Privacy Policy

1. Introduction

BarbellBites ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness and nutrition tracking platform (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using the Service:

• Account Information: Email address, username, first name, last name, password (encrypted)
• Profile Information: Profile photo, bio, fitness goals, dietary preferences
• Fitness Data: Workout logs, exercise details, sets, reps, weights, workout duration
• Nutrition Data: Meal logs, food entries, recipes, photos, macronutrient tracking
• Health Information: Height, weight, age, fitness goals, dietary restrictions
• Social Data: Friend connections, group memberships, challenge participation, comments
• Payment Information: Processed securely by Stripe (we do not store full payment details)

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

• Usage Data: Pages viewed, features used, time spent, click patterns
• Device Information: Browser type, operating system, device model, IP address
• Location Data: Approximate location based on IP address (not precise GPS)
• Cookies and Tracking: Authentication cookies, session data, preferences
• Analytics Data: Aggregated usage statistics via Google Analytics

2.3 Information from Third Parties

If you sign in using Google SSO, we receive:

• Your Google account email address
• Your Google profile name
• Your Google profile picture (optional)

We only request the minimum permissions necessary for authentication.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Provide and Maintain the Service

• Create and manage your account
• Store and display your fitness and nutrition data
• Calculate statistics, progress, and insights
• Enable social features (friends, groups, leaderboards)
• Process premium subscriptions

3.2 Improve and Personalize

• Customize your experience based on preferences
• Develop new features and improvements
• Analyze usage patterns to enhance performance
• Provide AI-powered recommendations (premium feature)

3.3 Communicate with You

• Send important service updates and announcements
• Deliver push notifications (with your permission)
• Send workout and meal reminders
• Respond to support inquiries
• Send promotional emails (opt-out available)

3.4 Security and Legal Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations and requests
• Protect the rights and safety of our users

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Other Users

• Public Profile: Username, profile photo, bio (based on privacy settings)
• Friends: Workout/meal activity, progress, achievements (based on settings)
• Leaderboards: Username, profile photo, points, workout count (opt-out available)
• Groups: Activity within group challenges and discussions

4.2 Service Providers

We share information with trusted third-party service providers who help us operate the Service:

• Hosting: Cloud infrastructure providers
• Payment Processing: Stripe (for premium subscriptions)
• Analytics: Google Analytics (anonymized data)
• Authentication: Google SSO (if you choose to use it)
• Email Services: Transactional email providers

These service providers are contractually obligated to protect your data and only use it for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests (subpoenas, court orders)
• Investigations of potential violations
• Threats to public safety
• Protection of our legal rights

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: HTTPS/TLS for data in transit, AES-256 for sensitive data at rest
• Password Security: Passwords are hashed using bcrypt
• Access Controls: Limited employee access on a need-to-know basis
• Secure Infrastructure: Regular security audits and updates
• Database Security: PostgreSQL with row-level security
• API Security: Authentication required for all endpoints

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

• Access your personal data through your account settings
• Request a copy of your data in a portable format
• Export your workout and nutrition logs

6.2 Correction and Updates

You can update your information at any time through:

• Profile settings page
• Individual workout/meal edits
• Account preferences

6.3 Deletion

You have the right to request deletion of your account and data:

• Contact us at [email protected] to request account deletion
• We will delete your data within 30 days of verification
• Some data may be retained for legal or legitimate business purposes
• Anonymized data may be retained for analytics

6.4 Opt-Out Options

• Push Notifications: Disable in Settings or device settings
• Marketing Emails: Unsubscribe link in emails
• Leaderboards: Hide your profile in Privacy settings
• Cookies: Manage through browser settings
• Analytics: Use browser "Do Not Track" feature

6.5 UK GDPR and Data Protection Rights

If you are in the United Kingdom, you have rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

• Right to be informed about data processing
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

To exercise any of these rights, please contact us at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority, at https://ico.org.uk or by calling their helpline on 0303 123 1113.

6.6 GDPR Rights (EU Users)

If you are in the European Union, you have similar rights under the EU GDPR, and may lodge complaints with your local data protection authority.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

7.1 Essential Cookies

• Authentication: Keep you logged in between sessions
• Security: Prevent fraud and cross-site request forgery
• Session Management: Maintain your preferences

7.2 Analytics Cookies

• Google Analytics: Track usage patterns and performance
• Anonymized Data: No personally identifiable information

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect functionality of the Service.

8. Push Notifications

With your permission, we send push notifications for:

• Daily workout and meal reminders (8 AM, 1 PM, 6 PM UTC)
• Streak expiry warnings
• Friend activity and social notifications
• Challenge invitations and updates
• Achievement unlocks

You can enable or disable push notifications at any time in Settings. We use VAPID keys for secure push notification delivery.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete the information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. By using the Service, you consent to the transfer of your information to these countries.

We ensure appropriate safeguards are in place when transferring data internationally, including standard contractual clauses approved by the European Commission.

11. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Most data deleted within 30 days
• Legal Requirements: Some data retained for legal compliance (e.g., payment records)
• Anonymized Data: May be retained indefinitely for analytics
• Backups: Data in backups deleted according to backup retention policy

12. Third-Party Links

The Service may contain links to third-party websites or services (e.g., nutritional databases, workout videos). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)
• Displaying an in-app notification

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell your data)
• Right to access your personal information
• Right to equal service and price (no discrimination)

To exercise these rights, contact us at [email protected] with "California Privacy Rights" in the subject line.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Summary of Your Rights