Flexy Logo Flexy

Privacy Policy

Last Updated:

At Flexy, we believe your fitness journey is personal. This Privacy Policy explains how we collect, use, protect, and share your information when you use our AI-powered fitness coaching app. We're committed to transparency and protecting your privacy.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Profile Data: Age, gender, fitness level, fitness goals, injury history
  • Equipment Information: Available workout equipment (dumbbells, resistance bands, etc.)
  • Workout Data: Exercise completion, sets, reps, weights, workout duration
  • Chat Messages: Conversations with the AI coach to personalize your workouts
  • Feedback: Workout difficulty ratings, exercise modifications, progress notes

Information Collected Automatically

  • Device Information: Device type, operating system, app version
  • Usage Data: Features used, time spent in app, workout frequency
  • Performance Data: App crashes, errors, loading times
  • Location Data: General location (city/country) for timezone and localization (not precise GPS)

2. How We Use Your Information

  • Personalize Your Workouts: Create AI-generated workout plans tailored to your equipment, fitness level, and goals
  • Track Your Progress: Monitor workout completion, streaks, and improvements over time
  • Improve Our AI: Enhance workout recommendations based on aggregated, anonymized user feedback
  • Provide Support: Respond to your questions and technical issues
  • Send Important Updates: Notify you about account changes, new features, or service updates (you can opt out of promotional emails)
  • Ensure Safety: Detect and prevent fraud, abuse, or security issues
  • Comply with Legal Obligations: Meet legal requirements and enforce our Terms of Service

3. AI Processing & Workout Personalization

How Our AI Works: Flexy uses advanced AI models (powered by Anthropic Claude) to understand your fitness needs and generate personalized workout plans.

  • What Gets Processed: Your chat messages, workout history, equipment list, fitness level, and feedback are sent to our AI service to generate recommendations
  • Data Protection: All data sent to AI providers is encrypted in transit. Our AI partners (Anthropic) do not use your data to train their models
  • Data Storage: Your workout data and chat history are stored securely in our Supabase database with encryption at rest
  • No Third-Party Training: Your personal workout data is never used to train third-party AI models

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Secure Authentication: Passwords are hashed using bcrypt. We support OAuth login (Apple, Google) for enhanced security
  • Database Security: Your data is stored in Supabase with row-level security policies and automatic backups
  • Access Controls: Only authorized personnel can access user data, and all access is logged
  • Regular Audits: We conduct regular security reviews and updates
  • Incident Response: We have procedures in place to respond quickly to any security incidents

Important: While we implement strong security measures, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

5. Information Sharing

We do NOT sell your personal data. We only share your information in the following limited circumstances:

  • Service Providers: We work with trusted third-party providers for hosting (Supabase), AI services (Anthropic), analytics, and customer support. These providers are contractually bound to protect your data
  • Legal Requirements: If required by law, court order, or government request, we may disclose your information
  • Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred (you will be notified)
  • With Your Consent: We may share information when you explicitly give us permission (e.g., sharing workout progress on social media)
  • Aggregated Data: We may share anonymized, aggregated statistics (e.g., "Flexy users completed 1 million workouts") that cannot identify you

6. Your Rights & Choices

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information through your account settings
  • Deletion: Request deletion of your account and associated data (some data may be retained for legal compliance). Learn how to request deletion
  • Data Portability: Export your workout data in a machine-readable format
  • Opt-Out of Marketing: Unsubscribe from promotional emails via the link in any email or your account settings
  • Restrict Processing: Limit how we use your data in certain circumstances

To exercise these rights, contact us at hello@getflexy.ai

7. Cookies & Tracking Technologies

We use minimal cookies and tracking technologies:

  • Essential Cookies: Required for authentication and basic app functionality
  • Analytics: We use privacy-focused analytics to understand app usage and improve performance (you can opt out in settings)
  • Preferences: Store your theme preference (dark mode) and language settings

We do NOT use advertising cookies or sell your data to advertisers.

8. Data Retention

  • Active Accounts: We retain your data while your account is active
  • After Deletion: When you delete your account, most data is removed within 30 days. Some data may be retained for legal compliance (e.g., transaction records)
  • Backups: Deleted data may persist in backups for up to 90 days before permanent deletion

9. Children's Privacy

Flexy is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately. If you believe we have collected information from a child, contact us at hello@getflexy.ai.

10. International Data Transfers

Flexy is based in the United States. If you access our services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws (GDPR, CCPA, etc.).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

  • We will update the "Last Updated" date at the top of this page
  • We will notify you via email or in-app notification
  • For material changes, we may require you to review and accept the new policy

Your continued use of Flexy after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: hello@getflexy.ai

Support: hello@getflexy.ai

Response Time: We aim to respond within 48 hours

Thank you for trusting Flexy with your fitness journey. Your privacy matters to us.