Privacy Policy

Welcome to XPStrength ("we," "us," or "our"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the XPStrength mobile application (the "App") and website at xpstrength.com (the "Website").

By using our App or Website, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2.1 Information You Provide

• Account Information: Username, email address, and password when you create an account.
• Profile Information: Fitness goal, gender, height, and weight (all optional during onboarding).
• Workout Data: Exercises, sets, reps, weights, workout duration, personal bests, and custom workout routines you create.
• Social Data: Friend connections, league memberships, and chat messages within leagues.
• Profile Photos: Images you upload as your profile picture.
• Survey Responses: Feedback and survey answers you provide through our early access program.

2.2 Information Collected Automatically

• Usage Data: App interactions, features used, workout frequency, and achievement progress.
• Device Information: Device type, operating system, and app version.

We use the information we collect to:

• Provide, operate, and maintain our App and services.
• Track your workout progress, calculate XP, manage achievements, streaks, and personal bests.
• Enable social features including friend connections, leagues, leaderboards, and league chat.
• Display your profile information to friends and league members.
• Send you notifications (e.g., rest timer alerts) when you opt in.
• Improve and develop new features for the App.
• Respond to your support requests and communications.
• Detect, prevent, and address technical issues or abuse.

Your account data is stored on secure servers. Profile images are stored using Cloudflare R2 object storage. Passwords are hashed using bcrypt and are never stored in plain text.

Authentication tokens are stored securely on your device using encrypted storage (Expo SecureStore). We implement rate limiting, security headers, and other industry standard measures to protect your data.

While we strive to use commercially acceptable means to protect your personal information, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

We do not sell your personal information. We may share your data in the following cases:

• With Other Users: Your username, profile picture, level, XP, achievements, workout stats, and spotlights are visible to your friends. League members can see your league activity and scores. Your body weight is not shared with other users.
• Service Providers: We use third-party services (e.g., Cloudflare for image storage) that may process your data on our behalf.
• Legal Requirements: We may disclose your information if required by law or in response to valid legal processes.

• Access and Update: You can view and update your profile information, workout data, and personal bests at any time within the App.
• Delete Your Account: You can request permanent deletion of your account and all associated data. Visit xpstrength.com/delete-account or contact us at hello@xpstrength.com.
• Notifications: You can disable push notifications through your device settings at any time.
• Camera and Photos: Camera and photo library access is only used for setting your profile picture and can be revoked through your device settings.

Our App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

Our App may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this policy periodically for any changes.

If you have any questions about this Privacy Policy, please contact us at:

hello@xpstrength.com