Privacy Policy

Welcome to 1RM.fit ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using 1RM.fit, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

The data controller responsible for your personal information is:

If you are located in the European Economic Area (EEA), you may contact us at privacy@1rm.fit for any data protection inquiries. We are committed to cooperating with EU data protection authorities and complying with their guidance regarding the transfer and processing of personal data.

We use the collected information for the following purposes:

• Provide and Maintain Service: Create and manage your account, track your workouts, and save your progress
• Improve User Experience: Personalize workout recommendations and analyze usage patterns to enhance features
• Communication: Send workout reminders, achievement notifications, and service updates
• Analytics: Generate insights about your fitness progress and training patterns
• Customer Support: Respond to your questions, requests, and technical issues
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

If you are located in the EEA or UK, we process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service, manage your account, track workouts, and process subscriptions
• Consent (Art. 6(1)(a)): For analytics cookies (Google Analytics), marketing communications, and optional data collection like progress photos. You may withdraw consent at any time
• Legitimate Interests (Art. 6(1)(f)): For fraud prevention, security monitoring, service improvement, and customer support — where our interests do not override your fundamental rights
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, regulations, tax requirements, and legal processes

We do not sell your personal information. We may share your information in the following circumstances:

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication requirements for our systems
• Employee training on data protection and security practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account Data: Retained while your account is active and for 90 days after deletion
• Workout Data: Retained for the duration of your account and deleted upon account deletion
• Analytics Data: Retained in anonymized form for up to 2 years for service improvement
• Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes

Depending on your location, you may have the following rights regarding your personal information:

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@1rm.fit, and we will delete such information from our systems.

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Service, you consent to the transfer of your information to the United States and other countries.

We ensure that appropriate safeguards are in place for such transfers in compliance with applicable data protection laws, including standard contractual clauses approved by the European Commission.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

To exercise these rights, contact us at privacy@1rm.fit. We will verify your identity before processing your request and respond within 45 days as required by law.

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of data processing and access to your personal data
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your personal data
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority if you believe your rights have been violated

To exercise these rights, contact us at privacy@1rm.fit. We will respond within 30 days as required by GDPR. If you are unsatisfied with our response, you have the right to lodge a complaint with your local EU/EEA data protection authority (e.g., the CNIL in France, the ICO in the UK, or the relevant authority in your country).

1RM.fit collects data that may be classified as health-related data under certain privacy laws (including GDPR Article 9 "special categories of personal data"). This includes:

• Workout data (exercises, sets, reps, weight lifted)
• Body measurements (weight, body fat percentage, circumferences)
• Progress photos
• Personal records and fitness goals

We process this data only with your explicit consent, which you provide by voluntarily entering this information into the app. You may delete any or all of this data at any time through the app, or by deleting your account entirely via Profile > Account Settings > Delete Account.

We do not share your health and fitness data with third parties for their own purposes. It is used solely to provide and improve the Service for you.

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD):

• Confirmation and Access: Confirm whether we process your data and access it
• Correction: Request correction of incomplete, inaccurate, or outdated data
• Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data
• Data Portability: Request portability of your personal data to another service provider
• Deletion: Request deletion of personal data processed with your consent
• Information: Obtain information about entities with whom we share your data
• Revocation of Consent: Revoke your consent at any time

To exercise these rights, contact us at privacy@1rm.fit. We will respond within 15 business days as required by LGPD.

1RM.fit is operated from Israel. We comply with the Israeli Protection of Privacy Law, 5741-1981 and its regulations. As a data subject under Israeli law, you have the right to:

• Access your personal data held in our databases
• Request correction or deletion of inaccurate data
• Object to the use of your data for direct marketing
• Request information about the types of data we hold about you

Israel has been recognized by the European Commission as providing an adequate level of data protection, facilitating lawful data transfers between the EEA and Israel.

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR)
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights
• Document all breaches, including facts, effects, and remedial actions taken

Notifications will be sent via email to the address associated with your account and/or through an in-app notice. We maintain security incident response procedures and conduct regular security assessments to minimize the risk of breaches.

We use cookies and similar tracking technologies to enhance your experience and collect usage data:

• Essential Cookies: Required for basic functionality like authentication and security
• Analytics Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings or our cookie consent banner. Analytics cookies are only loaded after you provide consent. You can change your preference at any time by clearing your browser storage and revisiting the site. Disabling essential cookies may limit functionality of our Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy in our app with a new "Last Updated" date
• Sending you an email notification (if you have provided your email address)
• Displaying a prominent notice in the app

Your continued use of our Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days of receipt.