrics based on your biometric data (age-adjusted recovery, weight-relative strength, etc.).
- Send notifications: Gym approvals, routine updates, activity reminders, subscription status, and other service-related communications.
- Send emails: Account verification, password recovery, and subscription notifications.
- Improve the Service: Analyze usage patterns to fix bugs, optimize performance, and develop new features.
- Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
3. Data Sharing and Third-Party Services
We share your data only with the following third-party service providers, strictly for operating the Service:
| Provider | Purpose | Data Shared |
| Google OAuth | Authentication (sign-in with Google) | OAuth tokens, email, name, profile picture |
| Apple Sign-In | Authentication (sign-in with Apple) | Authentication tokens, Apple ID |
| TicketEasy | Payment processing | Transaction data, subscription details, payment amounts |
| Firebase (Google) | Push notifications | Device tokens, notification content |
| Cloudflare | Image storage and CDN | Uploaded images and metadata |
| Amazon Web Services (SES) | Email delivery | Email addresses, email content |
| PostHog | Product analytics | Anonymized usage events, page views |
We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes.
4. Cookies and Tracking
4.1 Essential Cookies
We use one essential cookie for authentication:
- Name:
better-auth.session_token - Purpose: Maintains your authenticated session
- HttpOnly: Yes (not accessible via JavaScript)
- Secure: Yes (HTTPS only)
- Duration: 7 days
This cookie is strictly necessary for the Service to function and cannot be disabled.
4.2 Analytics
We use PostHog for product analytics. PostHog collects anonymized interaction data to help us understand how the Service is used. You can opt out of analytics tracking through your browser settings or by using a "Do Not Track" signal.
5. Data Storage and Security
- Your data is stored in PostgreSQL databases with encrypted connections.
- Passwords are cryptographically hashed — we never store plain-text passwords.
- Session tokens and API keys are encrypted.
- All communications use HTTPS/TLS encryption in transit.
- Sensitive data is automatically redacted from application logs.
- Temporary data is cached in Redis with automatic expiration.
While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
6. Data Retention
- Account data: Retained until you delete your account.
- Fitness data: Retained until you delete your account.
- Session data: Automatically expires after 7 days.
- Cached data: Automatically expires based on configured time-to-live.
- Gym subscription data: Retained for 90 days after cancellation for potential reactivation, then deleted.
- Application logs: Retained for a limited period based on operational needs.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and all associated data. When your account is deleted, all sessions, exercise records, notifications, device tokens, and profile data are permanently removed.
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request restriction of processing of your data.
- Objection: Object to processing of your data for certain purposes.
- Withdraw consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at privacy@bettergym.app.
8. Data Shared with Your Gym
When you join a gym on Better Gym, authorized gym staff (trainers, admins, owners) may access:
- Your name, profile picture, and membership status
- Your fitness metrics and exercise records
- Your routine progress
- Your activity/class registrations
This data sharing is necessary for gym staff to provide training services. Access is controlled through a role-based permission system — each staff member only sees the data their role allows.
9. Children's Privacy
Better Gym is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@bettergym.app and we will promptly delete it.
10. International Data Transfers
Your data may be processed in countries other than your own, including the United States (AWS, Firebase, Cloudflare). We ensure appropriate safeguards are in place for any international data transfers in compliance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy, or wish to exercise your data rights, please contact us:
- Email: privacy@bettergym.app
- Website: bettergym.app