Workout Pledge LLC ("Workout Pledge," "we," "us," or "our") operates the Workout Pledge mobile application and the website at workoutpledge.app (together, the "Service"). This Privacy Policy explains what information we collect, how we use it, how we share it, how long we keep it, your rights, and how to contact us.
The Service is currently available to residents of the United States, Canada, Australia, and New Zealand who are 18 or older. By using the Service, you confirm you meet these requirements and agree to the practices described here.
1. Who We Are
Workout Pledge LLC is a Delaware limited liability company. We are the entity responsible for personal information collected through the Service, except where this Privacy Policy specifies that another party (such as Stripe or Apple) is responsible for certain data.
Contact for privacy matters: info@workoutpledge.app
Privacy Officer (designated for Canada β including Quebec Law 25): Vadym Samoylov, reachable at info@workoutpledge.app. You may direct any privacy-related question, access request, or complaint to this address.
2. Information We Collect
a) Account Information
When you create an account, we collect your name, email address, and authentication credentials (via Apple Sign-In or email/password). If you upload a profile avatar, we store that image.
b) Social and Friends Data
If you use the friends feature, you may search for other users by email address. When you connect with a friend, your name, profile avatar, and general pledge activity (such as whether you have an active pledge and your current weekly progress) become visible to them, and theirs to you. Email addresses are used for friend lookup only and are never displayed to other users.
c) Health and Fitness Data
With your explicit permission, we access workout data from Apple HealthKit on your device. We collect only workout summary data: workout type (e.g., running, strength training), start and end time, duration, active calories burned, and source device. We do not access or store raw HealthKit data such as heart rate samples, step counts, sleep data, or any health information beyond workout summaries necessary to verify your pledge.
Apple HealthKit data is read on your device and only workout summaries relevant to your active pledge are transmitted to our servers.
d) Payment Information
Payment processing is handled entirely by Stripe. When you add a payment method, your card details are sent directly to Stripe and are never transmitted to or stored on our servers. We receive from Stripe only a tokenized reference to your payment method, transaction confirmation details, and your Stripe customer ID.
Charges are processed in your local currency: USD for US users, CAD for Canadian users, AUD for Australian users, and NZD for New Zealand users.
Some payments may require additional authentication steps (such as one-time codes or biometric confirmation) as required by local payment regulations. Stripe handles these authentication flows.
e) Usage Data
We collect standard usage information including device type and operating-system version, app version, general interaction patterns (e.g., screens viewed and features used), and crash reports. On our website, we use Google Analytics to collect aggregated, anonymous usage statistics.
f) Device Attestation
We use Apple App Attest to verify that workout data originates from a legitimate device running an unmodified copy of the app. An attestation key is stored in association with your account to prevent duplicate device registrations and to detect tampering. This is solely a fraud-prevention measure.
g) Advertising Data
We use Google AdMob to display occasional advertisements within the mobile app. AdMob may collect device-level data β including device identifiers (such as the Identifier for Advertisers, or IDFA), IP address, and general usage data β to serve and measure ads.
If you consent to tracking through Apple's App Tracking Transparency (ATT) prompt, ads may be personalized based on your activity across other apps and websites. If you decline, you will still see ads, but they will not be personalized. You can change your tracking preference at any time in your device's Settings → Privacy & Security → Tracking.
3. How We Use Your Information
| Data | Purpose |
|---|---|
| Account info | Create and manage your account, authenticate you, communicate about the Service |
| Friends data | Enable the friends feature, friend search, and pokes |
| Workout summaries | Verify pledge compliance and calculate weekly settlement |
| Payment tokens & Stripe IDs | Process penalty charges and reward redemptions |
| Usage data | Improve the app, fix bugs, understand feature usage |
| Device attestation | Fraud prevention and integrity verification |
| Advertising data | Serve and measure in-app advertisements via Google AdMob |
We do not sell your personal information for cash. We disclose certain limited information to third-party service providers (see Section 5) so they can perform services on our behalf.
4. Automated Decision-Making
Each week, our system automatically evaluates whether you met your committed workout days. If you missed days, your payment method is automatically charged the per-miss penalty amount you set when creating the pledge. This is an automated decision that has a financial effect on you.
You always have the right to dispute the result of any automated settlement during the 3-day dispute window that opens after each weekly evaluation. Disputes are reviewed by a human member of our team. You may also contact us at info@workoutpledge.app if you believe a charge was made in error.
5. Third-Party Services
We share limited information with the following service providers:
- Supabase β database hosting and authentication. Your account data and workout summaries are stored on Supabase's infrastructure (hosted on Amazon Web Services in the United States). Privacy policy.
- Stripe β payment processing. Stripe receives your payment-method details directly and is the controller of that payment data. Privacy policy.
- Render β backend hosting. Our API servers run on Render's infrastructure (United States). Privacy policy.
- Every.org β nonprofit donation processing. If you redeem points as a donation, your name, email, and donation amount may be shared with Every.org to process the donation. Privacy policy.
- Apple β Apple Sign-In, App Attest, HealthKit, and the App Store. Apple is the controller of any data you provide directly to Apple services. Privacy policy.
- Google Analytics β website analytics only (not used in the mobile app). Privacy policy.
- Google AdMob β in-app advertising. Privacy policy.
We require each of these providers to maintain reasonable security practices and to use the data only for the purposes for which we disclose it.
6. International Data Transfers
We are based in the United States, and our service providers (Supabase, Render, Stripe, Apple, Every.org, Google) primarily store and process data in the United States.
If you are in Canada, Australia, or New Zealand, your personal information will be transferred to and processed in the United States. By using the Service you understand and consent to this transfer.
We rely on contractual safeguards (data-processing agreements with each service provider) to ensure your information continues to be protected to a standard substantially similar to that required in your country of residence.
7. Apple HealthKit Compliance
In accordance with Apple's HealthKit terms:
- We do not use HealthKit data for advertising or marketing.
- HealthKit data is never shared with ad networks, including Google AdMob.
- We do not sell HealthKit data to third parties.
- We do not share HealthKit data with third parties except as necessary for the core workout-verification function of the Service.
- We do not store raw HealthKit data β only the processed workout summaries described in Section 2(c).
You may revoke HealthKit access at any time through your device's Settings → Health → Data Access. Revoking access will prevent the app from verifying workouts, which may affect your pledge settlement.
8. Push Notifications
If you grant permission, we send push notifications to your device for events such as: a friend completing a workout, a friend poking you, a pledge week ending, a settlement being processed, or a dispute window opening or closing. You can disable push notifications at any time in your device's Settings.
9. Marketing Communications
If you join our waitlist or sign up for an account, we may send you occasional emails about new features, product updates, or other Workout Pledge news. Every marketing email will include a one-click unsubscribe link.
Canada (CASL): We send marketing emails on the basis of express or implied consent, and you may withdraw that consent at any time. We do not send marketing email about products from other companies.
10. Data Security
We implement reasonable security measures to protect your data, including:
- Encrypted connections (TLS/HTTPS) for all data in transit
- Row Level Security (RLS) on our database, ensuring each user can only access their own data
- Hashed and salted authentication credentials
- Tokenized payment information (we never see or store your card number)
- Device attestation to detect tampered app installations
No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
11. Data Breach Notification
If a data breach affects your personal information and is reasonably likely to cause you harm, we will notify you and the appropriate regulator(s) without undue delay, in accordance with applicable law:
- United States β as required by applicable state breach-notification laws.
- Canada β Office of the Privacy Commissioner of Canada (PIPEDA), the Commission d'accΓ¨s Γ l'information du QuΓ©bec (Law 25), and other provincial regulators as required.
- Australia β Office of the Australian Information Commissioner (Notifiable Data Breaches scheme under the Privacy Act 1988).
- New Zealand β Office of the Privacy Commissioner (Privacy Act 2020).
12. Data Retention
- Account information and workout history: retained for as long as your account is active, plus 30 days after deletion to allow for any pending settlements.
- Payment transaction records: retained for 7 years as required for tax and accounting purposes.
- Attestation records: retained for as long as your account is active.
- Marketing email subscriber lists: until you unsubscribe.
- Analytics data: Google Analytics retains aggregated data per its own retention settings; we retain raw analytics for up to 14 months.
When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., completing pending settlements or maintaining financial records).
13. Your Rights
You have the following rights regarding your personal information. You can exercise them by emailing info@workoutpledge.app. We will respond within 30 days (and in any case within the time required by your local law).
All users
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your account and associated data
- Export your data in a portable, machine-readable format
- Revoke HealthKit and other device permissions at any time through your device settings
πΊπΈ California Residents (CCPA / CPRA)
- The right to know what personal information we collect, use, and disclose
- The right to delete personal information
- The right to opt out of the "sale" or "sharing" of personal information (see Section 3)
- The right to limit use of Sensitive Personal Information, which includes health-related data. We already restrict our use of HealthKit data to verifying your workouts and do not use it for any other purpose.
- The right to non-discrimination for exercising your privacy rights
πΊπΈ Other US State Residents
If you are a resident of a US state with a comprehensive consumer privacy law β including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Indiana, Kentucky, or Rhode Island β you have rights similar to those above. Contact us and we will honor the rights provided by your state's law.
π¨π¦ Canadian Residents (PIPEDA + Provincial)
- The right to access your personal information
- The right to correction
- The right to withdraw consent (subject to legal or contractual obligations)
- The right to file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy regulator
- Quebec residents (Law 25): in addition to the above, you have the right to data portability and to file a complaint with the Commission d'accès à l'information du Québec.
π¦πΊ Australian Residents
You have rights under the Australian Privacy Principles (Privacy Act 1988):
- Right to access your personal information (APP 12)
- Right to correction (APP 13)
- Right to make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached
π³πΏ New Zealand Residents
You have rights under the Privacy Act 2020:
- Right to access information held about you
- Right to request correction
- Right to file a complaint with the Office of the Privacy Commissioner
15. Children's Privacy
The Service is not intended for anyone under the age of 18, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at info@workoutpledge.app.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email at least 30 days before the changes take effect. The "Effective Date" at the top of this page indicates when the policy was last revised.
17. Contact Us
For any privacy-related question, request, or complaint:
Workout Pledge LLC
Privacy Officer: Vadym Samoylov
Email: info@workoutpledge.app
Website: workoutpledge.app