Legal

Privacy Policy

Last updated: June 2, 2026

Gladiator ("we", "our", "us", or "the Company") is committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have. By using the Gladiator app, you agree to the practices described in this policy.

1. Who We Are

Gladiator is a fitness tracking and AI coaching application. Our contact email is infogladiatorapp@gmail.com. For data protection inquiries, please use the same address.

2. Information We Collect

We collect information in the following categories:

• Account & Identity Data: Your email address and any profile information you choose to provide (name, age, gender, height, weight, fitness goals).
• Health & Fitness Data: Workouts you log (exercises, sets, reps, weights, duration), nutrition logs (foods, calories, macronutrients), sleep data, body weight, body measurements, and progress photos. This is sensitive personal data and we treat it with the highest level of care.
• Wearable & Device Data: If you connect a third-party wearable (such as WHOOP), we receive the data you authorize through that service's OAuth flow, which may include heart rate, recovery scores, sleep stages, strain, and activity data.
• Camera & Photos: When you use the meal-photo logging or progress-photo features, we access your device camera and/or photo library solely to capture or select images for those features. Images are transmitted to our servers and AI providers for analysis.
• Device & Technical Data: Device type, operating system version, app version, IP address (used for security and fraud prevention only), and crash/error reports.
• Usage & Analytics Data: App screens visited, features used, time spent in the app, and interaction patterns. This is used solely to improve the app experience.
• Subscription & Billing Data: Your subscription status (active, expired, trial) and purchase history as provided by Apple. We do not receive, store, or process your credit card or payment details — all payment processing is handled exclusively by Apple.
• Communications: If you contact us by email, we retain those communications to respond to you and improve support.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data are:

• Contractual necessity: Processing required to provide the Gladiator service you signed up for.
• Legitimate interests: Improving the app, preventing fraud, ensuring security, and anonymized analytics — where these interests are not overridden by your rights.
• Consent: For sensitive health data and optional features such as progress photos and wearable integration. You may withdraw consent at any time.
• Legal obligation: Where we are required to process data to comply with applicable law.

4. How We Use Your Information

• Provide, operate, and personalize the Gladiator service including AI-generated training plans, nutrition recommendations, and coaching insights.
• Process AI analysis of meal photos (food recognition, calorie estimation) and progress photos using Anthropic's API.
• Sync and display wearable data from connected services to inform recovery, readiness, and training recommendations.
• Generate aggregated and anonymized statistics about your progress over time (streaks, volume, body composition trends).
• Send push notifications for workout reminders, milestones, and service updates — only with your permission and only as you configure them.
• Diagnose and fix bugs, improve app performance, and develop new features.
• Detect and prevent fraud, abuse, or unauthorized access.
• Comply with legal obligations and enforce our Terms of Service.

5. Third-Party Service Providers

We do not sell, rent, or trade your personal data. We share data only with the following service providers, strictly as needed to operate the app:

• Convex, Inc. — Our cloud backend infrastructure provider. Your data is stored and processed on Convex's servers. Convex is contractually prohibited from accessing or using your data for any purpose other than providing infrastructure to us.
• Anthropic, PBC — Processes all AI requests including meal photo analysis, food recognition, progress photo analysis, workout feedback, and AI coaching. Data is processed under our data processing agreement and is not used to train Anthropic's models per their API usage policy.
• Apple, Inc. — Manages all in-app purchases, subscriptions, and subscription renewals through the Apple App Store. Apple's Privacy Policy governs data Apple collects in this context.
• WHOOP, Inc. — Only if you explicitly connect your WHOOP account. You authorize the specific data shared via WHOOP's OAuth flow. You can revoke this access at any time.
• Sentry (Functional Software, Inc.) — Receives anonymized crash reports and error logs to help us identify and fix bugs. Sentry does not receive your personal health data, photos, or account credentials.

6. Health Data — Special Protections

• Health data is encrypted in transit (TLS 1.2+) and at rest.
• Health data is never used for advertising or sold to third parties under any circumstances.
• Progress photos are stored with access controls and are never shared with any third party except Anthropic for AI analysis at your explicit request.
• AI providers process your data only as a data processor on our behalf and are contractually prohibited from using it for their own purposes.

7. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter to allow for account recovery. Specifically:

• Account data and health logs: retained until account deletion.
• Progress photos: retained until you delete them or request account deletion.
• Crash/error logs: retained for up to 90 days in aggregated, anonymized form.
• Backup copies may persist for up to 30 days after account deletion before being fully purged from backup systems.

You may request deletion of your account and all associated data at any time by emailing infogladiatorapp@gmail.com. We will process deletion requests within 30 days.

8. Security

We implement industry-standard security measures to protect your data, including TLS 1.2+ encryption for all data in transit, encryption at rest for stored data, access controls limiting who within our team can access user data, and regular security reviews of our infrastructure and code. No system is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data: Access, Correction, Deletion, Portability, Restriction, Objection, and Withdrawal of consent. To exercise any of these rights, email infogladiatorapp@gmail.com. We will respond within 30 days.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA including the Right to Know, Right to Delete, Right to Opt-Out of Sale (we do not sell your data), and Right to Non-Discrimination. To submit a CCPA request, email infogladiatorapp@gmail.com with "CCPA Request" in the subject line.

11. International Data Transfers

Gladiator is operated from the United States. If you use the app from outside the United States, your data will be transferred to and processed in the United States. For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international transfers.

12. Children's Privacy

Gladiator is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at infogladiatorapp@gmail.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this policy and notify you via in-app notice or email.

14. Contact Us

For any questions, concerns, data requests, or to exercise your privacy rights, please contact us at infogladiatorapp@gmail.com. We aim to respond to all inquiries within 30 days.