Legal

Privacy Policy

Last updated: May 1, 2025

Exersix (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect when you use the Exersix mobile application and website, how we use it, and the rights you have over it. By using Exersix you agree to the practices described below.

1. Information We Collect

Account Information

Email address, display name, and authentication credentials (provided via email/password, Google Sign-In, or Apple Sign-In).

Workout & Fitness Data

Session logs (exercises, sets, reps, weights, duration, timestamps), volume and progress data per exercise and muscle group, custom exercises created by the user, weekly workout schedules and streaks, body weight entries (if logged), and training preferences (weight unit: kg/lbs, session configuration).

AI-Generated Content

When you use the AI Session Builder or AI Week Planner features, your workout preferences, goals, and training history are sent to our AI provider to generate personalized workout content. This data is used solely to generate your workout plan and is not used to train AI models.

Audio Coaching

The app uses text-to-speech to announce exercise names, count tempo, and signal the end of rest periods during sessions. This feature uses your device's speaker only. No microphone access is required or used.

Subscription & Payment Information

We use RevenueCat to manage in-app subscriptions. We do not store your payment card details. RevenueCat may collect purchase receipts and subscription status. See RevenueCat's Privacy Policy at revenuecat.com.

Push Notification Tokens

If you enable push notifications, we store a device push token to deliver workout reminders and session alerts. You can disable this in your device settings at any time.

Usage Data (Analytics)

Basic analytics (screen views, feature usage, crash reports) may be collected to improve the app. This data is anonymized and aggregated.

2. How We Use Your Information

Providing and improving the Exersix service.
Generating AI-powered workout sessions and weekly plans.
Processing subscription purchases and managing Pro access.
Sending workout reminders and notifications (with your consent).
Displaying your personal workout history and progress.
Syncing your data across your devices.
Customer support and responding to your inquiries.
Complying with legal obligations and enforcing our Terms of Service.

3. Data Storage & Third-Party Processors

Your data is stored securely using Supabase (supabase.com), a PostgreSQL-based cloud platform. Data is encrypted in transit (TLS) and at rest. Our third-party service providers include: • Supabase — Database, authentication, and file storage • RevenueCat — Subscription management and payment processing • Google — Authentication (Google Sign-In), analytics (optional) • Apple — Authentication (Apple Sign-In) • AI Provider — Workout plan generation (data processed per-request, not retained) • Resend — Transactional email delivery • Vercel Analytics — Anonymised website analytics These providers are contractually obligated to handle your data in accordance with applicable privacy laws including GDPR and CCPA.

4. Data Retention

We retain your account and workout data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting support@exersix.com. Upon request, your data will be deleted within 30 days.

5. Security

We use industry-standard measures including TLS encryption in transit, AES-256 encryption at rest, and access controls limited to personnel who need the data to perform their role. No method of transmission over the Internet is 100% secure; we encourage you to use a strong, unique password.

6. Children's Privacy

Exersix is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately and we will delete it promptly.

7. Your Rights

Access — Request a copy of the personal data we hold about you.
Correction — Update inaccurate or incomplete information.
Deletion — Request deletion of your account and all associated data.
Portability — Request export of your workout data in a structured format.
Opt-out — Unsubscribe from marketing communications at any time.
EU/EEA residents: rights under GDPR apply, including the right to object to processing based on legitimate interests.
California residents: rights under CCPA apply, including the right to know what personal information we collect and the right to opt out of sale (we do not sell personal information).

To exercise any right, email us at support@exersix.com. We will respond within 30 days.

8. Local Storage & Tracking

Mobile App

The Exersix app does not use browser cookies. It uses platform-level secure storage (iOS Keychain / Android Keystore) to store your encrypted authentication tokens and session preferences. No advertising trackers or third-party tracking SDKs are embedded in the App.

Website

The Exersix website (www.exersix.com) uses PostHog for analytics and session replay. In addition to aggregate performance and page-view data, PostHog may record your interactions with the site — such as page navigation, clicks, mouse movement, and scrolling — to help us understand usage and improve the experience. We use anonymised profiles and do not use this data to identify you personally, and sensitive input fields are masked in recordings. PostHog is configured to honour the Do Not Track browser setting: if you enable Do Not Track, no analytics or session-replay data will be collected.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you via in-app notification or email at least 14 days before the changes take effect. Continued use of the app after that date constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or data requests, contact us at: support@exersix.com