Privacy Policy

Data we collect

We collect the following types of data: (1) Account data: email address and username you provide at registration. (2) Workout and fitness data: exercises, sets, reps, weights, personal records, body measurements, and progress photos you choose to save. (3) Authentication data: tokens from Google Sign-In or Apple Sign-In when you use those login methods. (4) Notification tokens: push notification identifiers stored on our servers to deliver notifications you request. (5) Diagnostic data: crash reports, error logs, and stack traces — tied to an internal user identifier for debugging purposes. (6) Health Connect data (Android only, optional): exercise sessions, heart rate, steps, distance, speed, and calories burned — only if you explicitly grant permission. This data is used solely to import workouts from your device and is never uploaded to our servers.

How we use your data

We use your data exclusively to: operate and improve the app; personalise your experience; deliver push notifications you have opted into; provide customer support; maintain the security of your account; and debug crashes and performance issues. We do not use your personal data for advertising, profiling, or any purpose beyond providing the fitness tracking service.

Data sharing and third-party processors

We do not sell your personal data. Your workout content and personal information is stored exclusively on our servers. We use the following trusted third-party processors strictly for technical operations: (1) Sentry — crash and error reporting. Crash reports and stack traces may include context tags and an internal user identifier so we can reproduce and fix bugs; they do not contain workout content or personal health data. (2) Google Sign-In / Apple Sign-In — used only to authenticate your identity. We receive your name and email from these providers; we do not share data back. (3) Firebase Cloud Messaging (Android only) — used as the transport for delivering push notifications to your device; no personal data is shared beyond the push payload and your device token. All third-party processors are bound by data processing agreements and applicable privacy law.

Health and fitness data (Android Health Connect)

On Android, you may optionally connect VIRTUX to Google Health Connect to import workout sessions, heart rate, steps, distance, speed, and calorie data tracked by other apps on your device. This feature requires your explicit permission. Health data read from Health Connect is processed locally on your device and used only to populate workout entries in the app. It is never uploaded to our servers, shared with third parties, or used for any purpose other than the import you initiate. You can revoke Health Connect permissions at any time from your device settings or from within the app.

Security

We implement industry-standard safeguards including HTTPS/TLS encryption for all data in transit, encrypted storage at rest, and access controls that restrict data to authorised personnel only. We conduct regular security reviews. No method of transmission or storage is 100% secure; we will notify you of any breach that materially affects your data as required by applicable law.

Data retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data and workout content are permanently deleted from our servers within 30 days, except where we are required to retain it for legal or compliance reasons. Diagnostic data held by Sentry is subject to its own retention policy (typically 90 days for crash data).

Your rights

Depending on your country of residence, you may have the right to: access the personal data we hold about you; correct inaccurate data; request erasure of your data; restrict or object to certain processing; and receive a copy of your data in a portable format. To exercise any of these rights, contact us at [email protected] or use the in-app support channel. You also have the right to lodge a complaint with your local data protection authority.

Children's privacy

VIRTUX is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us immediately at [email protected] and we will delete the account and all associated data.

Changes to policy

We may update this privacy policy from time to time. If we make material changes, we will notify you through the app or via email. Continued use after changes means you accept the updated policy.

Contact us

Questions about this privacy policy? Contact us via the in-app support channel or at [email protected].