Skip to content

Legal

Privacy Policy

Last updated: July 1, 2026

1. Overview

Superpumped provides workout, strength training, coaching, gym management, progress tracking, and related services through our mobile application, website, dashboards, APIs, and related services. This Privacy Policy explains how Threadsafe AI LLC collects, uses, discloses, retains, and protects personal information.

This Privacy Policy applies to:

  1. individuals who create an account directly with Superpumped;
  2. individuals who use Superpumped through a gym, trainer, coach, employer, club, team, or other organization;
  3. trainers, coaches, gym staff, administrators, and business customers; and
  4. visitors to our websites and users who contact us for support.

2. Account Types and Data Roles

The way we handle personal information may depend on how an account is created and used.

Direct User Accounts

If you sign up for Superpumped directly, purchase a subscription, or use the Services independently, Threadsafe AI LLC generally determines how your personal information is used for the Services.

Organization-Managed Accounts

If your account is created, invited, assigned, paid for, or managed by a gym, trainer, coach, club, team, employer, or other organization, that organization may control or direct certain uses of your information. For example, the organization may view your workout history, assigned programs, check-ins, progress, notes, messages, attendance, and other information related to your relationship with that organization.

In those cases, Threadsafe AI LLC processes certain information on behalf of the organization under our agreement with that organization. The organization is responsible for giving any notices and obtaining any consents required for its own collection and use of your information.

Connected Accounts

If you connect a direct account to a gym, trainer, coach, team, employer, club, or other organization, you authorize Superpumped to share the selected account information with that organization. You may disconnect an organization or trainer through your account settings, subject to any membership, coaching, or contractual obligations you have with that organization.

3. Personal Information We Collect

We may collect the categories of personal information described below.

Account and Profile Information

We may collect your name, email address, phone number, username, password hash, profile photo, date of birth or age range, gender, preferred units, timezone, language, emergency contact if provided, and account settings.

Workout, Fitness, and Consumer Health Data

We may collect information related to workouts, training plans, exercises, sets, reps, weights, personal records, estimated one-rep maxes, training volume, rest periods, workout duration, workout notes, goals, mobility, readiness, recovery, injuries or limitations if you choose to enter them, body weight, measurements, progress photos, check-ins, attendance, and similar information.

Body Metrics and Progress Information

We may collect height, weight, body measurements, body composition, progress measurements, progress photos, physique photos, fitness goals, weight-management goals, and other body or progress information you choose to provide.

Wearable, Device, and Integration Information

If you connect third-party services, we may collect information from integrations such as Apple Health, HealthKit, Health Connect, Google Fit, Garmin, Fitbit, WHOOP, Strava, smart scales, heart rate monitors, or similar services, depending on your permissions. This may include heart rate, heart rate variability, steps, calories, active energy, sleep, body metrics, workout data, respiratory rate, activity data, and device identifiers.

You can usually disconnect integrations through your account settings or through the third-party service.

Coaching and Organization Information

For gym, trainer, coach, and B2B accounts, we may collect client rosters, trainer assignments, workout programs, assessments, progress reports, attendance records, billing status, coaching notes, messages, organization administrator information, staff permissions, client status, and related business account information.

Payment and Commercial Information

We may collect subscription plan, billing address, purchase history, invoices, renewal status, and transaction metadata. Payment card information is processed by our payment processors or app store providers. We do not intentionally store full payment card numbers.

Messages and User Content

We may collect messages, comments, videos, photos, form-check videos, progress photos, uploaded files, support requests, survey responses, feedback, and other content you submit through the Services.

Usage, Device, and Technical Information

We may collect IP address, device type, operating system, browser type, app version, crash logs, performance data, pages viewed, features used, session activity, referring URLs, cookie identifiers, advertising identifiers where permitted, and similar technical information.

Location Information

We may collect general location information from your IP address. We collect precise geolocation only if you enable a feature that requires it and grant permission. Location information may also be generated through gym check-ins, class attendance, facility attendance, or similar features.

Business Customer Information

For gyms, trainers, coaches, and other organizations, we may collect business name, billing contact, administrator names, staff emails, tax information, seat counts, client counts, payment information, contract information, location information, and account configuration details.

Sensitive Personal Information

Some information you provide or generate through the Services may be considered sensitive personal information, health information, consumer health data, or special category data under applicable law. This may include workout, fitness, body metric, wearable, injury, recovery, biometric, or health-related information. We collect and use this information only as described in this Privacy Policy, as directed by you or your organization, or as otherwise permitted by law.

4. Sources of Information

We collect information from:

  1. you, when you create an account, use the Services, enter workouts, upload content, or contact us;
  2. gyms, trainers, coaches, clubs, employers, teams, or other organizations that create or manage accounts;
  3. connected devices, wearables, and third-party integrations you authorize;
  4. payment processors and app stores;
  5. service providers that help us operate the Services;
  6. cookies, SDKs, analytics tools, and similar technologies; and
  7. public or commercially available sources, where permitted.

5. How We Use Personal Information

We use personal information to:

  1. create, manage, and authenticate accounts;
  2. provide workout tracking, programming, coaching, gym management, and progress features;
  3. display workout history, training plans, performance metrics, and progress reports;
  4. allow gyms, trainers, coaches, and organizations to manage clients and assign programs;
  5. process payments, subscriptions, renewals, invoices, and refunds;
  6. provide customer support and respond to inquiries;
  7. send administrative notices, security alerts, product notices, and transactional messages;
  8. personalize the Services, including recommendations, reminders, and progress insights;
  9. maintain, debug, secure, and improve the Services;
  10. detect, prevent, and investigate fraud, abuse, security incidents, and policy violations;
  11. conduct analytics, research, and product development;
  12. market our Services, subject to your choices and applicable law;
  13. comply with legal obligations and enforce our agreements; and
  14. create aggregated, de-identified, or anonymized information.

We do not use health, fitness, wearable, or consumer health data for targeted advertising or unrelated marketing data mining. If we seek to use such data for a materially different purpose, we will provide any notice and obtain any consent required by applicable law.

6. Consumer Health Data Notice

This section applies to consumer health data or similar health-related information where covered by applicable law.

Categories of Consumer Health Data We May Collect

Depending on the features you use, Superpumped may collect the following categories of consumer health data:

  1. Workout and activity data, such as exercises, workout plans, sets, repetitions, weights, rest periods, workout duration, training frequency, completed workouts, skipped workouts, exercise notes, and training history.
  2. Strength, performance, and progress data, such as personal records, estimated one-rep maxes, training volume, progression history, adherence, goals, milestones, and performance trends.
  3. Body and measurement data, such as body weight, height, age, sex or gender where provided for training calculations, body measurements, body composition, progress measurements, and progress photos.
  4. Wearable, device, and connected-app data, such as heart rate, heart rate variability, steps, calories, active energy, sleep, respiratory rate, activity data, smart scale data, and other data from Apple Health, HealthKit, Health Connect, Google Fit, Garmin, Fitbit, WHOOP, Strava, or similar services when you authorize the connection.
  5. Injury, limitation, recovery, and wellness data, such as injury notes, pain, movement limitations, mobility restrictions, soreness, perceived exertion, readiness, recovery, sleep quality, stress, hydration, and other wellness information you choose to provide.
  6. Trainer, coach, and organization data, such as assessments, assigned programs, exercise modifications, trainer notes, check-ins, attendance, progress reports, client status, and messages between users and trainers, coaches, or gyms.
  7. Photos, videos, and other user content, such as progress photos, form-check videos, exercise videos, comments, notes, and uploaded files.
  8. Location and attendance data, such as gym check-ins, class attendance, facility attendance, location-based features, and, if enabled, precise location information.
  9. Inferences and derived health or fitness data, such as estimated fitness level, readiness scores, strength estimates, progress predictions, adherence metrics, or other insights generated from your workouts, body metrics, wearable data, or coaching activity.
  10. Other health, fitness, or wellness information you choose to provide, including information entered in forms, assessments, surveys, messages, support requests, or coaching communications.

Purposes for Collection and Use

We collect and use consumer health data to provide requested features, including workout tracking, coaching, programming, progress analysis, wearable integrations, account management, gym and trainer tools, customer support, security, product improvement, and related Services.

Sources of Consumer Health Data

We collect consumer health data from you, your connected devices or integrations, your gym or trainer, your organization, your account activity, and service providers acting on our behalf.

Categories of Consumer Health Data Shared

We may share workout, fitness, progress, coaching, attendance, wearable, location, body metric, injury, recovery, wellness, and derived information as necessary to provide the Services and as described in this Privacy Policy.

Third Parties and Affiliates With Whom We Share Consumer Health Data

We may share consumer health data with:

  1. gyms, trainers, coaches, teams, clubs, employers, or other organizations connected to your account;
  2. cloud hosting and storage providers;
  3. analytics, crash reporting, security, and infrastructure vendors;
  4. customer support and communications providers;
  5. payment processors, where billing status or subscription data is relevant;
  6. wearable, device, and integration providers you authorize;
  7. professional advisors, legal authorities, or transaction counterparties where permitted by law;

Consumer Health Data Rights

Depending on your location, you may have the right to confirm whether we collect, share, or sell consumer health data; access consumer health data; obtain a list of certain third parties or affiliates with whom consumer health data has been shared; withdraw consent; request deletion; and appeal a denial of your request.

You may submit requests by emailing privacy@superpumped.app or using https://superpumped.app/privacy-request. We may need to verify your identity before completing a request.

No Sale of Consumer Health Data

Threadsafe AI LLC does not sell consumer health data. Threadsafe AI LLC also does not knowingly sell personal information or share personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws. If our practices change, we will revise this Privacy Policy and provide required notices, opt-outs, or authorizations.

7. How We Disclose Personal Information

We may disclose personal information as described below.

To Gyms, Trainers, Coaches, and Organizations

If you use the Services through or in connection with a gym, trainer, coach, team, employer, club, or other organization, we may disclose your information to that organization and its authorized administrators, trainers, staff, or coaches. This may include profile information, workouts, progress data, attendance, check-ins, messages, assigned programs, trainer notes, assessments, photos, videos, and other information related to your use of the Services.

To Service Providers and Processors

We may disclose personal information to vendors that provide hosting, cloud storage, analytics, crash reporting, customer support, payment processing, messaging, email delivery, authentication, security, fraud prevention, data processing, and similar services.

To Payment Processors and App Stores

If you make a purchase, your payment information may be processed by Stripe, Apple, Google, or another payment provider. Their processing is subject to their own terms and privacy policies.

To Connected Third-Party Services

If you connect a wearable, device, or third-party integration, we may exchange information with that service as authorized by you.

We may disclose information when we believe it is necessary to comply with law, legal process, regulatory requests, subpoenas, court orders, or enforceable government requests; to protect rights, property, and safety; to investigate fraud or security incidents; or to enforce our terms.

In Business Transactions

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

We may disclose information with your consent or at your direction.

Aggregated or De-Identified Information

We may disclose aggregated, de-identified, or anonymized information that does not reasonably identify you.

8. Cookies, SDKs, Analytics, and Tracking

We and our service providers may use cookies, pixels, SDKs, local storage, and similar technologies to operate the Services, remember preferences, authenticate users, analyze usage, detect fraud, improve performance, and understand marketing effectiveness.

We do not intentionally use tracking pixels or advertising technologies to disclose workout, health, wearable, injury, recovery, or consumer health data for targeted advertising. You can manage cookies through browser settings, consent tools, or account settings where available.

We honor legally required opt-out preference signals, such as Global Privacy Control, where applicable.

9. Marketing Communications

We may send marketing emails about our Services. You can opt out by using the unsubscribe link in the email or contacting us. You may still receive transactional or administrative messages.

If you are a business customer, we may contact you about your organization’s account, billing, product notices, and related services.

10. Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support business operations.

If you delete your account, we will delete or de-identify personal information unless retention is required or permitted by law, needed for security or fraud prevention, necessary to complete transactions, or maintained in backup systems for a limited period.

For organization-managed accounts, we may retain or delete information according to the organization’s agreement, administrator instructions, and applicable law.

11. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. These may include encryption in transit, access controls, authentication, monitoring, vendor review, and internal policies.

No system is completely secure. You are responsible for keeping your account credentials confidential and notifying us promptly of unauthorized access.

12. Your Choices

You may be able to:

  1. access, correct, or delete certain account information through account settings;
  2. disconnect gyms, trainers, coaches, organizations, or integrations;
  3. export workout data where available;
  4. opt out of marketing emails;
  5. disable push notifications through device settings;
  6. manage cookies and tracking preferences;
  7. request deletion of your account; and
  8. exercise privacy rights under applicable law.

Some choices may affect your ability to use certain features.

13. Privacy Rights

Depending on your location, you may have rights to:

  1. know or access the personal information we collect about you;
  2. receive a copy of personal information in portable format;
  3. correct inaccurate personal information;
  4. delete personal information;
  5. restrict or object to certain processing;
  6. withdraw consent;
  7. opt out of sale, sharing, targeted advertising, or profiling where applicable;
  8. limit use and disclosure of sensitive personal information where applicable;
  9. appeal a privacy request denial; and
  10. avoid discrimination for exercising privacy rights.

To exercise rights, contact privacy@superpumped.app or use https://superpumped.app/privacy-request. We may verify your identity before responding. Authorized agents may submit requests where permitted by law.

If your account is organization-managed, we may direct certain requests to the organization or coordinate with the organization to respond.

14. California Privacy Notice

If the California Consumer Privacy Act or similar California privacy laws apply to Threadsafe AI LLC and you are a California resident, this section provides additional information.

Categories Collected

In the past 12 months, we may have collected identifiers, account information, commercial information, internet or network activity, geolocation information, sensory information such as photos or videos you upload, professional or business information for B2B users, sensitive personal information such as account credentials and health or fitness-related information, and inferences.

Purposes

We collect and use these categories for the business and commercial purposes described in this Privacy Policy, including providing the Services, processing payments, security, support, analytics, product improvement, and communications.

Disclosure

We may disclose these categories to service providers, processors, gyms, trainers, coaches, organizations, payment providers, app stores, connected integrations, professional advisors, and legal authorities as described above.

Sale or Sharing

We do not knowingly sell personal information or share personal information for cross-context behavioral advertising. We do not sell consumer health data.

Sensitive Personal Information

We use sensitive personal information only to provide the Services, maintain account security, process transactions, comply with law, or for other purposes permitted by applicable law.

15. European Economic Area, United Kingdom, and Switzerland

If GDPR-style laws apply, our legal bases may include:

  1. performance of a contract, to provide the Services;
  2. consent, such as for certain integrations, marketing, or optional health-related features;
  3. legitimate interests, such as security, analytics, product improvement, and business operations;
  4. legal obligations, such as tax, accounting, and compliance; and
  5. vital interests, if necessary to protect someone’s safety.

You may have rights to access, rectify, erase, restrict, object, portability, withdraw consent, and lodge a complaint with a supervisory authority.

We may transfer personal information to countries that may not provide the same level of data protection as your home jurisdiction. Where required, we use appropriate safeguards.

16. Children and Minors

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without legally required parental consent.

Users under 18 may use the Services only with involvement and consent of a parent or legal guardian, and where permitted by the relevant gym, trainer, coach, organization, or applicable law.

Organizations that invite minors to use the Services are responsible for obtaining required parental or guardian consents.

If you believe a child has provided personal information without required consent, contact privacy@superpumped.app.

17. Apple Health, HealthKit, Health Connect, and Similar Integrations

If you authorize Apple Health, HealthKit, Health Connect, Google Fit, or another health or fitness integration, Superpumped may read and/or write only the health and fitness data types you select or authorize, such as workouts, steps, active energy, heart rate, sleep, body weight, body metrics, or other selected data types.

We use this data to provide workout tracking, progress analysis, syncing, coaching support, and related health or fitness features. We do not use Apple Health, HealthKit, Health Connect, or similar health integration data for advertising, marketing, or unrelated data mining.

The Services may link to third-party websites, apps, devices, integrations, or services. We are not responsible for their privacy practices. Review their privacy policies before using them.

19. Changes to This Privacy Policy

We may revise this Privacy Policy from time to time. If changes are material, we will provide notice as required by law. The Effective Date indicates when this Privacy Policy became effective.

20. Contact Us

Threadsafe AI LLC
187 Wolf Road Suite 101
Albany NY 12205
United States

Privacy Contact: privacy@superpumped.app
Support Contact: support@superpumped.app
Legal Contact: legal@superpumped.app
Privacy Request Form: https://superpumped.app/privacy-request