Privacy Policy

Last updated: March 9, 2026

Bhalam ("we," "our," or "us") operates the Bhalam mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Information We Collect

Account & Profile Information

• Name, username, email address, profile photo, bio, pronouns, and location (city/region)

• Fitness disciplines, goals, and preferences

• Gym affiliation and membership information

Fitness & Workout Data

• Workout sessions: type, duration, intensity, exercises, sets, reps, weight, notes

• Performance metrics: heart rate, calories burned, distance, pace, strain score

• Personal records, streaks, achievements, and XP/ranking data

• AI-generated workout recommendations and coaching insights

Health Data

• iOS (Apple HealthKit): workouts, heart rate, steps, distance, calories, sleep

• Android (Google Health Connect): workouts, heart rate, steps, distance, calories, sleep, exercise routes

Location Data

• Precise GPS coordinates and full route traces during outdoor workouts

• Background location tracking while a workout session is active

Camera & Sensor Data

• Pose landmarks (body position data) for exercise form analysis and rep counting

• Heart rate measurements via rear camera (photoplethysmography / fingertip scan)

Audio & Voice

• Voice recordings for voice messages, log dictation, and Neural Coach interaction

• Speech-to-text transcriptions

Social & Community Data

• Posts, comments, likes, and amplifications

• Direct messages and group chats

• Follower/following relationships and inner circle memberships

• Circle/squad participation and challenge data

Device & Technical Data

• Device model, OS version, and identifiers (for push notifications)

• Crash reports and error logs (via Sentry, with PII stripped)

• Push notification tokens (Firebase Cloud Messaging)

Payment Data

• Subscription and purchase history managed by RevenueCat. We do not store raw payment card information.

2. How We Use Your Information

• Provide the App: log workouts, compute scores (XP, rankings, aura), deliver AI coaching, and power social features

• Health & Safety: detect anomalous patterns and provide recovery insights

• Notifications: send workout reminders, social alerts, and achievement updates via push notifications

• Fraud & Integrity: verify workout authenticity using device signals, pose data, GPS, and heart rate

• Crash Reporting: diagnose and fix bugs using anonymized Sentry reports

• Subscriptions: manage Pro/Elite tier access via RevenueCat

3. Data Sharing & Third Parties

Service

Purpose

Data Shared

Supabase

Backend database & auth

All profile, workout, and social data

Firebase (Google)

Push notifications

Device FCM tokens

Sentry

Crash reporting

Anonymized error/crash logs

RevenueCat

In-app purchases

Purchase transactions

Apple HealthKit

Health data sync (iOS)

Read from HealthKit with your permission

Google Health Connect

Health data sync (Android)

Read from Health Connect with your permission

Google ML Kit

Pose detection

Processed on-device; no data sent to Google

We do not sell your personal information to third parties.

4. Health Data

We access health and fitness data only with your explicit permission. You may revoke access at any time through your device's Health/Health Connect settings. Health data is stored on Supabase servers and used solely to power Bhalam features.

5. Location Data

GPS tracking is used only during active workout sessions to trace routes and compute distance/pace. Background location continues only while a workout is in progress. You may deny location permissions; route-tracking features will be unavailable.

6. Camera & Microphone

Camera access is used for pose-based workout verification and heart rate measurement. Microphone access is used for voice logs and Neural Coach. Pose landmark data and audio are processed in real time and not shared with third parties.

7. Data Retention & Deletion

You may delete your account at any time from the app settings. Deletion cascades to your profile, sessions, posts, messages, and all associated data. Some anonymized aggregate data (e.g., leaderboard history) may be retained.

8. Security

Data is encrypted in transit (HTTPS/TLS) and at rest. Sensitive credentials are stored in the platform keychain (iOS) or EncryptedSharedPreferences (Android). Scoring (XP, rankings) is computed server-side and cannot be manipulated client-side.

9. Children's Privacy

Bhalam is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us to have it removed.

10. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. Submit requests to the contact address below.

11. Changes to This Policy

We will notify you of material changes via in-app notice or email. Continued use after changes constitutes acceptance.

12. Contact Us

Bhalam

support@bhalam.com