Privacy Policy

HyperFit ("we", "the app") is a personal workout and nutrition tracker. This policy explains what data we collect, why, and what control you have over it.

What we collect

• Account info — name and email, supplied by Apple Sign-In or Google Sign-In when you create an account. We never see your Apple/Google password.
• Account identifier — an opaque user ID generated by Supabase, used to scope your data to your account.
• Workout logs — the sets, reps, weights, exercises, plans, and rest-timer data you enter. Stored server-side so they sync across devices.
• Nutrition logs — meals, macros, water taps, and goals you enter. Same storage model.
• Health-adjacent inputs — body weight or units (kg/lb, ml/oz) you set in Settings. Stored only with your account.
• Product usage events — which screens you visit and which actions you take in the app (e.g. workout started, meal logged, water tapped). Sent to PostHog (US region) so we can see which features people use and where they get stuck. Linked to your account ID after you sign in; anonymous before that. We do not send the contents of your workouts or meals — only event names and a small set of metadata fields like meal slot or set count.
• Crash diagnostics — uncaught JavaScript errors are sent to PostHog so we can fix what breaks. Includes the error message and stack; does not include your data.

What we don't collect

• No HealthKit access, no advertising IDs, no device fingerprints.
• No cross-app tracking. We do not link your data to data from other companies for advertising or share with data brokers.
• No advertising SDKs (no Google AdMob, no Facebook SDK, no Firebase Analytics).
• No location data.

How we use it

Solely to operate the app: render your dashboard, compute your streak and PR badges, populate the muscle heatmap, sync across your devices. We do not sell, share, or rent your data to third parties.

Where it lives

Account, workout, and nutrition data are stored in Supabase (PostgreSQL hosted on AWS, US region). Access is fenced by row-level security keyed to your account ID, no other user can read your rows. Product usage events and crash diagnostics are stored in PostHog (US region) and accessible only by HyperFit's developer.

Account deletion

You can delete your account at any time, fully in-app:

• Open HyperFit → tap the gear icon (top-right of Home) → Profile → Delete Account.
• Two-step confirmation prevents accidents.
• On confirm, we immediately delete: workout sessions and sets, plan instances, custom exercises, nutrition days and entries, water logs, settings, and the auth record itself.

Deletion is irreversible. If you'd rather email us, write to hyperfocusedengineer@gmail.com and we'll handle it manually within 7 days.

Product usage events stored in PostHog are keyed to your account ID. After you sign out the app stops sending events tied to that id (subsequent events are anonymous). Historical events for a deleted account remain in PostHog until our next purge. To request immediate purge, email hyperfocusedengineer@gmail.com.

Children

HyperFit is not directed at children under 13 and we do not knowingly collect data from them.

Changes

If we materially change this policy, we'll update the date above and surface the change in-app on your next launch.

Contact

Questions, requests, or issues: hyperfocusedengineer@gmail.com