Back to Home
Hypro

Privacy Policy for Hypro

Effective Date: January 2025

Last Updated: January 2025

Introduction

Hypro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services (collectively, the "Service").

Information We Collect

Account & Profile Information

  • Basic Account: Email address, name, user role (client or trainer), profile picture
  • Personal Details: First name, last name, phone number, date of birth, biological sex
  • Fitness Profile: Height, weight, fitness level, activity level, goals, bio, allergies
  • Body Measurements: Circumference measurements (chest, waist, hips, neck, biceps, calves, thighs), body fat percentage, tracking timestamps
  • Images: Avatar photos (public), progress photos (private), exercise demonstration images

Fitness & Nutrition Data

  • Training Data: Workout plans, exercises performed, sets, reps, weights, RPE scores, rest periods, completion timestamps
  • Exercise Logs: Detailed workout history, performance tracking, notes and observations
  • Nutrition Data: Meal plans, nutritional targets, dietary preferences
  • Reviews & Ratings: Training plan ratings, comments, and feedback

Communication & Teams

  • Trainer-Client Communications: Notes, coaching requests, team invitations
  • Notifications: In-app notification preferences and delivery status
  • Support Communications: Help requests, bug reports, feedback submissions

Technical & Usage Data

  • Analytics Data: App usage patterns, feature interactions, session duration (via PostHog)
  • Device Information: Device type, operating system, app version, platform (iOS/Android/Web)
  • Authentication Data: Session tokens, one-time passwords (OTP) for login verification, Google OAuth access and refresh tokens (when using Google sign-in)
  • Push Notification Data: Mobile push tokens (Expo), notification preferences, delivery status

Third-Party Data Sources

  • Google OAuth: When you choose to sign in with Google, we receive your basic profile information (name, email, profile picture), locale preferences, and unique Google identifier. This data is used to create or link your account and pre-populate your profile to reduce onboarding steps.
  • Email Services: Delivery status and engagement metrics from our email provider (Resend)
  • Analytics Services: Aggregated usage statistics and user behavior insights (PostHog)

How We Use Your Information

Primary Uses

  • Service Provision: Deliver core app functionality and features
  • Personalization: Customize workouts, nutrition plans, and recommendations
  • Trainer Matching: Connect you with suitable personal trainers
  • Progress Tracking: Monitor and display your fitness journey
  • Communication: Enable messaging between users and trainers

Secondary Uses

  • Improvement: Analyze usage to enhance app features and performance
  • Support: Provide customer service and technical assistance
  • Marketing: Send relevant updates, tips, and promotional content (with consent)
  • Legal Compliance: Meet legal obligations and enforce our terms

Information Sharing and Disclosure

We Share Information With:

  • Trainers: When you work with a trainer, we share your profile, fitness data, progress measurements, and training history
  • AWS S3: Secure cloud storage for your images (avatar photos are publicly accessible, progress photos are private)
  • PostHog: Analytics service receives anonymized usage data and session recordings (with password masking)
  • Expo Push Service: Mobile notification delivery service receives push tokens and notification content
  • Resend Email Service: Receives your email address and OTP codes for authentication emails
  • Google OAuth: When you sign in with Google, we receive profile data directly from Google's servers. We do not share your Hypro data back to Google - this is a one-way data flow for authentication and profile setup only
  • Legal Requirements: When required by law, court order, or to protect our rights and safety

We DO NOT:

  • Sell your personal information to third parties
  • Share your data with social media platforms
  • Provide identifying information to advertisers
  • Use your fitness data for marketing to third parties
  • Share progress photos without explicit consent
  • Retain authentication data longer than necessary
  • Store traditional passwords (we use OTP-only authentication)

Data Security

We implement multiple layers of security to protect your personal information and fitness data:

OTP Authentication: No password storage - secure one-time password login only
HTTPS Encryption: All data transmitted using TLS encryption
Private Image Storage: Progress photos stored in private AWS S3 buckets
PostgreSQL Database: Industry-standard database with role-based access controls
Session Management: JWT tokens with automatic expiration and cleanup
Data Minimization: We collect only data necessary for app functionality

📱 Mobile App Information

Push Notifications

  • • Mobile-only push notifications via Expo
  • • Push tokens stored securely with your account
  • • You can disable notifications in app settings
  • • No web browser push notifications

Camera & Photos

  • • Camera access for progress photos only
  • • Photos compressed before upload
  • • Progress photos are private to your account
  • • Avatar photos are publicly visible

Note: Our mobile app uses a WebView to display the web application with native integrations for camera and push notifications. Your data is synced across all platforms.

Your Rights and Choices

Account Control

A
Access
View and download your personal data from Settings → Data & Privacy
C
Correction
Update your profile information directly in the app
D
Deletion
Delete your account via Settings → Account or contact support
P
Portability
Export your fitness data in JSON format from Settings

Notification Controls

  • • Manage push notification preferences in mobile app settings
  • • Control email notifications from your profile settings
  • • Disable specific notification types (workouts, meals, teams)
  • • Opt out of all non-essential communications

Google Account Management

  • • Revoke Hypro's access to your Google account directly from your Google Account settings
  • • View and manage what data Google shares with Hypro through Google's privacy controls
  • • Your Hypro account will remain active even if you disconnect Google - you can still log in with email/OTP

Contact Information

If you have questions about this Privacy Policy or our privacy practices, contact us:

Privacy Questions
support@hypro.app
Mark subject as "Privacy"
Support Center
hypro.app/support
FAQ and help resources

This Privacy Policy is legally binding and forms part of our Terms of Service.

Privacy Policy - Hypro