Privacy Policy

App: MTPUMP
Contact: knotaburnnner@gmail.com
Effective date: April 25, 2026
Last updated: May 8, 2026

Plain-English summary. MTPUMP is a workout-tracking iPhone app. We store the data you give us (account info, workouts you log, photos you upload) so the app works. You can view, export, or delete your data at any time from inside the app. We don't sell your data. We use it to provide the service and — only if you opt in — to send you marketing email.

1. Who we are

MTPUMP ("we," "us," or "our") is the workout-tracking iPhone app described by this policy. You can reach us at knotaburnnner@gmail.com.

2. What data we collect

We collect only what we need to run the app:

Account information: email address, password (stored as a one-way cryptographic hash by our authentication provider), public username, display name.
Marketing preference: whether you opted in to marketing email, and the email address you opted in with.
Workout and fitness activity you create: workout plans you build, workout sessions you log (including muscle group, exercises, sets, reps, weight, and time spent). This is fitness/exercise activity data — we do not link it to any Apple Health, HealthKit, or other third-party fitness service.
Photos you upload: images you choose to attach to a workout, whether selected from your photo library or captured with your camera at the moment.
Plan enrollment status: which plans you have started, your current week and day within each plan, when you started a plan, and whether the enrollment is currently active.
Social interactions: posts auto-generated when you complete a workout, likes you give to posts, plans you have hidden from your view, users you have blocked, and any reports you have filed about other users' content.
Operational data: timestamps for account creation, sessions, posts, and likes. We do not collect device identifiers or precise location.

We do not collect: your contacts, your microphone or camera audio, your precise location, your health data from Apple Health, or any third-party identifier for cross-app tracking.

Camera and photo library: when you tap "Take photo" we briefly access your camera to capture a single image; when you tap "Choose from library" we access your photo library only to retrieve the image you select. We do not browse, index, or upload any photos other than the one you explicitly attach to a workout.

3. How we use your data

To provide and operate the app (show you your workouts, render the public feed, track your weekly plan progress).
To enable the social features you opted into (your username and workout summary appear publicly on the in-app feed).
To send you marketing email only if you explicitly opted in at sign-up. You can unsubscribe at any time using the link in any marketing email.
To prevent abuse and to comply with our legal obligations.

We do not sell or share your personal data, as those terms are defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We have not sold or shared your personal data in the preceding 12 months. We do not share your personal data with advertisers or data brokers.

4. What's public vs. private

Public (visible to other users of the app): your username, the summary of completed workouts on the feed (e.g. "Completed Push from Sample Push/Pull/Legs"), photos you choose to attach to a workout, like counts on posts, and any workout plans you publish.

Private (visible only to you): your email address, your individual set/rep/weight numbers, your enrollment status in plans, plans you've hidden from your view, and your account settings.

5. Service providers we use

We use the following third parties to operate the app. Each receives the minimum data necessary for the function it performs:

Supabase — database, authentication, and image storage. Hosted in the United States. Privacy policy: https://supabase.com/privacy.
Apple — App Store distribution, crash reports if you opt in to iOS analytics sharing. Privacy policy: https://www.apple.com/legal/privacy/.

We do not run our own crash-reporting, analytics, or session-replay tools (no Sentry, Firebase, Mixpanel, etc.). Crash data, when shared, only flows to Apple via the iOS Analytics & Improvements setting that you control on your device.

We may add other service providers (for example, an email-delivery provider for marketing email if you have opted in) in the future. We will update this list and the "Last updated" date at the top of this page when we do.

6. Where your data lives + how long we keep it

Your data is stored on Supabase infrastructure in the United States. We keep your data for as long as your account exists. When you delete your account from inside the app, we permanently delete all of the following from our systems:

Your account and profile
Every workout session, set, and feed post you've created
Every plan you've created (and other users' enrollments in those plans)
Your likes, hidden-plans entries, and uploaded photos

Marketing email subscribers are also removed from our marketing list when you delete your account or unsubscribe.

7. Your rights

You have the following rights:

Access: the app shows you all your data inside the app itself (workout history, plans, profile).
Deletion: use Settings → Permanently delete my account inside the app. Deletion is immediate and irreversible.
Marketing opt-out: click "unsubscribe" in any marketing email, or contact us at the email above.
Correction: you can edit your username and other profile data inside the app. For anything you can't edit yourself, email us.

If you're a resident of the European Union (GDPR), the United Kingdom (UK GDPR), or California (CCPA), you have additional rights including the right to data portability and the right to lodge a complaint with your local data-protection authority. Email us if you want to exercise any of these rights.

Legal basis for processing (GDPR / UK GDPR). We process your account information and workout content under the contractual necessity of providing the service to you. We process your marketing-email preference and any marketing email delivery under your explicit consent (which you can withdraw at any time using the unsubscribe link or the contact email below). We process operational data (timestamps, block lists, content reports) under our legitimate interest in operating the service securely and preventing abuse.

8. Age requirement

MTPUMP is intended only for users who are 18 years of age or older. By creating an account or otherwise using the app, you represent that you are at least 18. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has created an account or provided us with personal information, please contact us at knotaburnnner@gmail.com and we will delete the account and associated data.

9. Security

We use industry-standard technical safeguards (encrypted connections, hashed passwords, row-level access controls in our database) to protect your data. No online service is 100% secure; if we ever become aware of a breach affecting your data, we will notify you in line with applicable laws.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated inside the app or by email.

11. Contact

Questions or requests about this policy can be sent to knotaburnnner@gmail.com.