Privacy Policy

Welcome to VOLUM ("we", "us", "our", or the "Service"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our data practices and your rights regarding your personal information when you use our fitness tracking platform. By using VOLUM, you agree to the collection and use of information in accordance with this policy.

This policy applies to all users of VOLUM, whether you access the Service through our website, mobile applications, or other platforms.

2.1 Information You Provide Directly

When you create an account or use our Service, you may provide:

• Account Information: Name, email address, username, password, profile picture
• Profile Data: Age, gender, fitness goals, preferences, body measurements
• Workout Data: Exercise logs, sets, reps, weights, workout duration, notes, progress photos
• Program Data: Custom workout programs, templates, exercise routines
• Goal Data: Personal records, target weights, achievement milestones
• Communications: Messages, feedback, support requests, survey responses
• Payment Information: Billing details (processed securely through third-party payment processors)

2.2 Information Collected Automatically

When you use VOLUM, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, click patterns, navigation paths
• Device Information: Device type, operating system, browser type and version, screen resolution
• Log Data: IP address, access times, referring URLs, error logs
• Location Data: General location based on IP address (not precise GPS location)
• Performance Data: App crashes, load times, feature performance metrics

2.3 Information from Third-Party Services

If you connect your account with third-party services, we may receive:

• OAuth Providers (Google): Name, email address, profile picture, account ID
• Social Media: Public profile information when you share content
• Analytics Services: Aggregated usage statistics and behavior patterns

2.4 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to:

• Remember your preferences and settings
• Keep you logged in to your account
• Understand how you use the Service
• Improve user experience and performance
• Analyze trends and gather demographic information
• Conduct A/B testing and experimentation

We use the information we collect for the following purposes:

3.1 Provide and Improve the Service

• Create and manage your account
• Enable workout tracking and progress monitoring
• Generate charts, statistics, and insights
• Provide personalized recommendations
• Develop new features and improvements
• Fix bugs and optimize performance

3.2 Communication

• Send account-related notifications and updates
• Respond to your inquiries and support requests
• Send achievement notifications and milestone alerts
• Provide service announcements and important updates
• Send marketing communications (with your consent)

3.3 Analytics and Research

• Analyze usage patterns and user behavior
• Understand feature adoption and engagement
• Conduct A/B testing and experiments
• Generate aggregated, anonymized statistics
• Improve user experience and interface design
• Identify and fix technical issues

3.4 Security and Fraud Prevention

• Detect and prevent fraudulent activity
• Protect against security threats and abuse
• Verify user identity and account ownership
• Enforce our Terms of Service
• Comply with legal obligations

3.5 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our rights and property
• Resolve disputes and enforce agreements

4.1 When You Choose to Share

You control what you share:

• Social Sharing: When you share workouts or achievements on social media platforms
• Public Profiles: If you make your profile public, certain information may be visible to others
• Shared Content: Any content you explicitly choose to share with other users

4.2 Service Providers

We share information with trusted third-party service providers who help us operate the Service:

• Hosting & Infrastructure: Vercel, Supabase (for secure data storage and hosting)
• Authentication: Google OAuth (for secure sign-in)
• Analytics: Usage analytics and performance monitoring tools
• Payment Processing: Secure payment processors (if applicable)
• Email Services: Email delivery and notification services
• Customer Support: Support and communication tools

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of VOLUM, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims of rights violations

4.4 Business Transfers

If VOLUM is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

4.5 Aggregated & Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally for research, analytics, marketing, or other purposes. This includes general usage statistics and trends.

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve the Service. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted or expired).

5.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, preferences)
• Analytics Cookies: Help us understand how users interact with the Service
• Performance Cookies: Monitor and improve Service performance and speed
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track effectiveness of marketing campaigns (with consent)

5.3 Analytics & Tracking

We use analytics tools to collect information about how you use VOLUM, including:

• Pages and features you visit and use
• Time spent on different sections
• Click patterns and navigation flows
• Device and browser information
• Error messages and technical issues
• Feature adoption and engagement metrics

This data helps us improve user experience, fix bugs, optimize performance, and develop new features that users want.

5.4 Your Cookie Choices

Most browsers allow you to control cookies through their settings. You can:

• Block all cookies
• Accept only first-party cookies
• Delete cookies after each session
• Receive notifications when cookies are set

Note that blocking or deleting cookies may affect your ability to use certain features of the Service.

6.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Secure Authentication: Password hashing and secure OAuth integration
• Access Controls: Limited employee access on a need-to-know basis
• Infrastructure Security: Secure hosting with Vercel and Supabase
• Regular Monitoring: Continuous security monitoring and vulnerability scanning
• Incident Response: Procedures for detecting and responding to security incidents

6.2 Your Responsibility

You play a crucial role in protecting your account:

• Use a strong, unique password
• Keep your login credentials confidential
• Log out from shared or public devices
• Report suspicious activity immediately
• Keep your email account secure

6.3 No Absolute Security

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices and respond promptly to any incidents.

You have the following rights regarding your personal information:

7.1 Access & Portability

• Access: Request a copy of your personal data
• Export: Download your workout data and information
• Portability: Receive your data in a structured, machine-readable format

7.2 Correction & Update

• Update your profile information in account settings
• Correct inaccurate or incomplete data
• Request correction of data you cannot change yourself

7.3 Deletion

• Delete your account and associated data
• Request deletion of specific information
• Note: Some data may be retained as required by law or for legitimate business purposes

7.4 Opt-Out & Preferences

• Marketing Emails: Unsubscribe from promotional communications
• Notifications: Manage push and email notification preferences
• Cookies: Control cookie settings through your browser
• Analytics: Opt out of certain analytics tracking

7.5 Object & Restrict

• Object to certain data processing activities
• Request restriction of processing in specific circumstances
• Withdraw consent where processing is based on consent

7.6 How to Exercise Your Rights

To exercise any of these rights, you can:

• Use the settings and controls within your account
• Contact us through the Service or via email
• Submit a formal request through our support channels

We will respond to your request within a reasonable timeframe and as required by applicable law.

8.1 Retention Periods

We retain your information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Prevent fraud and abuse
• Maintain business records

8.2 Account Deletion

When you delete your account:

• Your profile and User Content are removed from public view
• Most personal data is deleted within 30 days
• Some data may be retained in backups for up to 90 days
• Certain information may be retained as required by law or for legitimate purposes
• Anonymized, aggregated data may be retained indefinitely

8.3 Inactive Accounts

We may delete accounts that have been inactive for an extended period (typically 2+ years) after providing notice to the registered email address.

9.1 Age Requirements

VOLUM is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. Users under 18 should have parental or guardian permission to use the Service.

9.2 Parental Rights

If you believe we have collected information from a child under 13, please contact us immediately. We will take steps to delete such information promptly.

9.3 Verification

We may request age verification if we have reason to believe a user may be under the minimum age requirement.

10.1 Data Transfer Safeguards

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Use of secure hosting providers (Vercel, Supabase) with strong data protection
• Contractual protections with service providers
• Compliance with applicable data transfer regulations
• Encryption of data in transit and at rest

10.2 Regional Compliance

We comply with applicable regional privacy laws, including:

• GDPR: European Union General Data Protection Regulation
• CCPA: California Consumer Privacy Act
• Other Laws: Applicable data protection laws in your jurisdiction

11.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.2 Notification of Changes

When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a prominent notice within the Service
• Requesting your consent if required by law

11.3 Your Acceptance

Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service and may delete your account.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12.1 Response Time

We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please indicate the urgency in your communication.

12.2 Supervisory Authority

If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not addressed your concerns adequately.