Privacy Policy

Last updated: May 23, 2026 Effective date: May 23, 2026

Project Jacked AI (“we”, “our”, “the app”, “the service”) is operated by Project Jacked AI as a sole-operator project. This Privacy Policy explains what personal information we collect when you use the app, why we collect it, who we share it with, and what control you have over your data.

If you have any questions, contact us at hassanxiddiqui@gmail.com.

1. Information we collect

When you create an account and use the app, we collect the following categories of information:

1.1 Account data

  • Email address (for sign-in + password reset)
  • Encrypted password (we never see your plaintext password — Supabase handles authentication)
  • Display name (chosen during onboarding)

1.2 Body + goal profile (entered during onboarding)

  • Age + sex/gender
  • Weight (current + target) and height
  • Fitness goal (fat loss / muscle gain / recomposition)
  • Training experience level (beginner / intermediate / advanced)
  • Preferred training frequency (3-6 days per week)
  • Equipment access (bodyweight / dumbbells / full gym)
  • Daily targets (cardio minutes, steps, water cups, protein grams)

1.3 Activity data (entered when logging your daily mission)

  • Workout logs (sets, reps, weight per exercise, session duration)
  • Cardio logs (type, duration in minutes, calculated kcal estimate)
  • Step counts you enter manually
  • Water cup counts you enter manually
  • Protein grams you enter manually
  • Mission completion status per day

1.4 Progression data (derived by the app)

  • Experience points (XP), level, current streak
  • Macrocycle block progression (Block 1 → Block 2 → Block 3 across 12 weeks)
  • Personal records on tracked lifts

1.5 Subscription data

  • Subscription status (free trial, paid, expired)
  • Subscription receipts (handled by Google Play; we receive a token, not your payment card)

1.6 Anonymous usage analytics

  • App opens, screen views, feature usage events (e.g. “workout completed”, “paywall viewed”)
  • Linked to your account ID so we can analyze funnels by user goal / experience level / training frequency
  • Used to improve the app — never sold

1.7 Crash reports (when enabled)

  • If a crash occurs, we may collect stack traces, device model, OS version, and the in-app actions immediately preceding the crash
  • Used solely to fix bugs

We do not collect:

  • Body photos / progress photos / physique camera scans
  • Health data from Apple Health, Google Fit, or any wearable
  • Location data
  • Contacts, calendars, photos library, or any other on-device personal data
  • Precise device identifiers (IMEI, MAC address, etc.)

2. How we use your information

We use the data above to:

  • Personalize your daily mission. Your goal, experience, frequency, and equipment determine which workout is selected for the day and what your cardio / step / water / protein targets are.
  • Track your progression. Workout logs feed your XP, level, streak, and macrocycle block transitions.
  • Process subscriptions. Trial state + entitlement checks against Google Play.
  • Improve the app. Aggregate analytics tell us which features are used and where users drop off.
  • Fix bugs. Crash reports tell us when and where the app breaks.
  • Communicate with you. Password reset emails. We do not send marketing emails.

We do not use your data for advertising, targeted advertising, or profiling for advertising purposes.

3. Who we share data with

We share data with the following processors, each of whom is contractually bound to use it only for the purpose we direct:

Processor Purpose What they receive
Supabase (database + auth) Stores your account + all logs Everything in sections 1.1–1.4
RevenueCat (subscription management) Validates and tracks subscriptions Your user ID + subscription events
Google Play (billing) Processes payments Standard billing data
PostHog (analytics) Anonymous-feature analytics Account ID + usage events
Sentry (crash reporting, when enabled) Captures crashes for debugging Stack traces + device model

We do not sell your personal data to anyone. We do not share your data with advertisers.

4. Data retention

  • We keep your data for as long as your account is active.
  • When you delete your account (Profile → Settings → Delete Account), we erase your profile, workouts, cardio logs, step logs, water logs, fuel logs, missions, XP events, and subscription history within 30 days. Backup copies may persist up to 60 days before being purged.
  • Anonymized aggregate analytics (e.g. “10% of users on the muscle-gain track completed Block 3”) may be retained indefinitely as they cannot be tied back to you.

5. Your rights

You have the right to:

  • Access your data. Request a copy by emailing hassanxiddiqui@gmail.com.
  • Delete your data. Use Profile → Settings → Delete Account in the app, or email us.
  • Correct your data. Update your profile, body stats, and goal inside the app at any time.
  • Object to analytics processing. Email us to opt out (v2.0 will add an in-app toggle).

We respond to verified requests within 30 days.

6. Children

The app is not intended for users under 14 years of age. Onboarding requires age 14 or older. If we learn that we have collected personal data from a user under 14, we will delete it.

7. International data transfers

Your data is stored on Supabase servers in the United States. By using the app, you consent to your data being transferred to and processed in the US.

8. Security

We use industry-standard protections:

  • All data in transit is encrypted (TLS 1.2+).
  • Passwords are hashed (we never see your plaintext password).
  • Database access is restricted by row-level security policies — your data is only readable by your account.

No system is perfectly secure. If you suspect your account has been compromised, change your password and contact us immediately.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top of this page.
  • For material changes, surface an in-app banner the next time you open the app.

Continued use of the app after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions, requests, or concerns:

hassanxiddiqui@gmail.com

Operated by Project Jacked AI.