Privacy Policy

Last updated: March 30, 2026

1. Introduction

Pushd ("we", "our", or "us") operates the Pushd fitness application and website at pushd.fit (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

2.1 Information you provide directly

  • Account information: name, email address, username, password
  • Profile information: date of birth, biological sex, height, weight, fitness goals
  • Workout data: exercises, sets, reps, weight, duration, notes
  • Workout media: photos and videos you attach to a workout post (up to 5 files per workout)
  • Nutrition data: meals, calories, macronutrients, water intake
  • Progress photos and body measurements
  • Captions and social content you write when sharing a workout
  • Communications you send us via the contact form

2.2 Information collected automatically

  • Device information: device model, operating system version
  • Usage data: features used, screens visited, session duration
  • Push notification tokens (to deliver workout reminders and streak alerts)
  • Apple Watch connectivity data: exercise and set completion events sent from your watch to the app
  • iOS Live Activity state: active workout name and elapsed time displayed on the Dynamic Island / Lock Screen — this data is processed entirely on-device and never sent to our servers
  • Crash reports and error logs (used to fix bugs)

2.3 Information from third parties

  • Google Sign-In: name, email address, profile picture
  • Apple Sign-In: name (if shared), email address (or relay address)
  • Passkey / WebAuthn: a cryptographic public key credential — your biometric data never leaves your device
  • Payment processor (App Store / Google Play): subscription status only — we never receive full payment details

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Provide, operate, and improve the Service
  • Personalise AI-powered features (workout plans, coaching, cooldown & stretch suggestions, meal plans)
  • Display your workout history, progress photos, and performance trends
  • Enable social features when you choose to share a workout publicly
  • Generate and serve public workout share pages (pushd.fit/share/[id]) for workouts you explicitly share
  • Send workout reminders, streak alerts, and product updates (you can opt out at any time)
  • Respond to support requests
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Data Sharing

We share your data only in these limited circumstances:

  • Service providers: We use Cloudinary (profile photos and workout media storage), Resend (email delivery), and Sentry (error reporting). These providers process data only on our behalf and under strict confidentiality obligations.
  • AI processing: When you use AI features (AI Coach, AI Workout Planner, AI Meal Plans, Recovery Insights), relevant context — such as exercise names, muscles worked, workout history, goals, and body stats — is sent to Anthropic via our API to generate responses. This data is not used to train AI models and is not retained by Anthropic beyond the duration of the request. AI features are clearly labelled in the app. AI-generated content is for general fitness guidance only and does not constitute medical or nutritional advice.
  • Public workout share pages: When you tap “Share” after a workout, a publicly accessible page is created at pushd.fit/share/[id]. It displays your workout title, exercise list, stats, and any photo you choose to include. You control this — the page is only created when you explicitly share.
  • Social features: Workouts and content you choose to share publicly are visible to other Pushd users. Sharing is always opt-in.
  • Legal requirements: We may disclose your information if required by law or to protect our rights and the safety of our users.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we permanently delete all your personal data within 30 days, except where we are required by law to retain it.

6. Security

We implement industry-standard security measures including:

  • Passwords hashed with bcrypt (cost factor 12)
  • All data transmitted over TLS/HTTPS
  • Short-lived access tokens (1-hour TTL) and long-lived refresh tokens (30-day TTL) stored in encrypted device storage (iOS Keychain / Android Keystore)
  • Refresh token rotation — every use invalidates the old token and issues a new one, limiting the impact of a stolen token
  • Biometric login (Face ID / Touch ID) protects the stored refresh token — it cannot be used without passing biometrics
  • Passkey / WebAuthn login — your biometric data never leaves your device
  • Rate limiting and account lockout to prevent brute-force attacks
  • Regular security reviews

For full details, see our Security page. No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and all associated data
  • Portability: Receive your workout data in a machine-readable format
  • Opt-out: Unsubscribe from marketing emails or disable push notifications

To exercise these rights, contact us at privacy@pushd.fit or use the in-app Contact form.

8. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: