BulkTrack Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Device Information: Device ID, device model, OS version
• Training Data: Exercise records, weight, repetitions, RPE (Rate of Perceived Exertion)
• Physical Information (optional): Body weight, body fat percentage
• Account Information (when using Apple Sign-in): Email address, display name

1.2 Information Collected Automatically

• Usage Data: App usage frequency, feature usage patterns
• Technical Information: IP address, access time, error logs
• Healthcare Data (with user permission): Sleep, heart rate, and activity data from Apple HealthKit and Google Fit

1.3 Information We Do Not Collect

• Location information
• Contacts
• Camera/microphone access
• Financial information (payments are processed through App Store/Google Play)

2. How We Use Information

We use collected information for the following purposes:

2.1 Service Provision and Improvement

• Storage and management of training records
• Personalized suggestions through AI analysis
• Progress visualization and report generation
• Service quality improvement and new feature development

2.2 User Support

• Responding to inquiries
• Resolving technical issues
• Important service notifications

2.3 Research and Development

• Muscle hypertrophy research using anonymized and statistical data
• Improving AI algorithm accuracy
• Developing new training methods

3. Information Sharing and Disclosure

3.1 Third-Party Disclosure

We do not provide personal information to third parties except in the following cases:

• With user consent
• When required by law
• When necessary to protect life, body, or property

3.2 Service Providers

We use the following third-party services to provide our service:

• Cloudflare: Infrastructure and data storage
• Terra API: Wearable device data integration (with user permission)

These service providers are contractually obligated to implement appropriate security measures.

3.3 Use of Anonymized Data

Data processed to prevent individual identification may be used for:

• Contributing to academic research
• Creating industry reports
• Statistical analysis for service improvement

4. Data Security

4.1 Security Measures

• All communications encrypted with HTTPS (SSL/TLS)
• Passwords stored encrypted (JWT token-based authentication)
• Regular security audits
• Internal access controls

4.2 Data Retention Period

• Active Users: Retained while using the service
• Inactive Users: Automatically deleted after 2 years from last use
• Deletion Requests: Deleted within 30 days of request

5. User Rights

5.1 Right of Access

Users have the right to access personal information we hold and request a copy.

5.2 Right to Rectification

Users have the right to request correction of inaccurate or incomplete personal information.

5.3 Right to Erasure (Right to be Forgotten)

Users have the right to request deletion of their personal information. This can be done through app settings or by contacting support.

5.4 Data Portability

Users have the right to export their training data (Pro version feature).

5.5 Right to Restrict Processing

Users have the right to request restriction of processing of specific personal information.

6. Cookie Policy

Our website uses cookies for the following purposes:

• Essential Cookies: Providing basic service functionality
• Analytics Cookies: Usage analysis (Google Analytics)

You can disable cookies through your browser settings.

7. Children's Privacy

This service is intended for users 16 years and older. Users under 16 must obtain parental consent before using the service.

8. International Data Transfers

We use Cloudflare's global infrastructure, and data may be processed in multiple countries. In all cases, it will be properly protected according to this Policy.

9. Changes to Privacy Policy

We may change this Policy as necessary. In case of significant changes, we will notify you through in-app notifications or email.

10. Contact Us

For inquiries regarding the handling of personal information, please contact:

11. Legal Basis (GDPR Compliance)

Legal basis for processing personal data of EU residents:

• Performance of Contract: Processing for service provision
• Legitimate Interests: Service improvement, fraud prevention
• Consent: Marketing communications, healthcare data integration

12. Data Protection Officer

Currently, appointment of a Data Protection Officer (DPO) under GDPR is not required, but please contact us at the above address for privacy-related questions.