myoxin Back to Home

Legal

Privacy Policy

Last updated: March 26, 2026

1. Scope

This Privacy Policy explains how myoxin collects, uses, stores, shares, and protects information when you use our website, mobile apps, coach features, messaging channels, health integrations, subscriptions, and related services (together, the "Services").

myoxin is a training, logging, analytics, and coaching product. It is not an emergency service and is not a substitute for medical care. If you do not agree with this Privacy Policy, do not use the Services.

2. Controller And Contact

Tim Wehnes is the controller for myoxin. Tim Wehnes is also the current operator for the app-store versions of the Services.

For privacy questions, rights requests, export requests, or deletion requests, contact:

myoxin.hosting@gmail.com

We currently handle privacy requests through this email address.

3. Data We Collect

Account and identity data

  • Email address, login identifiers, anonymous account identifiers, and authentication state.
  • Name, username, or profile label you provide.
  • Password and authentication credentials are handled by our authentication providers rather than shown in plain text to us.

Profile, onboarding, and fitness data

  • Age, sex, units, bodyweight, optional body-fat, lifting and cardio experience, training goals, sports context, gym access, and similar profile fields.
  • Workout sessions, exercise selections, set-level entries, templates, splits, schedules, favorites, custom exercises, lift profiles, and progress metrics.
  • Daily check-ins and other self-reported wellness information such as sleep quality, stress, recovery, notes, and related training context you choose to enter.

Health and activity data

  • When you grant permission, myoxin may read data from Apple Health, HealthKit, Google Health Connect, or similar device-health sources.
  • Depending on the permissions you approve, this can include steps, distance, calories, heart rate, resting heart rate, heart rate variability, respiratory rate, oxygen saturation, weight, body fat, nutrition, VO2 max, sleep data, and workout or activity records.
  • We may copy synced health data into your myoxin account so it can be used for training context, recovery insights, analytics, and coach features you enable.

Coach, chat, and communication data

  • In-app scientist conversations, prompts, replies, tool actions, conversation summaries, and persistent coach-memory notes derived from your usage.
  • If you link WhatsApp, we process your linked phone number, onboarding state, inbound and outbound message timing, and conversation content.
  • If supported messaging channels accept media, we may process voice notes, images, and attached content to generate transcripts, summaries, or coach responses, including by sending that media to third-party AI or processing providers we use for those features.

Subscription, payments, and entitlements

  • Subscription status, entitlement state, product identifiers, purchase metadata, and management URLs returned by billing and subscription providers.
  • We do not intentionally store full payment card numbers in the app.

Technical, device, and usage data

  • IP address, browser type, device or platform details, app version, build details, device or other identifiers, push token status, and deep-link information.
  • Error reports, crash logs, diagnostics, app interaction telemetry, sync status, permission state, notification preferences, and security or anti-abuse logs.

Local device storage

  • Session state, pending deep links, workout drafts, mutation queues, conversation IDs, local telemetry caches, and similar app-storage items used for reliability and offline behavior.

4. How We Collect Data

We collect data:

  • Directly from you when you sign up, log workouts, chat with the coach, complete onboarding, link integrations, or contact us.
  • Automatically from your device and app usage, including technical events, errors, permission states, and local storage behavior.
  • From third-party services you choose to use, such as health platforms, subscription providers, identity providers, WhatsApp, email providers, analytics and crash-reporting providers, and app store billing platforms.

5. How We Use Data

We use data to:

  • Provide the Services, including workout logging, templates, split scheduling, exercise search, progress analytics, subscriptions, and support.
  • Operate the scientist coach, generate responses, maintain conversation continuity, store durable user context, and power coach actions you request.
  • Read, sync, and analyze health or activity data that you choose to connect.
  • Send service communications, workout reminders, and linked-channel messages, including optional proactive messages where enabled.
  • Protect the Services, debug issues, monitor abuse, enforce limits, and keep records needed for audits, disputes, and incident response.
  • Improve product quality, analytics, and models using aggregated, de-identified, or otherwise lawfully usable data.
  • Comply with law, enforce our Terms, and protect our rights, users, and business.

We do not sell personal data or personal and sensitive user data. We do not use synced health data for third-party advertising.

6. Legal Bases

Depending on the feature you use and your location, our legal bases can include:

  • Contract: to create and run your account, provide workout logging, templates, split scheduling, subscriptions, history, and the coaching features or messaging channels you ask us to provide.
  • Legitimate interests: to secure, maintain, troubleshoot, improve, and defend the Services, prevent abuse, investigate incidents, and keep the product reliable.
  • Consent: for optional health-platform connections, optional health-driven features, optional push permissions, and non-essential analytics where prior consent is required.
  • Explicit consent for health data: where required by law for synced health data or other data concerning health that you choose to provide or connect for recovery, analytics, or coaching features.
  • Legal obligation: to comply with applicable law, lawful requests, accounting duties, tax obligations, and rights-request handling where the law requires it.

If you choose to connect Apple Health, HealthKit, Google Health Connect, or similar sources, we rely on the permissions and consent flow for those features together with the choices you make inside myoxin. If you choose to use WhatsApp with myoxin, we process that channel data to provide the linked messaging feature you requested. Where available, you can manage non-essential analytics in your Profile.

You can withdraw consent going forward by revoking the relevant permission, disconnecting the integration, changing settings where available, or contacting us. Withdrawal does not affect past processing that was lawful when performed.

7. Sharing And Service Providers

We may share data with service providers and processors acting on our behalf, including providers in these categories:

  • Authentication, hosting, database, storage, and infrastructure providers, including Supabase or equivalent providers.
  • Email and communications providers, including ConvertKit and similar providers we may use to send product, account, or service emails.
  • Subscription, billing, platform, and health-platform providers, including Apple, Google, and the relevant app stores or platform services.
  • Messaging and communications providers, including Twilio and WhatsApp, if you use those features.
  • Analytics, crash-reporting, and diagnostics providers we use to operate and improve the Services.
  • AI, model, and observability providers used for coach generation, media processing, tracing, and system monitoring, including Google and Langfuse.
  • Health-platform operators and identity providers when you choose to connect those services.

We may also disclose data if reasonably necessary to comply with law, enforce rights, prevent fraud or harm, complete a financing or business transfer, or protect users, the public, or the Services.

8. International Transfers

We may process or transfer data in countries other than your own. Where required, we rely on contractual, technical, and organizational safeguards intended to protect transferred data, including standard contractual clauses or similar approved mechanisms.

9. Retention

We keep data for as long as reasonably necessary for the purposes described above, including to operate the Services, maintain account continuity, enforce rights, resolve disputes, recover from incidents, and comply with law.

  • Account, profile, workout, analytics, coach, and synced health data are generally retained while your account remains active and until deletion is requested or required.
  • Notification tokens, linked-channel state, and subscription metadata may be retained while active and for a reasonable period afterward for fraud prevention, support, entitlement, or audit purposes.
  • Operational logs, diagnostics, summaries, and backups may remain for a limited additional period after deletion or account closure.
  • Local device storage remains on your device until cleared by the app, overwritten, removed by you, or deleted when you uninstall the app.

If we no longer need data, we may delete it, anonymize it, or de-identify it. If law requires a longer retention period, we may keep the minimum data necessary for that purpose.

10. Security

We use administrative, contractual, technical, and organizational measures intended to protect data, including encrypted transport, access controls, scoped database policies, and provider security features. No system is perfectly secure, and we cannot guarantee that unauthorized access, disclosure, alteration, or destruction will never occur.

11. Your Rights And Choices

Depending on your location, you may have rights to access, correct, export, restrict, object to, or delete your personal data, and to withdraw consent where processing depends on consent.

  • You can revoke health permissions in your device settings and stop future syncing.
  • You can unlink WhatsApp, turn off push preferences where available, and manage subscriptions through the relevant billing tools.
  • You can turn optional analytics on or off in the Profile where that setting is available.
  • You can request access, correction, export, restriction, objection, or deletion by contacting us at the email above.

For now, we handle these requests manually by email. Where the law gives you a portability right, we may provide a structured electronic export by email or another reasonable electronic method after identity verification.

We may require identity verification before fulfilling requests, and we may deny or limit a request where permitted by law, security needs, or the rights of others.

12. Account Deletion And Data Deletion

You can initiate account deletion from within the app. If you cannot access the app, you can also contact myoxin.hosting@gmail.com or use any public delete-account page we make available.

When an account deletion is processed, we may delete or de-identify the data associated with that account, including workout history, profile data, health-sync data we copied into the Services, chat history, WhatsApp link state, and notification records, except to the extent we need to keep limited data for backups, fraud prevention, disputes, billing, tax, security, legal compliance, or technical recovery.

Disconnecting an integration or uninstalling the app does not by itself guarantee deletion of server-side account data.

13. Children

The Services are not directed to children and are not intended for anyone under 18 unless allowed under applicable law with appropriate consent and supervision. If you believe a child has provided personal data to us improperly, contact us so we can review and take appropriate action.

14. Changes To This Policy

We may update this Privacy Policy at any time. The updated version will apply when posted, unless law requires additional notice or consent. If a change is materially adverse or legally significant, we may also notify you by email, in-app notice, store listing update, or other reasonable means.

15. Contact

Privacy, deletion, and data-rights requests:

myoxin.hosting@gmail.com

If applicable law gives you the right to complain to a supervisory authority, you may do so in the jurisdiction where you live, work, or where the alleged issue occurred.