Legal & Privacy

Privacy Policy

Transparent data practices for student research and fitness guidance.

Effective: 2026-01-06
privacy@grin.fitness
GrinFit App & Services

No data sales

We do not sell personal data; research outputs stay aggregated or de-identified.

Security first

Encryption in transit, access controls, and least privilege for systems handling your data.

Transparency

Only the essentials for app functionality, reliability, and research quality.

1. Who we are

GrinFit is a student research initiative focused on fitness guidance. We collect and process data transparently to support core app functionality and research analysis. By using GrinFit, you agree to this Privacy Policy.

  • GrinFit ("we", "us") operates the GrinFit mobile application and related backend services.
  • Purpose: deliver fitness planning features and support academic research insights without selling personal data.

2. What we collect

We only collect what is necessary to operate the app and conduct research:

  • Account data: email, password hash, authentication tokens.
  • App activity: workout plans, logged workouts, adherence, recovery/effort inputs you provide.
  • Device data: coarse device info (model/OS version), app version, crash logs, basic analytics events (feature usage, performance).
  • Network data: IP-derived region for security/logging.
  • Optional inputs: if you choose to enter notes or preferences, they are stored with your account.

3. How we use data

  • Authenticate you and secure your account.
  • Generate and adapt workout plans and related insights.
  • Maintain app reliability (logging, debugging, crash analytics, performance).
  • Prevent abuse and enforce terms.
  • Produce aggregated, de-identified research analyses; we do not sell personal data.

5. Sharing and disclosures

We do not sell personal data. We may share:

  • Service providers: hosting, storage, error/crash analytics, email delivery - only as needed to run the service.
  • Legal/safety: if required by law or to protect users and the service.
  • Research outputs: only in aggregate or de-identified form.

6. Data retention

  • Account and workout data: retained while your account is active.
  • Logs/analytics: retained for a limited period needed for operations and research quality checks.
  • Backups: retained for disaster recovery on rotating schedules.

7. Security

  • We use industry-standard controls (encryption in transit, access controls, least privilege).
  • No system is perfectly secure; report issues to privacy@grin.fitness.

8. Your choices and rights

  • Access, correct, or delete your data (subject to applicable law).
  • Delete your account (in-app or by emailing privacy@grin.fitness); deletion removes active records and schedules backups for purge.
  • Opt out of non-essential analytics where offered.

9. Children

  • GrinFit is not directed to children under 16. Do not use the app if you do not meet the minimum age in your region.

10. International transfers

  • Data may be processed in the country of our servers or service providers.
  • We apply protections consistent with this Policy and applicable law.

11. Changes to this Policy

  • We may update this Policy. Material changes will be announced in-app or via email.
  • Continued use after changes means you accept the updated Policy.

12. Contact

  • Questions or requests: privacy@grin.fitness.