Last updated: June 15, 2026
App: TrainMeUp (com.mapachespark.trainedMe)
Contact: mapache.spark.labs@gmail.com
Contact website: https://sites.google.com/view/myfitnesspathcontact
This Privacy Policy explains what information TrainMeUp ("the app", "we", "us") collects, why we collect it, how we use it, and which rights you have.
It is written to comply with Apple App Store Review Guidelines 5.1.1 / 5.1.3 (HealthKit), Google Play User Data and Health Connect policies, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act / CPRA (CCPA).
⚠️ If a section conflicts with mandatory law in your jurisdiction, that law prevails over this document.
TrainMeUp is a fitness app that lets you build training routines, log lifts and personal records, track body composition, and receive an AI-assisted coaching experience ("Pawco").
Data Controller: Mapache Spark Labs (complete legal entity information to be inserted here).
Contact Email: mapache.spark.labs@gmail.com (Use this to exercise your rights or ask questions).
Data Protection Officer: Due to the size of our operation, we do not have a designated DPO. However, the email above reaches the person responsible for privacy decisions.
This policy applies strictly to:
The TrainMeUp mobile application for iOS and Android.
Our backend services hosted on Amazon Web Services (AWS).
Any direct communication via email or our contact page.
Exclusions: It does not apply to third-party services you reach from the app (such as Apple Health or Google Health Connect), which are governed by their own privacy policies.
We collect only what is strictly needed to operate the app and provide the features you actively use.
We NEVER sell your data.
We do NOT use your data for cross-context behavioural advertising.
Email address and the opaque user identifier returned by Sign in with Apple or Sign in with Google. (If you choose Apple's "Hide My Email" option, we only see the relay address).
Username: (Optional) Chosen by you, used for sharing and ranking screens.
Cognito User ID: Generated internally to securely associate your data with your account.
Biological sex, height (cm/in), training experience level, body type, and date of birth.
Note: Date of birth is used exclusively to compute body-fat estimations (e.g., Jackson-Pollock).
Routines, exercises, sets, target ranges, rest times, and personal notes.
Logged lifts (weight, reps, RIR, failure flag, date) and estimated 1RM.
Routine execution history ("skipped" / "closed" markers).
Goals: Weight, body composition, daily steps, lift goals, double-progression state, and prioritised muscles.
Body weight history, body-fat percentage history, skinfold measurements, and body perimeters (chest, arm, shoulder, thigh, hip).
Personal notes attached to any of those measurements.
With your explicit consent, the app reads/writes data from these platforms:
Read: Daily steps (for the KPI card), body weight, height, body-fat percentage, biological sex (iOS only), and date of birth (iOS only).
Write: Body weight, height, and body-fat percentage logged inside TrainMeUp, keeping your external health apps in sync.
🔒 Apple HealthKit Protection: HealthKit data is never used for advertising, never shared with data brokers, and never sold. This is strictly enforced. You can revoke permissions anytime in your system settings.
When you interact with Pawco, we send the following to our backend proxy and the underlying AI model:
Chat History: The text of your message and the recent history of the current session (capped to the last ~20 exchanges).
Context: Your Cognito user ID, an idempotency key, language, and structured app context (e.g., current active screen or routine).
Audio Data: Captured only if you tap the microphone button. Audio is transcribed to text on-device or via system speech services; only the transcribed text goes to our backend.
Storage & Provider Details:
Prompts, replies, token counts, and intent categories are stored in your private cloud record for quality improvement. This is protected by owner-based authorisation in AWS AppSync (accessible only to you and limited debugging engineers).
Provider: Powered by Google Gemini (currently gemini-2.5-flash) via our AWS Lambda proxy in Ireland (eu-west-1). Under Google's API terms, your data is not used to train general-purpose models.
We use Firebase to improve stability. On debug builds, this is completely disabled.
Firebase Analytics: Standard events (app opens, screen views, permission changes).
Firebase Crashlytics: Stack traces, device model, OS version, app version, and your Cognito user ID.
Note: On Android, we declare the AD_ID permission for Firebase acquisition metrics, but we do NOT run ads or share this ID with ad networks.
Local Notifications only: Workout reminders and motivational messages are generated entirely on-device. We do not send remote push messages.
When using "Import Routine" via CSV, XLSX, or PDF, files are parsed locally on your device. Only the resulting routine structure is saved. (The iOS Photos permission is only requested because iOS includes the photo library inside the standard document picker).
Public Links: Sharing a routine or PR generates a public link on our CloudFront CDN (https://d34p6b2onvdkfd.cloudfront.net/share/...). Anyone with the link can view it.
Community features: Certain training data (created routines, executed sessions, lifts) is readable by other authenticated TrainMeUp users for catalogue browsing and rankings. Personal body measurements, AI conversations, emails, and profile data are NEVER shared.
Notifications & Alarms: To deliver workout reminders.
Microphone & Speech Recognition: To dictate messages to Pawco.
HealthKit / Health Connect: To sync health metrics.
Photo Library / Documents: Optional source for the routine file importer.
Network access: To sync data with the cloud and call the AI proxy.
We process your data based on the following legal grounds:
Purpose
Data Categories
GDPR Legal Basis
Account Identity & Sign-In
Email, Apple/Google ID, Cognito ID
Performance of contract (Art. 6(1)(b))
Core App Functionality
Routines, lifts, goals, metrics
Performance of contract (Art. 6(1)(b))
Health Syncing
HealthKit / Health Connect data
Explicit Consent (Art. 9(2)(a))
Pawco AI Assistant
Chat text, context, transcription
Performance of contract & Consent
Reminders & Alerts
Local notifications
Consent (Can be disabled anytime)
Stability & Diagnostics
Crash logs, analytics events
Legitimate Interest (Art. 6(1)(f))
Community & Rankings
Public routines, lifts, rankings
Performance of contract / User Action
We do not perform automated decisions with legal or similarly significant effects on you.
Our service providers are bound by strict contractual terms and Standard Contractual Clauses (SCCs) where applicable:
Amazon Web Services, Inc. (AWS): Handles Cognito (Auth), AppSync & DynamoDB (Database), S3 (Storage), Lambda (AI proxy), and CloudFront (Sharing). Primary region: eu-west-1 (Ireland).
Google LLC: Firebase Analytics/Crashlytics, Sign in with Google, Gemini API, and Google Health Connect (Android).
Apple Inc.: Sign in with Apple, Apple Speech Recognition, and HealthKit (iOS).
Our primary backend is located in the European Union (Ireland). However, some providers (like Google and Apple) may process data in the United States or other countries. When this occurs, we rely on the European Commission's adequacy decisions or approved Standard Contractual Clauses (SCCs), paired with encryption in transit and at rest.
Account & Training Data: Kept while your account is active. Upon account deletion, it is removed from production and active backups within 30 days.
AI Conversations: Retained for up to 24 months, then permanently deleted or anonymised/aggregated.
Crash & Analytics Data: Retained according to Firebase defaults (up to 14 months for analytics; up to 90 days for detailed crash logs).
Health Platform Data: We do not store raw data pulled from HealthKit/Health Connect in our backend; we only save the specific measurements you manually choose to log inside the app.
We protect your data using industry-standard measures:
Encryption in Transit: All communications use TLS 1.2 or higher.
Authentication: Managed via Amazon Cognito using industry-standard JWTs and refresh tokens.
Encryption at Rest: Data in AWS S3 and DynamoDB is encrypted using AWS-managed keys.
Access Control: AWS AppSync enforces strict owner-based isolation rules.
TrainMeUp is not directed to children. You must be at least 16 years old (if residing in the EEA) or 13 years old (rest of the world) to create an account. If we discover we have inadvertently collected data from a child under these ages, we will delete it immediately.
You are always in control. Directly from your device or app, you can:
Revoke Permissions: Disable notifications, microphone, Health/Health Connect, or analytics via system settings.
Opt-out of AI: Choose not to use Pawco; the rest of the app will remain fully functional.
Modify/Delete: Edit or remove any routine, lift, goal, or body metric inside the app.
Export: Export your routines anytime using the "share" or "export" features.
You can delete your account permanently by going to Settings → Profile → Delete account inside the app.
What gets deleted:
Your user profile and all associated history (routines, lifts, metrics, AI interactions, goals).
Your Amazon Cognito credentials.
Your association with Firebase Analytics IDs.
⏱️ Backups are purged within 30 days. Shared links to routines cannot be retracted from users who already imported them, but the source link will immediately stop working.
Manual Deletion: If the in-app deletion fails, email mapache.spark.labs@gmail.com with the subject "Delete my TrainMeUp account" from your registered email. We will process it within 30 days.
Depending on your region, you hold specific statutory rights:
You have the right to Access, Rectify, Erase ("Right to be Forgotten"), Restrict/Object to processing, Data Portability, and to Withdraw Consent.
You also have the right to lodge a complaint with your local supervisory authority (e.g., in Spain, the AEPD at https://www.aepd.es).
You have the right to Know what categories of personal information we collect, Delete it, Correct it, and Limit the use of sensitive personal info. (We do not sell or share your personal data).
👉 To exercise any right, contact us at mapache.spark.labs@gmail.com. We may verify your email ownership before processing requests.
Some illustrations and icons inside the app were created using generative AI tools. They are used under our responsibility, do not represent real people, and are not subject to exclusive copyright ownership. This statement is purely informational.
We update this policy whenever our data handling practices change. The "Last updated" date at the top indicates the latest version. Significant changes will be communicated via in-app notifications or email.
For any questions, privacy requests, or complaints, please reach out to us:
Email: mapache.spark.labs@gmail.com
Web Form: https://sites.google.com/view/myfitnesspathcontact