Privacy Policy
Last updated: July 6, 2026
1. What we collect
We collect the email you sign in with, the profile details you provide (name, timezone, and optional body profile: sex, birth date, height, activity level, training goal), the training data you record (programs, workouts, sets, weights, body measurements), and basic usage telemetry (pages visited, features used). If a personal trainer manages your training, the data you record is visible to that trainer while the link is active.
Body scan photos are special. The posture analysis runs on your own device: by default your photos never leave your phone, and only the derived body landmarks and metrics (angles, symmetry scores, composition estimates) are stored in your account. If you explicitly opt in to the AI visual report or the visual projection feature, the photos you selected are uploaded over an encrypted connection, stored privately, shared with no one but you (and your trainer, only if you enable sharing), and processed by third-party AI providers solely to generate your report or projection. You can delete scans and their photos at any time.
Body composition numbers (such as body fat estimates) are statistical estimates derived from photos and the measurements you provide. They are not medical data, not a diagnosis, and are stored only to show you your own progress.
2. How we use it
We use your data to provide and operate MyPersonal, deliver the alerts and emails you opt into, process payments, measure conversion, run product experiments (A/B tests), and improve the product. We do not sell, rent, or trade your personal information.
3. Third-party services
Authentication and data storage are handled by Supabase. Payments are processed by Stripe; we never store your card number, CVC, or full card details, only a Stripe customer ID. Hosting is provided by Vercel. Transactional email is delivered through Resend. If you sign in with Google, we receive your name and email from your Google profile.
Training records are shared only between you and your linked personal trainer, if any. Optional AI features (training suggestions from your assessment, visual scan reports, visual projections) send the relevant inputs to third-party AI providers acting on our behalf, solely to produce the output you requested; they are contractually barred from using your data to train their models where such controls are offered. Emails and push notifications are delivered through infrastructure providers acting on our behalf. We never sell your data.
5. Data retention
We retain your data while your account is active. Deleting your account removes your personal data within 30 days, except where law requires retention. Anonymized, aggregated analytics may be kept longer for reporting.
6. Your rights
You can access, update, or delete your account at any time from the app, or request a data export or deletion by emailing support@glowclue.com. Depending on where you live, the following data protection laws grant you additional rights:
GDPR — European Union, EEA & United Kingdom
General Data Protection Regulation (EU 2016/679) and UK GDPR
We process your personal data on the legal bases of contract performance (providing the service you signed up for), consent (push notifications, marketing emails), and legitimate interest (security, product analytics). You have the right to access, rectify, erase, and receive a portable copy of your data, to restrict or object to its processing, and to withdraw consent at any time without affecting prior processing. You may lodge a complaint with your local supervisory authority.
LGPD — Brazil
Lei Geral de Proteção de Dados (Law No. 13,709/2018)
You have the right to confirmation that we process your data, access to it, correction of incomplete or outdated data, anonymization or deletion of unnecessary data, portability to another provider, information about who we share data with, and revocation of consent. Requests are handled by the data controller identified above. You may also file a complaint with the ANPD (Autoridade Nacional de Proteção de Dados).
CCPA/CPRA — California, United States
California Consumer Privacy Act, as amended by the CPRA
California residents have the right to know what personal information we collect and how it is used, to request its deletion or correction, to opt out of its sale or sharing (we do not sell personal information), to limit use of sensitive personal information, and not to be discriminated against for exercising these rights.
7. Children's privacy
MyPersonal is not intended for users under 18. We do not knowingly collect information from children; if you believe a child has provided us personal information, contact us and we will delete it.
8. Security
We use industry-standard measures including encryption in transit (TLS) and database row-level security. No method of transmission over the internet is 100% secure.
9. Changes to this policy
We may update this policy from time to time and will post the updated version here with a new "Last updated" date. Continued use of MyPersonal after changes constitutes acceptance.
10. Contact
KeenvoTech · support@glowclue.com · Support form