Webance — Gym Tracker

Privacy Policy

Last updated: 18 April 2026

Webance - Gym Tracker ("the app", "we", "us") is built to respect your privacy. This page explains exactly what we collect, why, and what rights you have over your data.

1. What we collect

Data you provide

• Email address — required to sign in (passwordless magic link + 6-digit code) and to sync your workouts across devices.
• Workout data — the sessions, exercises, weights, reps, and history you enter in the app.
• Preferences — theme (dark/light), language, and any settings you change.

Data we do NOT collect

• No real name, address, phone number, or payment details.
• No health metrics beyond the workouts you voluntarily log.
• No advertising identifiers, cross-site trackers, or third-party analytics cookies.

2. Where your data lives

• On your device — localStorage holds every workout, setting, and history entry. The app works fully offline because of this.
• Firebase Firestore (Google Cloud) — a mirror of your local data, used only to sync between your devices. Access is scoped to your signed-in email.
• Brevo — only your email address, for sending the sign-in link and (if you opt in) a welcome message.
• Our VPS — a server-side log of your email and signup timestamp, used only for account management.

3. Why we collect what we collect

• Authentication — so we can let you back in without a password.
• Cross-device sync — so your log on phone matches your log on laptop.
• Support — if you email us, we need to know who you are.

We never sell, rent, or share your email or your workouts with third parties for advertising or marketing.

4. Your rights (GDPR + CCPA)

• Access — the Settings screen shows everything we know about you.
• Export — one tap in Settings → Backup & Restore → "Export data as JSON" downloads a full copy.
• Deletion — Settings → Danger Zone → "Clear all data" wipes everything locally. To also delete cloud + Brevo records, email support@webance.net and we'll remove them within 7 days.
• Portability — the exported JSON file is human-readable and can be imported into another instance of the app.

5. Cookies

The app uses one short-lived technical cookie (gym_verified, 5 minutes) to confirm you've just clicked the verification link. No marketing or analytics cookies, so no cookie banner is needed.

6. Security

• All traffic is HTTPS (TLS 1.2+).
• Sign-in tokens are HMAC-signed and expire after 24 hours.
• Passwordless by design — there is no password database to breach.

7. Children

The app is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from minors. If you believe a child has provided us with data, contact support@webance.net and we will delete it.

8. Changes to this policy

If we ever change this policy in a way that affects what we collect or how we use it, we will update the "Last updated" date above and notify signed-in users by email before the change takes effect.

9. Contact

Questions, requests, or concerns: support@webance.net