Privacy Policy.

EFFECTIVE: MAY 30, 2026  ·  LAST UPDATED: MAY 30, 2026

This Privacy Policy explains how Daniel Almakhamreh ("GymProof," "we," "us" or "our") collects, uses, stores, shares and protects personal information in connection with the GymProof mobile application for iOS (the "App") and the website at gymproofapp.com and its subdomains (together with the App, the "Services").

We operate from Amman, Jordan. By creating a GymProof account, downloading the App, or using the Services you confirm you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use the Services.

1. Who we are

GymProof is operated by Daniel Almakhamreh, a sole proprietor located at 114 Queen Zain Al Sharaf Street, Deir Ghbar, Amman, Jordan. References in this Policy to "we" or "GymProof" refer to Daniel Almakhamreh as the data controller for the personal information described below.

For any privacy-related question or request, contact us at privacy@recastdesigns.com.

2. Information we collect

We collect the following categories of personal information.

2.1 Information you give us directly

• Account information. When you sign up — your first name, email address, and where you choose Apple or Google Sign-In, a unique user identifier provided by Apple or Google.
• Onboarding answers. Your training goal, weekly training-day schedule, accountability preferences and similar responses to our six-question onboarding flow.
• Buddy / accountability contacts. The first name and mobile phone number of each contact you select to receive an accountability text on your behalf.
• Workout proof images. Photos you submit through the App's "gym selfie" feature.
• Subscription information. The product you purchased and your active entitlement status. GymProof does not receive or store credit-card numbers, bank details, or other payment-instrument data — all payment processing is handled by Apple through the App Store and reconciled with us by RevenueCat.
• Waitlist signups (website). If you submit your name and email on gymproofapp.com, we store that information so we can email you when the App launches.

2.2 Information from Apple Health (with your permission)

With your explicit consent, GymProof reads the following data from Apple Health: workout records (type, start time, duration, source), step counts and daily step totals. We use this data only to verify that you completed a scheduled workout and to determine whether you have reached the 10,000-step unlock threshold on a given day. We do not write data back to Apple Health unless you expressly enable that option. Health data is never shared with third parties, never used for advertising, and is processed only to deliver the App's accountability features.

2.3 Information from your device

• Device identifiers. Apple's Identifier for Vendor (IDFV) and a Firebase Installation ID, used to identify the App instance on your device.
• Push notification token. Provided by Apple Push Notification service (APNs) so we can deliver reminders and notifications you have opted into.
• App usage and diagnostics. Crash logs, error reports and basic usage events (for example, "proof submitted," "workout day skipped"). We use these to improve reliability and measure feature performance.
• App-blocking state. The list of social applications you have selected to be blocked when you miss a workout, and the current lock/unlock state for each. This data stays on your device except where it must be synchronized to your account so the block persists across devices.

2.4 Information collected on the website

When you visit gymproofapp.com we automatically receive standard log data (IP address, browser and operating-system metadata, referring URL, pages viewed and timestamps). The website also loads the following marketing pixels, which set cookies and may record events such as "PageView" and "Lead" / "CompleteRegistration" on your device:

• Meta (Facebook) Pixel — operated by Meta Platforms, Inc.
• TikTok Pixel — operated by TikTok Pte. Ltd. and its affiliates.

These pixels are not used inside the iOS App. You can prevent them from running by blocking third-party cookies in your browser, by using your browser's "Do Not Track" or equivalent setting, or by using an ad blocker.

3. How we use your information

We use personal information only for the purposes set out below.

• To provide the Services. Create and maintain your account; remember your training schedule; verify gym selfies via AI vision; read your workouts and steps from Apple Health; block and unblock the social applications you have selected; deliver accountability texts on your behalf; manage your subscription entitlements.
• To communicate with you. Send transactional messages (account, billing, subscription renewals, security notices) and product reminders you have opted into.
• Waitlist email. If you joined the waitlist on the website, to send you the launch announcement and your founding-member access link. You can unsubscribe at any time using the link in the email or by emailing us.
• To improve the Services. Diagnose crashes, measure feature reliability, fix bugs and plan future features. We use aggregated and de-identified data for this wherever possible.
• Safety and abuse prevention. Detect and prevent fraud, abuse, account compromise and activity that violates our Terms of Service.
• Legal compliance. Comply with applicable law, lawful requests from authorities, and to enforce our rights.

We do not sell personal information. We do not use Apple Health data for advertising or profiling.

4. Legal bases for processing (EEA / UK users)

If you are in the European Economic Area, the United Kingdom or Switzerland, our legal bases for processing your personal information are: (i) performance of a contract with you, so we can deliver the Services you signed up for; (ii) your consent, in particular for access to Apple Health data, marketing pixels on the website, and any optional notifications; (iii) our legitimate interests in operating, securing and improving the Services; and (iv) compliance with a legal obligation to which we are subject.

5. How we share information

We do not sell personal information. We share personal information only with the following categories of recipients, and only to the extent necessary for the purpose listed.

5.1 Sub-processors and service providers

We use the following sub-processors to operate the Services. Each is bound by their own privacy and security commitments, and each may process personal data in the United States or other countries.

• Google LLC (Firebase Authentication, Firestore, Cloud Storage for Firebase, Cloud Functions, Firebase Cloud Messaging, Firebase Hosting) — account data, schedule and streak data, gym-selfie images, push tokens, web analytics.
• Apple Inc. (Sign in with Apple, Apple Health, StoreKit / App Store payments, Apple Push Notification service) — authentication, health data access on your device, subscription processing and push delivery.
• OpenAI, L.L.C. — receives the gym-selfie image you submit, processes it with the GPT-4o vision model to validate that gym equipment is present and that the image is recent, and returns a verification result. OpenAI states that data sent to its API is not used to train its models. Images are not retained by us beyond the period described in Section 7.
• RevenueCat, Inc. — processes your in-app purchases and entitlement status. We share your anonymous app user identifier and product identifiers with RevenueCat; RevenueCat does not receive your name or email.
• OpenPhone Technologies, Inc. — sends accountability text messages on your behalf to the buddy contacts you selected, using the phone numbers you provided.
• Meta Platforms, Inc. (website only) — Meta Pixel for measuring website conversions and reaching similar audiences.
• TikTok Pte. Ltd. (website only) — TikTok Pixel for measuring website conversions and reaching similar audiences.

5.2 Buddy contacts

When you miss a scheduled workout and choose the "send accountability text" unlock option, we send an SMS message to the contacts you have selected. The message identifies you by the first name you set in your GymProof profile and informs the recipient that you skipped a committed workout. Your buddy contacts' phone numbers are not shared with any third party other than OpenPhone (which delivers the SMS) and Google (which stores your buddy list inside your private Firestore record).

5.3 Legal and safety disclosures

We may disclose personal information if we believe in good faith that it is necessary to: comply with a legal obligation or lawful request; protect the rights, property or safety of GymProof, our users or the public; investigate suspected fraud or abuse; or enforce our Terms of Service.

5.4 Business transfers

If GymProof is involved in a merger, acquisition, financing or sale of assets, personal information may be transferred to a successor or acquirer subject to this Privacy Policy or a successor policy with equivalent protections.

6. Data retention

• Account data is retained for as long as your GymProof account is active.
• Gym-selfie images are retained for up to 60 days after submission and then deleted from our storage, unless you have elected to keep a longer personal "proof history" inside the App.
• Workout, schedule and streak records are retained for the lifetime of your account so your history remains visible inside the App.
• Buddy contact information is retained until you remove the contact or delete your account.
• Waitlist signups are retained until 12 months after launch, or until you unsubscribe, whichever is sooner.
• Diagnostic and analytics data is retained for up to 24 months in identifiable form and indefinitely in aggregated, de-identified form.

When you delete your account (Section 8), we delete or irreversibly anonymize the categories above within 30 days, except where we are required to retain certain records for legal, accounting or fraud-prevention reasons.

7. Children

GymProof is intended for users aged 13 and older. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact privacy@recastdesigns.com and we will delete it. If you are between 13 and the age of majority in your jurisdiction, you may only use the Services with the permission of a parent or legal guardian.

8. Your rights and choices

You have the following rights with respect to your personal information.

• Access and portability — request a copy of the personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete your personal information. You can delete your account at any time from within the App's profile screen, or by emailing us at privacy@recastdesigns.com.
• Withdraw consent — revoke any consent you previously gave (for example, by disabling GymProof's access to Apple Health from iOS Settings → Privacy & Security → Health → GymProof).
• Object or restrict — object to or restrict certain processing, including for direct marketing.
• Opt out of marketing — unsubscribe from any marketing email using the link in the message.
• Lodge a complaint — residents of the EEA, UK or Switzerland may lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@recastdesigns.com. We will respond within 30 days of receiving a verifiable request.

California residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended ("CCPA/CPRA"), including the right to know what categories of personal information we collect and disclose, the right to delete personal information, the right to correct inaccurate information, and the right to opt out of any "sale" or "sharing" of personal information. GymProof does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. The website pixels described in Section 2.4 may be considered "sharing" in some interpretations; you can opt out by blocking third-party cookies, by using a Global Privacy Control signal, or by emailing privacy@recastdesigns.com.

9. International transfers

We are based in Jordan, our sub-processors are based primarily in the United States, and you may use the Services from anywhere in the world. By using the Services, you understand that your personal information may be transferred to, and processed in, countries other than your country of residence, including the United States. Where applicable law (such as the GDPR) requires a specific transfer mechanism, we rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism with our sub-processors.

10. Security

We use commercially reasonable technical and organizational measures to protect personal information, including TLS encryption in transit, encryption at rest by our sub-processors, per-user access controls in Firestore and Cloud Storage, and the principle of least privilege for administrative access. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security but we work to maintain a high standard.

11. Apple Health specific notice

Consistent with Apple's App Store policies, we confirm the following with respect to data received from Apple Health (HealthKit):

• We access Apple Health data only with your explicit permission, granted through the iOS Health authorization screen.
• We use Apple Health data solely to provide GymProof's accountability features (verifying workouts and counting steps toward the 10,000-step unlock).
• We do not use Apple Health data for advertising, marketing, profiling or any similar purpose.
• We do not share Apple Health data with any third party (including for medical research) without your express, prior consent.
• You can revoke our access at any time from iOS Settings → Privacy & Security → Health → GymProof.

12. Cookies (website only)

The website uses (i) a small number of first-party cookies and browser storage entries that are strictly necessary to remember your form input and waitlist status, and (ii) third-party cookies set by the Meta and TikTok pixels described above. The iOS App does not use cookies. You can control cookies through your browser settings.

13. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make a material change we will update the "Last updated" date at the top of this page and, where required, notify you through the App or by email. Continued use of the Services after the updated Policy takes effect constitutes acceptance of the changes.

14. Contact us

For any question or request relating to this Privacy Policy or your personal information, contact: