Privacy Policy

Last updated: 2026-06-05

This Privacy Policy explains how The Gymbiote Company Inc. ("Gymbiote," "we," "us," or "our") collects, uses, shares, and protects information when you use the Gymbiote mobile application and the gymbiote.com website (collectively, the "Service"). By using the Service you agree to the practices described here.

1. Information we collect

1.1 Information you provide

1.2 Information generated by your use of the Service

1.3 Information we do not collect

We do not collect government identifiers, payment card numbers (those are handled by Apple, Google, and RevenueCat — see Section 3.2), browsing history outside the Service, contacts, photos other than ones you explicitly attach to an in-Service feature, or biometric identifiers other than the on-device fingerprint/Face ID check used to unlock the app when you enable it.

2. How we use information

We use the information described above to:

3. Third-party services we use

We rely on the following processors. Each one operates under its own privacy policy, which we encourage you to review:

3.1 Infrastructure

3.2 Payments

3.3 Advertising (Free tier only)

3.4 Push notifications

Push notifications are delivered through Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM). You can disable notifications at any time in your device settings.

4. How we share information

We do not sell or rent your personal data to advertisers or data brokers. We share information only in these limited cases:

5. Data retention

We keep your account and gameplay data for as long as your account is active. When you delete your account (see Section 9) we remove personal data from our active systems immediately and from backups within 30 days. Anonymized purchase records may be retained for up to seven years to comply with tax and consumer-protection law. Server access logs are retained for up to 30 days for security and abuse-prevention purposes.

6. Data security

All traffic between the app and our servers is encrypted in transit using TLS. Account data at rest in Google Firebase is encrypted using Google's standard infrastructure. We use scoped Firestore security rules so that one trainer cannot read or modify another trainer's private data. No system is perfectly secure, however; if we become aware of a breach that affects your personal data we will notify you as required by applicable law.

7. Health and fitness data

On iOS, with your explicit permission, Gymbiote reads step count, active energy, and similar workout metrics from Apple HealthKit. On Android, we read equivalent metrics from Health Connect. This data:

Health data is never used for advertising or sold to third parties.

8. Children's privacy

Gymbiote is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided personal information without your consent, contact us at support@gymbiote.com and we will delete the information.

9. Your rights

9.1 Access and deletion

You can delete your account at any time from inside the app (Profile → Settings → Delete Account) or by emailing support@gymbiote.com. See gymbiote.com/delete-account for full details. To request a copy of your personal data, email the same address; we will respond within 30 days.

9.2 California residents (CCPA / CPRA)

If you are a California resident you have the right to (a) know what personal information we collect and how we use it, (b) request access to a copy of that information, (c) request deletion, (d) request correction of inaccurate information, and (e) not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. To exercise any of these rights, email support@gymbiote.com.

9.3 European Economic Area, United Kingdom, and Switzerland (GDPR / UK-GDPR)

If you reside in the EEA, UK, or Switzerland, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. The legal bases on which we process your data are: (i) performance of our contract with you (the Terms of Service), (ii) our legitimate interests in operating and securing the Service, (iii) your consent (e.g. for health data, advertising tracking on iOS), and (iv) compliance with legal obligations. You also have the right to lodge a complaint with your local data-protection authority.

10. International data transfers

We are based in the United States and our service providers operate globally. By using the Service you understand that your information may be transferred to, stored, and processed in countries other than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers of personal data.

11. Cookies and tracking on the website

The gymbiote.com website itself uses essential cookies only — no advertising cookies, no cross-site tracking, no third-party analytics. The mobile app does not use web cookies.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we update the "Last updated" date at the top of this page and, for material changes, notify active users inside the app. Your continued use of the Service after a change constitutes acceptance of the revised policy.

13. Contact us

Questions about this policy or your data? Email support@gymbiote.com.

The Gymbiote Company Inc.