Legal

Privacy Policy

Effective date: July 10, 2026

Pumped Fitness is operated by Punk Labs LLC ("Punk Labs," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use the Pumped Fitness mobile application and related services (the "Service").

1. Scope and Controller

Punk Labs LLC is responsible for the personal information described in this Policy. This Policy applies to the Pumped Fitness mobile app, account services, cloud backup, and support communications. Third-party websites and services have their own privacy practices.

2. Information We Collect

Account and authentication information

  • Email address, optional display name, Firebase account identifier, authentication provider, and email-verification status.
  • Information returned by Google Sign-In or Sign in with Apple when you choose one of those methods, subject to the permissions you grant.
  • Records needed to authenticate your account and protect it from unauthorized access.

Fitness and workout information

  • Exercises, sets, repetitions, weights, rate of perceived exertion (RPE), workout duration, completion dates, personal records, and exercise history.
  • Training plans, custom routines, workout schedule, rest days, streaks, muscle scores, mastery values, and other progress calculations.
  • Goals, experience level, training mode, equipment, session length, preferred workout days, and intensity preferences.

Health-related information you choose to provide

  • Selected body profile.
  • Training limitations, injury areas, or movement restrictions.
  • Hydration unit, hydration target, and daily hydration logs.

These health-related inputs are self-reported fitness preferences. Pumped Fitness is not a medical-record system and does not verify the accuracy of this information.

App preferences and device information

  • Unit, timer, notification, display, tutorial, hidden-exercise, and persistent-exercise preferences.
  • Firebase and platform providers may automatically process limited technical information such as IP address, device and operating-system details, app version, authentication events, SDK user-agent information, and app or device attestation material for security and service operation.

Support information

  • If you contact us, we receive your email address, message, and anything else you choose to include.

Information we do not currently collect

  • Precise or coarse device location.
  • Contacts, call logs, or text-message content.
  • Photos, camera input, or microphone recordings.
  • Payment-card details or purchase history.
  • Advertising identifiers or data used for cross-app tracking.

3. Where Information Is Stored

Pumped Fitness stores app data locally on your device. Sensitive local fields are protected with app-level encryption where the runtime supports it, in addition to device security controls.

When you choose cloud backup, account-linked profile, workout, hydration, plan, routine, and progress information is transmitted to and stored in Google Firebase. Cloud backup is optional, but Firebase Authentication necessarily stores account information required for sign-in.

Local notifications are scheduled through your device. Pumped Fitness does not currently operate a server that stores notification content or push-notification tokens.

4. How We Use Information

We use information to:

  • Create, authenticate, verify, secure, and support your account.
  • Provide workout logging, hydration tracking, progress history, routines, reminders, and cloud backup or restore.
  • Generate and personalize automated training plans and recommendations.
  • Filter or adjust exercise selections using the limitations and equipment you provide.
  • Calculate streaks, personal records, muscle scores, recovery indicators, and progress views.
  • Send transactional verification, password, account-security, and support messages.
  • Deliver local notifications you enable.
  • Prevent fraud, enforce security rules, protect Firebase resources with App Check, diagnose failures, and maintain the Service.
  • Comply with law and protect users, Punk Labs LLC, and others.

We do not use verification or security messages for advertising. We do not send marketing email unless you separately request or consent to it.

5. How We Disclose Information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising, and Pumped Fitness does not contain third-party advertising.

We disclose information only as reasonably necessary to:

  • Google Firebase Authentication, Firestore, and App Check for authentication, optional backup, security, and service infrastructure.
  • Google or Apple when you select their sign-in service.
  • Apple App Attest or DeviceCheck to validate app or device integrity.
  • Expo and Apple platform services used to build, distribute, and operate the app.
  • Service providers handling support communications on our behalf.
  • Courts, regulators, law enforcement, or other parties when disclosure is legally required or reasonably necessary to protect rights, safety, and security.
  • A buyer, successor, or adviser involved in a merger, financing, reorganization, bankruptcy, or transfer of all or part of the business, subject to applicable law.
  • Another party when you direct us or give consent.

Service providers may process information only for the services they provide and under their own applicable terms and privacy obligations.

6. Data Retention and Account Deletion

We retain account and cloud-backup information while your account remains active and as needed to provide the Service. Local information remains on your device until you clear it, delete your account, uninstall the app, or the operating system removes it.

You can initiate account deletion in Settings. When deletion succeeds, Pumped Fitness deletes known account-linked profile documents, workout records, routines, exercise history, hydration records, user-owned Firebase Storage files, and the Firebase Authentication account. The app also clears locally stored account and fitness data and cancels locally scheduled notifications.

Limited security logs, support communications, records required by law, and residual copies in service-provider backup systems may remain for the period reasonably necessary for security, dispute resolution, legal compliance, or the provider's documented deletion cycle. Such information is not retained for advertising.

If a network or provider failure prevents deletion from completing, the app reports an error and keeps the account available so you can retry or contact support.

7. Your Choices and Rights

You can:

  • Review and update account and training information in the app.
  • Export workout history in a portable format.
  • Choose whether to use cloud backup.
  • Change or disable notification preferences and device permissions.
  • Clear local fitness data without deleting the account.
  • Delete the account and associated cloud data through Settings.
  • Contact us to request access, correction, deletion, portability, restriction, objection, or withdrawal of consent where those rights apply.

Depending on where you live, you may have additional privacy rights and the right to appeal a decision or complain to a data-protection authority. We may need to verify your identity before completing a request. Exercising a privacy right will not result in unlawful discrimination.

8. Legal Bases for EEA and UK Users

Where European or United Kingdom data-protection law applies, we process information as necessary to perform our contract with you, with your consent for optional permission-based features, for our legitimate interests in securing and improving the Service, and to meet legal obligations. You may withdraw consent at any time, but that does not affect processing already completed lawfully.

9. International Processing

Punk Labs LLC is based in the United States. Firebase Authentication operates from United States data centers, while other providers may process information in the United States and other countries. Those countries may have different privacy laws. Where required, we use protections recognized by applicable law and require service providers to protect information under their applicable contractual obligations.

10. Security and Incident Response

We use access controls, per-user Firebase Security Rules, App Check, encrypted network transport, device protections, and app-level local encryption where supported. No storage or transmission method is completely secure, and we cannot guarantee absolute security.

We will investigate suspected incidents and notify affected users, regulators, or other parties when notification is required by applicable law.

11. Children and Eligibility

Pumped Fitness is intended only for people who are at least 18 years old. We do not knowingly allow children under 18 to create accounts. If you believe a minor has created an account contrary to this Policy, contact us so we can investigate and delete the information where appropriate.

12. Changes to This Policy

We may update this Policy to reflect changes in the Service, our practices, or law. We will update the effective date and provide additional notice in the app or by email when a change is material and notice is reasonably practicable. Where law requires consent to a change, we will request it.

13. Contact Us

For privacy questions or requests:

Built with v0