Privacy Policy

Effective date: May 7, 2026 · Last updated: May 7, 2026

The short version: SuperFlex stores your workout data and progress photos on your device by default. We don't sell your data. We don't share it with advertisers. Cloud backups, when used, are end-to-end encrypted.

1. Who We Are

SuperFlex.Fit ("SuperFlex", "we", "our", or "us") provides the SuperFlex iOS application and this website. If you have questions about this policy, contact us at privacy@superflex.fit.

2. Information We Collect

Information you provide directly:

Account information — name, email address, and password when you create an account.
Profile data — optional body metrics (height, weight, date of birth, sex) that you enter to enable analytics like BMI, BMR, and TDEE estimates.
Workout data — exercises, sets, reps, weight, RPE, notes, and timestamps you log during training sessions.
Progress photos — photos you take or import within the app for physique tracking. These are stored locally on your device by default.

Information collected automatically:

Waitlist email — if you submit your email via our website waitlist form before the app launches.
Crash and diagnostic data — anonymized crash reports to help us fix bugs. These do not include your workout or photo data.
Purchase and subscription state — managed through Apple's App Store and RevenueCat. We receive only your subscription status (active/expired), not your payment details.

Apple Health (HealthKit):

With your permission, SuperFlex can read and write data to Apple Health, including body weight and workout sessions. HealthKit data is never used for advertising and is never shared with third parties. You can revoke this permission at any time in iOS Settings.

3. How We Use Your Information

To provide the app's core functionality — logging workouts, computing 1RM estimates, displaying analytics, and tracking progress photos.
To manage your account and subscription.
To notify you about app updates, early access invitations, and product news (only if you opted in via the waitlist or app notifications).
To diagnose crashes and improve the app.
To comply with legal obligations.

We do not use your data to train machine-learning models for third parties, and we do not sell your data.

4. Data Storage and Security

Your workout data and progress photos are stored on your device by default. If you enable cloud backup, your data is synced to our servers using industry-standard encryption in transit (TLS) and at rest (AES-256). Access is restricted to authenticated requests using your account credentials, which are stored using bcrypt hashing.

Progress photos are never transmitted off your device unless cloud backup is explicitly enabled by you.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service providers — RevenueCat (subscription management) and our cloud infrastructure provider process data on our behalf under strict data-processing agreements.
Legal requirements — if required by law, regulation, or valid legal process.
Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Your Rights and Choices

Access and correction — you can view and edit your account data in Settings within the app.
Data export — you can export all your workout logs as a CSV file from Settings at any time.
Account deletion — you can permanently delete your account from Settings → Account Deletion. This removes all server-side data associated with your account. Note that App Store subscriptions must be cancelled separately through Apple.
Notification opt-out — you can disable push notifications in iOS Settings at any time.
HealthKit permissions — you can revoke HealthKit access in iOS Settings → Privacy & Security → Health.
Waitlist removal — email privacy@superflex.fit to be removed from our pre-launch waitlist.

If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR or CCPA respectively. Contact us at privacy@superflex.fit to exercise those rights.

7. Children's Privacy

SuperFlex is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

8. Third-Party Links

The app and website may contain links to third-party services (e.g., Apple's subscription management). This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, sending a notice through the app. Your continued use of SuperFlex after changes become effective constitutes your acceptance of the updated policy.

10. Contact Us

Questions about this Privacy Policy? Reach us at:

Email: privacy@superflex.fit
Website: superflex.fit