---

# Privacy Policy

**Momentum - AI Gym Coach**
**Last updated:** June 2, 2026
**Effective date:** June 2, 2026

Momentum SAS ("Momentum," "we," "us," or "our"), a company registered in France, operates the Momentum mobile application and related services (the "App"). This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have.

Momentum is a fitness and workout-tracking app. It is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease or injury.

## 1. Information We Collect

### Account Information

When you create or use an account, we may collect:

- Apple Sign in account identifiers, if you sign in with Apple
- Email address, if you register or sign in by email
- User ID, authentication tokens, session state, and account status
- Subscription entitlement state and purchase status

### Fitness Profile and Onboarding Information

We collect information you choose to provide during onboarding and app use, including:

- Age bracket
- Training goal, fitness level, weekly training cadence, session duration, and equipment
- Height, weight, and body-fat estimate, if provided
- Target muscles, training preferences, and plan-adjustment answers
- Notification preferences

### Workout and Progress Information

We collect workout information needed to provide the App, including:

- Planned workouts, exercises, sets, reps, rest times, weights, and RPE/effort
- Workout timestamps, streaks, weekly volume, and progress summaries
- Manual corrections you make to reps, weight, and effort
- Sampled, normalized computer-vision analytics after a set, such as pose landmark traces, target-lock status, camera-view quality, and rep-counting metrics

### Camera and Computer Vision

Momentum uses your device camera during workouts to count reps and support form-related feedback.

- Camera frames are processed on device by default.
- We do not upload raw workout video by default.
- We do not store camera photos or workout videos by default.
- We may upload sampled, normalized pose and rep-counting analytics after a set to improve reliability and debug counting quality. These analytics are not raw video and are designed to avoid storing images of you.

### Device, Security, and Technical Information

We may collect:

- Device model, operating system, app version, locale, timezone, and build variant
- App Attest and device-integrity signals used to protect the API
- IP address, request metadata, coarse IP-derived region if retained, and server logs processed by our hosting and security providers
- Crash reports, error reports, stack traces, and performance diagnostics

### Analytics and Product Usage

We collect product analytics to understand how the App is used and improve the experience, including:

- App launches
- Screen and feature usage
- Onboarding progress
- Paywall and subscription flow events
- Workout flow events

We do not use analytics data to track you across third-party apps or websites for advertising.

### Health, Fitness, and Camera Data Restrictions

Workout, fitness-profile, body-metric, camera, and computer-vision data are sensitive. We do not use or disclose this data for third-party advertising, behavioral advertising, marketing data mining, or cross-app tracking. We use it to provide the App, improve workout and rep-counting reliability, maintain safety and security, and debug the service.

### Push Notifications

If you enable notifications, we collect push-related data such as APNs tokens, OneSignal player IDs, device IDs, and notification preferences so we can send workout reminders, streak alerts, trial or subscription notices, and similar service messages.

## 2. Information We Do Not Collect

We do not knowingly collect:

- Contacts
- Precise GPS location
- Messages
- Browser history
- Raw workout video by default
- Face ID, Touch ID, fingerprints, or biometric identifiers
- HealthKit data, unless a future version explicitly asks for HealthKit permission

## 3. How We Use Information

We use information to:

- Create, authenticate, and maintain your account
- Generate and manage your training plan
- Track workouts, sets, reps, weights, progress, and streaks
- Provide on-device rep counting and form-related workout support
- Sync your workout data across authenticated sessions
- Process subscriptions and restore purchases
- Send push notifications you opt into
- Improve app reliability, safety, and performance
- Detect abuse, prevent fraud, enforce rate limits, and protect the service
- Comply with legal obligations and respond to lawful requests

## 4. Legal Bases for Processing

For users in the European Economic Area, United Kingdom, and Switzerland, we rely on the following legal bases:

- **Performance of a contract:** to provide the App, account, workout tracking, subscriptions, and support.
- **Legitimate interests:** to secure the service, prevent abuse, debug crashes, understand product usage, and improve reliability.
- **Consent:** for optional push notifications and any future optional data collection that requires consent.
- **Legal obligation:** to comply with laws, accounting requirements, tax requirements, and lawful requests.

## 5. How We Share Information

We do not sell your personal information. We share information only with service providers and partners that help us operate the App, process subscriptions, secure the service, or comply with legal obligations.

| Provider | Purpose | Data Involved |
| --- | --- | --- |
| Apple | Sign in with Apple, App Store distribution, In-App Purchase, subscription management, refunds, and APNs | Apple account identifiers, purchase status, subscription records, push delivery data |
| Supabase | Authentication, database, realtime, and storage services | Account IDs, auth data, onboarding data, workouts, progress, devices |
| Fly.io | API hosting | API requests, logs, service metadata |
| Cloudflare | DNS, security, and traffic protection | IP address, request metadata, security headers |
| Adapty | Paywall, subscription entitlement, purchase analytics, and restore flows | App user ID, purchase/subscription state, paywall events |
| OneSignal | Push notification delivery and preferences | Push tokens, player IDs, notification preferences |
| Bugsnag | Crash and error monitoring | Crash reports, diagnostics, app version, user ID when needed for debugging |
| Mixpanel | Product analytics | Usage events, app variant, release stage, device/app metadata |

We may also disclose information if required by law, to protect rights and safety, or as part of a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

Our service providers are authorized to process personal information only for the purposes described in this Privacy Policy and our agreements with them.

## 6. App Store Privacy Disclosure

Apple requires developers to disclose data collected by the app and by third-party SDKs integrated into the app. Our App Store privacy answers should match this Privacy Policy and the actual SDKs enabled in the production build.

Camera frames that are processed only on device and not transmitted off device are not treated as collected personal data for App Store privacy labels. Sampled pose analytics, workout history, account data, purchases, usage analytics, and diagnostics are collected and should be disclosed as applicable.

If our production SDK configuration changes, our App Store privacy answers and this Privacy Policy must be updated before release.

## 7. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the App, maintain your account, comply with legal obligations, resolve disputes, and enforce agreements.

In general:

- Account, onboarding, workout, progress, and subscription records are retained while your account is active.
- If you delete your account, we delete or de-identify account-linked data unless retention is required for legal, security, fraud-prevention, or accounting reasons.
- Crash reports, server logs, analytics, and sampled computer-vision diagnostics are retained only as long as needed for security, debugging, reliability, analytics, and compliance.
- Aggregated or de-identified information may be retained longer if it no longer identifies you.

## 8. Security

We use technical and organizational safeguards designed to protect your information, including:

- Encryption in transit
- Access controls
- App Attest and authenticated API requests for protected operations
- Rate limiting and abuse detection
- PII scrubbing for error reporting where practical
- Provider-side security controls from our hosting, database, analytics, and observability vendors

No system is perfectly secure. You use the App with the understanding that we cannot guarantee absolute security.

## 9. Your Choices and Rights

Depending on where you live, you may have rights to:

- Access personal information we hold about you
- Correct inaccurate information
- Delete your account and associated personal information
- Request a copy of your information
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Lodge a complaint with your local data protection authority

You can request privacy help, account deletion, or data access by contacting us at **support@getsmomentum.com**.

If you are in France, you may contact the Commission Nationale de l'Informatique et des Libertes (CNIL). If you live elsewhere in the EEA, you may contact your local supervisory authority.

## 10. California and Other U.S. State Privacy Rights

If applicable privacy laws give you additional rights, you may request to know, access, correct, delete, or receive a copy of personal information we maintain about you.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

To exercise rights, contact **support@getsmomentum.com**.

## 11. Children's Privacy

Momentum is intended for users who are at least 18 years old. The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If we learn that we collected personal information from a child under 13, we will delete it. If you believe a child provided personal information to us, contact **support@getsmomentum.com**.

## 12. International Transfers

We are based in France, and our service providers may process information in the European Union, United States, and other countries. Where required, we use appropriate safeguards for international transfers.

## 13. Third-Party Links and Services

The App may link to third-party services, including Apple subscription management, Apple refund support, and support email. Third-party services are governed by their own privacy policies.

## 14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the App, by email, or by another appropriate method. The "Last updated" date shows when this Privacy Policy was last revised.

## 15. Contact Us

For privacy questions, data requests, account deletion, or other concerns:

**Email:** support@getsmomentum.com
**Controller:** Momentum SAS
**Country:** France