Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains what information GIGACHAD ("we", "us", or "the app") collects, how we use it, and your choices about it. This policy applies to the GIGACHAD mobile app and the website at gigachadapp.com. If you have questions, email hello@gigachadapp.com.

1. Information we collect

Information you give us

• Account information. Email address, password (stored as a one-way hash), display name, and the answers you provide during onboarding (your goal, experience level, equipment access, weekly availability, and any lifting limitations you choose to share).
• Workout data. Exercises performed, sets, reps, weights, rest times, and timestamps.
• Body metrics (optional). Body weight and progress photos, if you choose to log them. Progress photos are stored per-user and never shared.
• Form check submissions (optional). Video you upload for AI or human form review.
• Preferences. Unit system, notification preferences, and in-app display settings.

Information we collect automatically

• Device information. Operating system version, app version, device model, and a device identifier generated by the app for crash reporting and analytics. We do not read your device advertising ID.
• Usage analytics. Anonymized events about how you use the app (screens viewed, workouts started and finished, which articles you open). We use PostHog for this. Events do not include your name, email, workout numbers, body metrics, or check-in responses.
• Affiliate click data. If you tap a product link in a Self Care article, we record the tap (which article, which merchant, when). We use this to understand which recommendations are useful. We do not share your click history with merchants beyond the affiliate tracking the merchant uses to credit a sale.

2. How we use information

• To provide, maintain, and improve the app
• To personalize program recommendations based on onboarding
• To send you the notifications you have enabled
• To monitor for crashes and technical problems, and to improve stability
• To process subscription payments (via Apple, Google, or Stripe)
• To process affiliate commissions when you purchase through a link
• To comply with legal obligations

3. How we share information

We do not sell your personal information. We share information only with:

• Service providers who help run the app: Supabase (database + storage), RevenueCat (subscriptions), PostHog (analytics), Sentry (crash reporting), and the affiliate networks linked below. These providers are bound by their own privacy policies and are restricted to using your data only to provide their services to us.
• Apple and Google for subscription processing, governed by their respective privacy policies.
• Affiliate networks (Amazon Associates, Rakuten, Impact, ShareASale, and similar) when you tap a product link. They receive the tap as part of attributing a sale and the click is subject to their privacy practices.
• Legal authorities if required by law, a valid subpoena, or to protect the rights, property, or safety of GIGACHAD, our users, or others.

4. Affiliate and sponsor monetization

Some articles in the Self Care section of the app include product recommendations. A small number of those recommendations are affiliate links, meaning if you tap the link and make a purchase on the retailer's website, we may earn a commission at no extra cost to you. As an Amazon Associate we earn from qualifying purchases.

When we recommend a product, we record the tap (the article, the merchant, and the time) so we can understand which recommendations are useful. We do not share your tap history with merchants or advertisers beyond the affiliate tracking that the retailer uses to credit the sale. The retailer's privacy practices are governed by the retailer's own privacy policy, which you accept by visiting their site.

We never accept payment to recommend a product we don't stand behind. Every recommendation must pass an editorial test: if the affiliate program disappeared tomorrow, would we still include it? Paid sponsorships are clearly labeled "Sponsored" and follow the same test.

5. Your choices

• Edit your information. Update your onboarding answers and preferences any time from Profile → Settings.
• Delete your account. Profile → Account → "Delete my account" removes your profile, workouts, body metrics, and progress photos within 30 days. Anonymized analytics events older than 30 days are retained in aggregate.
• Notifications. Turn off workout reminders, weekly check-ins, or any other push notifications from Profile → Notifications.
• Affiliate tracking. If you prefer not to have your clicks recorded, don't tap the product links. The article content is complete without them.

6. Data retention

We keep your account data as long as your account is active. When you delete your account, we remove your personal information within 30 days. Some records are retained longer for legal and accounting reasons: subscription payment records (7 years for US tax compliance) and anonymized analytics (up to 24 months).

7. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt. No method of electronic storage is 100% secure; we cannot guarantee absolute security. If you believe your account has been compromised, email us immediately at security@gigachadapp.com.

8. Children's privacy

GIGACHAD is not directed to children under 16 and we do not knowingly collect information from anyone under 16. If you become aware that a child has provided us with personal information, email us and we will delete it.

9. Residents of California, Colorado, Connecticut, Utah, Virginia, and other US states with privacy laws

Depending on your state, you may have the right to request access to the personal information we hold about you, correct it, delete it, or opt out of "sales" or "targeted advertising." We do not sell personal information and we do not use it for targeted advertising as defined by those laws. To exercise any of these rights, email privacy@gigachadapp.com from the email associated with your account and we will respond within the statutory window.

10. Residents of the EEA and UK

If you are in the European Economic Area or the United Kingdom, you have rights under the GDPR and UK GDPR including access, rectification, erasure, restriction, portability, and objection. Our lawful bases for processing are: performing the contract (providing the app you signed up for), legitimate interests (operating the service, measuring its health), consent (for optional features like notifications), and legal obligation (tax records). Contact privacy@gigachadapp.com to exercise your rights or to lodge a complaint with your local supervisory authority.

11. International data transfers

GIGACHAD is operated from the United States. When you use the app from outside the US, your information is transferred to and processed in the US and possibly other countries where our service providers operate. These countries may have data protection laws that differ from your country's laws.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app and update the "Last updated" date at the top. Continued use of the app after an update means you accept the revised policy.

13. Contact us

Questions about this Privacy Policy? Email privacy@gigachadapp.com or write to:

GIGACHAD
[Street address]
Minneapolis, MN [ZIP]
United States

Replace the address placeholder with your registered business address before publishing.