Muscle Maker AI Privacy Policy

Privacy Policy
Muscle Maker AI
Last Updated: April 4, 2026
Effective Date: April 4, 20261. Introduction
Muscle Maker AI ("we," "our," or "the App") is a fitness and nutrition tracking application developed by Clarum. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our App.By using Muscle Maker AI, you agree to the collection and use of information in accordance with this policy.2. Information We Collect
2.1 Account Information
Email address
Full name
Authentication credentials (managed securely by our authentication provider)
Sign In with Apple identity token (if you choose Apple sign-in)
2.2 Profile and Biometric Data
Gender
Date of birth
Height
Weight
Body fat range (general category)
Lifting experience level
Eating habits and muscle goals
2.3 Fitness and Workout Data
Workout logs including exercises performed, sets, reps, and weights used
Workout duration and timestamps
Body parts trained
Lifting preferences and settings per muscle group
Deload scheduling and history
Progressive overload tracking
2.4 Nutrition Data
Food logs with calorie and macronutrient information (protein, carbs, fat)
Daily macro goals
Favorite and saved foods
Weight logs over time
2.5 Images
Food photos taken with your camera for AI-powered nutritional analysis. These images are processed immediately and are not permanently stored on our servers.2.6 Usage and Analytics Data
App feature usage events (e.g., workouts completed, foods logged)
Onboarding progress
Subscription and paywall interactions
App engagement metrics (app opens, streak tracking)
2.7 Subscription Data
Subscription status and plan type
Trial start and end dates
Purchase history (processed through Apple App Store)
2.8 Device and Notification Data
Push notification preferences and tokens
Apple Watch connectivity data during active workouts
3. How We Use Your Information
We use the information we collect to:Provide core App functionality: Generate personalized workouts, track nutrition, monitor fitness progress, and manage your lifting preferences.
Power AI features: Analyze food photos and descriptions to estimate nutritional content, generate workout plans tailored to your goals, and provide diet suggestions and progress insights.
Manage your account: Authenticate your identity, sync your data across devices, and manage your subscription.
Send notifications: Deliver workout reminders, nutrition nudges, and subscription-related alerts based on your preferences.
Improve the App: Analyze usage patterns and feature adoption to improve the user experience.
4. Third-Party Services
We use the following third-party services to operate the App:4.1 Supabase
Purpose: Cloud database, user authentication, and serverless edge functions.
Data shared: All user profile, workout, nutrition, and preference data is stored in Supabase with Row Level Security ensuring users can only access their own data.
Privacy policy: https://supabase.com/privacy
4.2 Google Gemini AI
Purpose: AI-powered food image analysis, nutritional estimation, workout generation, diet suggestions, and progress insights.
Data shared: Food images (base64-encoded, processed immediately), food descriptions, user profile summaries, recent workout history, and macro goals.
Privacy policy: https://policies.google.com/privacy
4.3 RevenueCat
Purpose: Subscription management, in-app purchase processing, and entitlement tracking.
Data shared: User ID, subscription purchase data, and entitlement status.
Privacy policy: https://www.revenuecat.com/privacy
4.4 PostHog
Purpose: Product analytics and event tracking to understand feature usage and improve the App.
Data shared: Anonymized event data including feature usage, onboarding progress, and subscription interactions.
Privacy policy: https://posthog.com/privacy
4.5 Apple Services
Purpose: Push notification delivery, Sign In with Apple authentication, and App Store subscription processing.
Data shared: Push notification tokens and subscription transaction data.
Privacy policy: https://www.apple.com/privacy/
5. Data Storage and Security
All user data is stored in Supabase's cloud infrastructure with Row Level Security (RLS) policies enforcing strict data isolation between users.
Authentication uses industry-standard protocols including OAuth 2.0 and OIDC with SHA256 hashing for Apple Sign In.
All data transmission occurs over HTTPS with TLS encryption.
API keys and authentication tokens are transmitted securely in request headers.
We do not store passwords directly; authentication is handled by Supabase Auth.
6. Data We Do NOT Collect
Location data
Contacts
Photos from your photo library (only camera for in-app food scanning)
Calendar data
Microphone audio
HealthKit or Apple Health data
Browsing history
7. Camera Usage
The App requests camera access solely to scan food items for nutritional analysis. Photos taken are:Converted to base64 format
Sent to our AI service for immediate processing
Not permanently stored on our servers or in your account
You may deny camera access and still use the App by entering food information manually.8. Notifications
The App may request permission to send push notifications for:Workout reminders
Nutrition logging reminders
Diet plan suggestions
Weekly weigh-in reminders
Subscription trial expiry alerts
You can enable or disable notifications at any time through the App's settings or your device's system settings.9. Your Rights and Choices
9.1 Account Deletion
You may delete your account at any time from within the App's Settings. This permanently removes all of your data from our database, including your profile, workout logs, nutrition logs, preferences, and subscription records.9.2 Notification Control
You may opt out of push notifications at any time through the App or your device settings.9.3 Subscription Management
You may manage or cancel your subscription through Apple's App Store subscription settings.9.4 Sign-In Method
You may choose between email/password or Sign In with Apple for authentication.10. Data Retention
Your data is retained for as long as your account is active.
Upon account deletion, all user data is permanently removed from our database.
Analytics data is retained according to PostHog's data retention policies.
Subscription records are maintained by RevenueCat in accordance with their retention policies and Apple's requirements.
11. Children's Privacy
Muscle Maker AI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.12. International Data Transfers
Your data may be processed and stored in data centers outside of your country of residence. By using the App, you consent to the transfer of your information to facilities operated by our third-party service providers, which may be located in the United States or other jurisdictions.13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this document. Continued use of the App after changes constitutes acceptance of the updated policy.14. Contact Us
If you have questions or concerns about this Privacy Policy or your data, please contact us at:Email: [email protected]This privacy policy is effective as of April 4, 2026.