Back to homeGymma

Privacy Policy

Last updated: November 16, 2025

1. Introduction

Gymma (referred to as Gymma, we, or us) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what we collect, why we collect it, how we use it, and the choices you have.

2. Data We Collect

The data we collect depends on how you use Gymma and which features you enable.

  • Account data (e.g. email address, basic account identifiers).
  • Profile data (e.g. goals, preferences, experience level, settings you provide).
  • Workout and training data (e.g. workouts, exercises, sets, reps, weights, duration, notes).
  • Device/app usage data (e.g. feature usage, basic diagnostics, logs needed to operate and secure the service).
  • Billing data: if you purchase a subscription, payments are processed by our payment provider and we receive limited billing metadata (e.g. subscription status). We do not store full card details.

3. Connected Services and Integrations (Optional)

Gymma may let you connect third-party services (for example, fitness device platforms) to import or sync fitness-related data. We only access data from an integration after you give express consent during the authorization flow, and only for the permissions you approve.

If you connect Garmin Connect, any data synced into Gymma is provided to Gymma (not to Garmin). Garmin is not responsible for Gymma’s collection, use, or disclosure of such data.

You can disconnect an integration at any time through Gymma (where available) or by revoking access in the third-party service. When access is revoked, we stop new collection from that integration.

4. How We Use Your Data

We use your data to operate Gymma and provide requested features, including to:

  • Provide, maintain, and improve Gymma
  • Personalize plans and training insights
  • Sync data from integrations you enable
  • Provide customer support and communicate with you
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only as needed to operate Gymma, including with:

  • Service providers that host our infrastructure, process payments, send emails, or provide analytics/support tooling (acting under our instructions).
  • Legal and safety disclosures when required by law or to protect users, Gymma, or the public.
  • With your consent when you choose to enable an integration or share data.

6. Data Retention and Deletion

We retain personal data only as long as necessary for the reasonable operation of Gymma, unless a longer retention period is required by law or you have provided explicit consent.

If you revoke consent for a connected integration (including Garmin Connect) or request deletion, we will promptly delete or de-identify applicable data, subject to legal requirements and legitimate business needs (e.g. fraud prevention or billing records).

To request deletion, email privacy@gymma.ai from the address associated with your account.

7. Data Security

We use administrative, technical, and organizational measures designed to protect personal data. This includes encryption in transit and at rest where appropriate, access controls, and monitoring. No system can be 100% secure, but we work to continuously improve our safeguards.

8. Your Rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise these rights by contacting us.

9. Children’s Privacy

Gymma is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided personal data to Gymma, contact us and we will take appropriate steps.

10. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at privacy@gymma.ai.