Privacy Policy

Last updated: March 12, 2026

This Privacy Policy describes how Ariex ("we", "our", or "us") collects, uses, stores, and shares your information when you use our website, mobile application, and services (collectively, the "Services"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, profile picture
  • Physical Metrics: Height, weight, age, gender
  • Fitness Data: Exercise frequency, fitness goals, preferred training days, session duration
  • Workout Data: Exercise sets, reps, weight lifted, workout sessions, start/pause/completion times, notes
  • User-Generated Content: Custom workout plans, feedback, comments

1.2 Information Collected Automatically

  • Device Information: Device model, operating system, browser type, unique device identifiers
  • Usage Data: Features used, pages/screens viewed, button clicks, session duration, time spent on pages
  • Performance Data: Application crashes, errors, loading times, response times
  • Network Information: IP address, internet service provider, referring/exit pages
  • Location Data: Country/region (not precise location)
  • Cookies and Similar Technologies: We use cookies, local storage, and similar tracking technologies (see Section 12 for details)

1.3 Information from Third Parties

When you sign in with third-party authentication providers (e.g., Google, Apple, Firebase), we receive basic profile information such as your name, email address, and profile picture.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our Services
  • Create and manage your account
  • Generate AI-powered personalized training plans based on your fitness goals and preferences
  • Track your workout progress and help you achieve your fitness goals
  • Analyze usage patterns and performance to improve user experience and optimize features
  • Send important updates, security alerts, and support messages
  • Detect, prevent, and address technical issues, fraud, or security concerns
  • Comply with legal obligations and enforce our Terms of Service
  • Provide customer support and respond to your inquiries
  • Conduct research and development to enhance our Services
  • Send promotional communications (with your consent, where required)

3. Third-Party Services

We use the following third-party services that may collect, process, or store your data. Each service has its own privacy policy governing their use of your information:

3.1 Firebase (Google LLC)

Purpose: Authentication, database, crash reporting, and analytics

Data Collected: Email, user ID, device information, crash logs, authentication tokens

Privacy Policy: https://firebase.google.com/support/privacy

3.2 Sentry

Purpose: Error tracking, crash reporting, and performance monitoring

Data Collected: Device information, error logs, stack traces, performance metrics, user context (name, email, IP address), session replays (10% of sessions, 100% of error sessions)

PII Handling: Sentry is configured with sendDefaultPii: true, which means personally identifiable information may be included in error reports

Privacy Policy: https://sentry.io/privacy/

3.3 PostHog

Purpose: Product analytics, user behavior insights, and session recording

Data Collected: User interactions, screen/page views, feature usage, device information, user properties (ID, email, name, sex, onboarding status)

Tracked Events: We track 75+ events including onboarding steps, authentication, training plan interactions, exercise library usage, workout sessions, set tracking, profile changes, stats viewing, navigation, and errors

Session Replay: PostHog is configured to capture session replays to help us understand user experience

Privacy Policy: https://posthog.com/privacy

3.4 RevenueCat

Purpose: Subscription management, in-app purchase processing, and entitlement tracking

Data Collected: App user ID, purchase receipts, subscription status, device identifiers, transaction history

How It Is Used: RevenueCat processes your in-app purchases through Apple's App Store and manages your subscription entitlements (Free or Pro tier access). It does not have access to your payment details - those are handled entirely by Apple.

Privacy Policy: https://www.revenuecat.com/privacy

3.5 Expo

Purpose: Mobile app updates, hosting infrastructure, and development tools

Data Collected: Device information, app version, update requests

Privacy Policy: https://expo.dev/privacy

3.6 Google Gemini AI (Google LLC) - AI Training Plan Generation

Purpose: Generating personalized AI training plans tailored to your fitness profile

Data Sent: When you request an AI-generated training plan, the following personal data from your profile is transmitted to Google's Gemini AI:

  • Fitness goal (e.g. build muscle, lose weight)
  • Sex, age, height, and weight
  • Preferred training days and session duration
  • Exercise history (last recorded weight, reps, and personal records per exercise)

How It Is Used: This data is used solely to generate a customized workout plan. Google does not use this data to train its models or for advertising purposes under its API terms.

User Consent: Before any data is sent to the AI service, you are presented with an in-app consent screen that discloses what data will be shared, explains the purpose, and requires your explicit agreement before proceeding.

Data Retention: Data sent to the Gemini API is not stored by Google beyond the duration of a single API request, per Google's API usage policies.

Privacy Policy: https://policies.google.com/privacy

Note: These third-party services operate under their own terms and privacy policies. We encourage you to review their policies to understand how they handle your data.

4. Data Storage and Security

We take data security seriously and implement industry-standard measures to protect your information:

Storage Location

Your data is stored securely on servers located in the United States and may be processed in other countries where our service providers operate.

Security Measures

  • Encryption in Transit: TLS/SSL encryption for all data transmitted between your device and our servers
  • Encryption at Rest: AES-256 encryption for data stored on our servers
  • Secure Authentication: Firebase Authentication with industry-standard security protocols
  • Local Storage Security: Mobile app uses MMKV with encryption for secure local data storage
  • Access Controls: Strict access controls and authentication requirements for our staff
  • Security Monitoring: Regular security audits, monitoring, and vulnerability assessments
  • Staff Training: Regular security training for all personnel with access to user data

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share your information only in the following limited circumstances:

  • Service Providers: With third-party vendors who help us operate our Services (Firebase, Sentry, PostHog, RevenueCat, Expo, Google Gemini AI) under strict data processing agreements that require them to keep your information confidential and secure. Specifically, your fitness profile data (goal, age, sex, height, weight, training preferences, and exercise history) is shared with Google Gemini AI solely to generate personalized training plans when you use the AI plan feature.
  • Legal Requirements: When required by law, court order, legal process, or to protect our rights, property, and safety or that of our users and the public
  • Business Transfers: In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, or sale of assets, your information may be transferred to the successor entity
  • With Your Consent: When you explicitly authorize us to share your information with specific third parties

Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally for analytics, research, and business purposes. This data cannot be used to identify individual users.

6. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of all personal data we have about you
  • Correction: Update or correct inaccurate information through app settings or by contacting us
  • Deletion: Request complete deletion of your account and associated data
  • Data Portability: Export your workout data in a machine-readable format (JSON or CSV)
  • Object to Processing: Object to certain types of data processing
  • Withdraw Consent: Withdraw previously given consent at any time (this will not affect the lawfulness of processing before withdrawal)
  • Opt-Out of Marketing: Unsubscribe from promotional emails via the unsubscribe link or account settings
  • Restrict Processing: Request restriction of processing in certain circumstances

How to Exercise Your Rights

To exercise these rights:

  • Visit Settings → Account → Privacy in the mobile app
  • Email us at privacy@ariex.com

We will respond to your request within 30 days. In some cases, we may need to verify your identity before fulfilling your request.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services to you.

Account Deletion

When you delete your account:

  • Personal data (name, email, profile) is permanently deleted within 30 days
  • Workout data and training plans are permanently deleted within 30 days
  • Backup copies are removed within 90 days
  • Some information may be retained for legal compliance purposes (e.g., financial records for 7 years, fraud prevention records)

Inactive Accounts

Accounts inactive for more than 3 years may be subject to deletion after we provide notice to your registered email address.

Anonymized Data

Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics, research, and service improvement purposes.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries

Email: privacy@ariex.com
Response Time: Within 30 days

Data Protection Officer (GDPR)

Email: dpo@ariex.com

EU Residents

For data protection inquiries in the EU, you may also contact your local data protection authority.