TrainFury is a workout-tracking service that lets you plan routines, log workouts, track personal records and body measurements, generate AI workout plans, and share progress with other users. The Service is operated by Fuzail Ahmad, sole proprietor (“the data controller / data fiduciary”), based in India.
For any privacy question, or to exercise your rights, contact us at [email protected].
We collect only the information needed to run the Service. This falls into the following categories:
| Category | Examples | Source |
|---|---|---|
| Account & identity | Email address, display name / username, password (stored only as a secure hash via our authentication provider), profile photo, and Google account identifier if you sign in with Google. | You / Sign-in provider |
| Fitness & training data | Workouts, routines, exercises, sets, reps, weights, durations, rest timers, RPE (effort) ratings, personal records and estimated one-rep max, and notes you add. | You |
| Body & health data | Body weight, body measurements, measurement sessions, and progress photos you choose to upload. This is treated as sensitive personal data. | You |
| Social data | Followers and following, follow requests, profile privacy setting (public/private), shared profiles, and in-app notifications. | You / Other users |
| Gym data | Gyms you join or manage, gym equipment, and (for gym owners) the login and gym details you provide. | You |
| Preferences | Unit preferences (kg/lb, km/mi, cm/in), app settings and configuration. | You |
| Technical & usage data | Device type and operating system, app version, IP address, approximate region inferred from IP, timestamps, sync and error logs, and basic diagnostics. | Automatic |
We do not knowingly collect precise GPS location, contacts, or payment card numbers. Where paid features are offered, payments are processed by the app store (Apple or Google) and we never see or store your full card details.
We do not sell your personal data, and we do not use your fitness or body data for third-party advertising.
If you are in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases:
When you use the AI workout generator, the text you enter (for example, “a 4-day upper/lower split”) and relevant context are sent to Google’s Generative AI (Gemini) API to produce a plan. We ask that you do not include sensitive personal information in AI prompts. Your prompts are processed to return a result and are handled under Google’s applicable terms and privacy commitments for its API. AI-generated plans are suggestions only and are not medical or professional fitness advice — see our health disclaimer.
We share information only in these limited situations:
| Provider | Purpose | Data involved |
|---|---|---|
| Google Firebase Authentication | Account sign-up and login | Email, authentication identifiers |
| Google Sign-In | Optional login with a Google account | Name, email, Google account ID |
| Google Generative AI (Gemini) | AI workout plan generation | Your AI prompts and plan context |
| Apple App Store / Google Play | App distribution and any in-app purchases | Purchase and subscription status (no card details shared with us) |
| Our hosting infrastructure | Storing your account, workout and media data on our backend | All Service data listed in Section 2 |
These providers act as our processors or independent controllers and are bound by their own privacy terms.
You control how visible you are. If your profile is public, your username, profile photo and the stats you choose to share may be viewable by other users and, where you share a profile link, by anyone with the link. If your profile is private, other users must send a follow request that you approve before they can see your content. Progress photos and measurements are private to your account unless you explicitly share them. You can change your privacy setting at any time in the app.
We keep your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or irreversibly anonymise your personal data within a reasonable period (typically within 30 days), except where we must retain limited information to comply with legal obligations, resolve disputes, or enforce our agreements. Backups are purged on a rolling schedule.
We use industry-standard safeguards including encryption in transit (HTTPS/TLS), hashed passwords, access controls and restricted administrative access. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to notify you and the relevant authorities of a data breach where the law requires.
We are based in India, and our providers (such as Google) may process data in other countries, including the United States. Where data is transferred out of the EEA, UK or your home country, we rely on appropriate safeguards such as the providers’ Standard Contractual Clauses and equivalent mechanisms.
Subject to applicable law (including India’s Digital Personal Data Protection Act, 2023), you have the right to:
To exercise any right, email [email protected]. We may need to verify your identity before acting on a request.
In addition to the rights above, you may lodge a complaint with your local data protection authority. Our legal bases are described in Section 4.
If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access and deletion, and to correct inaccurate information. We do not sell or “share” your personal information as those terms are defined under the CCPA/CPRA, and we do not use sensitive personal information for purposes requiring an opt-out. You have the right not to receive discriminatory treatment for exercising these rights.
You can delete your account and associated data at any time in two ways:
Deletion is permanent and removes your workouts, measurements, photos and profile, subject to the limited retention described in Section 9.
The Service is not intended for children under 13, and we do not knowingly collect data from them. Users aged 13 to 17 may use the Service only with the involvement and verifiable consent of a parent or legal guardian, consistent with the DPDP Act’s protections for minors. If you believe a minor has provided us data without appropriate consent, contact us and we will delete it.
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app or by email. Your continued use of the Service after changes take effect means you accept the updated policy.
Questions, requests or complaints about privacy?
Email: [email protected]
Data controller: Fuzail Ahmad (sole proprietor), India