# PRIVACY POLICY

**The One Workout**

Effective Date: April 18, 2026
Last Updated: April 18, 2026

This Privacy Policy explains how The One Workout (the "App") and its developer (the "Developer," "I," "me," "my") handle information when you use the App.

## 1. Summary of the App's Data Model

The App is designed to work without developer-managed user accounts or developer-operated servers. Your progress is derived from your saved history entries (for example: daily exercise counts, points, streak status, power-up selection, boss results, and achievements computed from that history). This data is stored locally on your device and may sync via Apple iCloud if you enable it. I do not have access to your exercise data, history, or progress.

## 2. Information You Provide in the App

Depending on how you use the App, you may input or generate:

- exercise entries (push-ups, sit-ups, squats, run distance),
- timestamps and day-by-day history,
- points, multipliers, streaks, bonuses, power-ups, boss battle outcomes, and achievements (generated from your history),
- optional notes you add to entries (if the App supports notes).

This data stays on your device (and in iCloud if you enable syncing). I do not collect, transmit, or store this data on my servers.

## 3. Analytics Data (Firebase Analytics)

The App uses Firebase Analytics, provided by Google, to collect anonymized usage data that helps me understand how the App is used and improve the experience. This data is not linked to your identity and is used solely for product improvement.

### 3.1 What I Collect

I collect aggregated and anonymized information about your interactions with the App. This includes information about exercise activity counts, power-up usage, boss fight attempts and outcomes, points earned, and achievements unlocked. I also collect information about which app settings and preferences you have enabled, so I can understand how features are being used across the user base.

Firebase Analytics also collects standard device and usage metadata, such as device type, operating system version, app version, session duration, and general interaction events.

I do not collect your name, email address, or any other directly identifying information through Firebase Analytics. If you use HealthKit to drive your run data, I record only whether HealthKit integration is active, not the underlying health data.

### 3.2 How I Use Analytics Data

I use analytics data to identify bugs and performance issues, understand which features and settings are most and least used, improve game balance and scoring mechanics, and plan future development.

### 3.3 Google and Firebase

Firebase Analytics is subject to Google's privacy policy. Google may process analytics data on servers located outside your country of residence. I have configured Firebase Analytics to minimize data collection and do not enable advertising features or link analytics data to advertising identifiers.

## 4. Advertising (Google AdMob)

The App displays advertisements served by Google AdMob. To deliver and personalize ads, AdMob may collect certain information from your device, including:

- device identifiers (such as the Identifier for Advertisers, or IDFA, if you grant permission),
- IP address,
- device type and operating system version,
- ad interaction data (such as impressions, taps, and views).

**What I do not share with ad networks.** I do not provide your exercise data, App history, HealthKit data, or any data stored locally on your device to AdMob or any other ad network. HealthKit data is never used for advertising purposes.

**Personalized vs. non-personalized ads.** AdMob may serve personalized ads based on information it collects independently. You can limit personalized advertising by adjusting your device's privacy settings, including the App Tracking Transparency prompt on iOS. If you decline tracking, AdMob will serve non-personalized ads.

For more information about how Google uses data from apps that use its services, see Google's privacy policy.

## 5. In-App Purchases

The App may offer in-app purchases. All transactions are processed by Apple through the App Store. I do not collect, process, or store any payment information such as credit card numbers, billing addresses, or Apple ID credentials. Apple's handling of your payment information is governed by Apple's privacy policy and terms of service.

## 6. Health Data via Apple Health and HealthKit

If you choose to connect the App to Apple's Health database (HealthKit), the App may request permission to read and/or write certain health and fitness data types.

**Data the App may read (examples).** Run or workout records and related fields (such as distance, duration, timestamps) so your run progress can be tracked without manual entry when the run was recorded by another app or device.

**Data the App may write (examples).** Exercise activity records that reflect what you log in the App, so the activity can appear in the Health app and be available to other HealthKit-enabled apps.

**How I use Health data.** I use Health data only to provide App features you request, such as importing run workouts for tracking and optionally writing your logged activity to Health.

**No advertising use.** I do not use HealthKit data for advertising, marketing, or tracking profiles. HealthKit data is never sent to Firebase Analytics, Google AdMob, or any other third-party service.

## 7. Data Export and Import

If you use CSV export, the App will generate a file containing history entries and related tracking fields. If you use CSV import, the App will read a file you select and attempt to merge or replace your existing history based on App behavior.

Because exported files can contain sensitive fitness information, you should store and share export files carefully. You are responsible for the security of exported files once you move them outside the App.

## 8. Data Sharing

I do not sell your personal information.

I do not share your App history with third parties for their marketing or advertising.

Anonymized, aggregated analytics data is processed by Google through Firebase Analytics as described in Section 3. Google AdMob may independently collect device-level information for advertising purposes as described in Section 4. Apple processes payment transactions for in-app purchases as described in Section 5.

If you enable Apple iCloud syncing, your data may be processed and stored by Apple as part of providing that sync.

## 9. Data Retention

Your exercise data and App history are stored on your device and in Apple iCloud (if enabled). I do not store this data on my servers, so retention is controlled by you through your device and iCloud settings.

Analytics data collected by Firebase is retained according to Google's Firebase Analytics defaults and my Firebase configuration. Aggregated reports may be retained indefinitely.

Health data written to the Health database is retained according to Apple Health and your device settings until you delete it within the Health app or related settings.

## 10. Your Choices and Controls

**In-App controls.** You can delete entries, reset your history, and export your data to CSV for backup or transfer.

**Health permissions.** You can grant, limit, or revoke HealthKit permissions in iOS settings. Permissions are separated by read vs. write and by data type, and can be reviewed or revoked at any time.

**Ad tracking.** You can limit personalized advertising by declining the App Tracking Transparency prompt or by adjusting your device's privacy settings under Settings > Privacy & Security > Tracking.

**Analytics.** You can disable analytics data collection using the toggle in the App's settings. Disabling analytics collection will not affect data already collected.

## 11. Your Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent local law. Because the App does not use developer-operated servers or user accounts, your exercise data and history are stored only on your device and through Apple iCloud (if enabled). I do not have access to this data.

- **Access and portability:** Your data is already in your possession. Use the App's CSV export to obtain a portable copy.
- **Erasure:** Delete data within the App, reset your history, or delete the App. For iCloud data, use your device's iCloud storage settings.
- **Rectification:** Correct data directly within the App.
- **Object to analytics:** Limit analytics and ad tracking through the app's settings and your device's privacy settings.
- **Withdraw consent:** Adjust permissions in device settings or stop using the App.

Because analytics data is collected in anonymized and aggregated form, it is not possible to identify or retrieve data associated with a specific individual. You also have the right to lodge a complaint with your local data protection authority.

My legal basis for processing is consent (provided when you accept the Terms and grant permissions) and legitimate interest (improving App features and stability).

## 12. Your Rights Under CCPA/CPRA (California)

If you are a California resident, the CCPA (as amended by the CPRA) provides you with additional rights. Your exercise data is stored on your device and through Apple iCloud, not on my servers. I do not sell or share your personal information for cross-context behavioral advertising.

- **Right to know:** The categories of information associated with your use are described in this Privacy Policy. Your exercise data is stored locally and already accessible to you.
- **Right to delete:** Delete data using the App's controls or by deleting the App.
- **Right to correct:** Correct data directly in the App.
- **Right to opt out of sale or sharing:** I do not sell your personal information. Google AdMob may collect device-level data for advertising; you can limit this through iOS App Tracking Transparency.
- **Right to non-discrimination:** I will not discriminate against you for exercising your rights.

## 13. Security

I use reasonable safeguards appropriate to the App's design. Because your data is stored on your device and (optionally) in iCloud rather than on my servers, the security of your data depends largely on your device security (passcode, OS updates, iCloud settings) and your handling of exported CSV files.

## 14. Children's Privacy

The App is not intended for children under 13 (or under 16 in the EEA, UK, or Switzerland unless parental consent is provided as permitted by local law).

## 15. International Data Transfers

Analytics data processed by Firebase and advertising data processed by AdMob may be transferred to and stored on servers outside your country of residence, including in the United States. By using the App, you acknowledge this transfer. Where required by law, I rely on appropriate safeguards such as standard contractual clauses for international transfers.

## 16. Contact

If you have questions about this Privacy Policy, contact: michaeljreedy+onesupport@gmail.com.