Privacy Policy — Project BOD
Last updated: June 30, 2026
This Privacy Policy explains how The Bullpen Training ("we," "us," "our") collects, uses, and protects your information when you use the Project BOD mobile app (the "App").
Plain-language summary: Project BOD works without an account and keeps your data on your phone. If you create a free account, we store your workout data, body weight, and progress photos in a secure cloud database so you can back them up and sync across devices. We also use certain data — your name, email, and health/fitness information — for analytics and to market our own products to you (for example, promotional emails you can opt out of). We do not sell your data, and we do not track you across other companies' apps or websites. You can export or permanently delete everything at any time.
1. Who we are
The Bullpen Training is the operator of Project BOD. Contact: support@thebullpentraining.com
2. When this policy applies
This policy applies to the Project BOD app. The App is local-first: you can use it fully offline with no account, in which case your data stays on your device. The cloud and account features described below apply only if you create an account.
3. What data we collect
We collect the following categories of data (these correspond to the data types disclosed on our App Store "App Privacy" label):
a. Contact Info (linked to your identity)
- Name (or nickname) and Email Address.
b. Health & Fitness (sensitive data; linked to your identity, and in some aggregated/de-identified cases not linked to your identity)
- Health data such as body weight and progress photos of your body.
- Fitness data such as challenge plans, daily repetition logs, sets, and max-test results.
c. User Content (linked to your identity)
- Photos or Videos — the progress photos and workout videos you capture, and journal notes attached to training days.
d. Diagnostics (linked to your identity)
- Crash Data, Performance Data, and Other Diagnostic Data used to keep the App stable and reliable.
We also process your subscription status through our payments providers (the Apple App Store / Google Play and RevenueCat). We do not receive or store your full payment-card details.
4. How we use your data
We use each category of data for the purposes below:
|
Data type |
Purposes |
Linked to you? |
|
Name |
App functionality, product personalization, our advertising/marketing, analytics |
Yes |
|
Email address |
Our advertising/marketing, app functionality, product personalization, analytics |
Yes |
|
Health |
Analytics, app functionality, our advertising/marketing |
Yes |
|
Fitness |
App functionality, analytics, our advertising/marketing, product personalization |
Yes |
|
Photos or Videos |
App functionality |
Yes |
|
Crash Data |
App functionality |
Yes |
|
Performance Data |
App functionality |
Yes |
|
Other Diagnostic Data |
App functionality |
Yes |
What these purposes mean:
- App functionality — to run the App's core features: build and track your challenges, back up and sync your data, and send essential account emails (confirmation, magic-link sign-in, password reset).
- Product personalization — to tailor content and plans to you.
- Analytics — to understand how the App is used so we can improve it and measure audience size and engagement. Some analytics use aggregated or de-identified data that is not linked to your identity.
- Our advertising / marketing — to market our own products and features to you, including sending promotional communications and measuring how well our marketing performs. We do not share your data with third-party ad networks for their own advertising.
5. Marketing communications and your choices
If we send you promotional emails, you can opt out at any time using the unsubscribe link in the email or by emailing support@thebullpentraining.com. We will still send essential, non-marketing account and service messages (for example, password resets). Where required by law, we will obtain your consent before sending marketing or before using sensitive health/fitness data for analytics or marketing.
6. What we do NOT do
- We do not sell your personal information.
- We do not track you across other companies' apps or websites, and we do not use third-party advertising networks that do so. (We do not use App Tracking Transparency "tracking.")
- We do not make your progress photos public.
7. Legal bases (EEA/UK users)
Where the GDPR applies, we rely on: your consent (for storing health/fitness data in the cloud and, where applicable, for analytics/marketing that use health/fitness data), performance of a contract (to provide the App), and legitimate interests (security, diagnostics, and improving the App). You may withdraw consent at any time by adjusting your choices or deleting your account.
8. How your data is stored and protected
- Cloud data is stored with Supabase, Inc., our database and storage processor, on encrypted infrastructure.
- Progress photos are stored in a private storage bucket that is never publicly accessible; images are served only through short-lived signed links to you.
- Access is restricted by row-level security so each account can reach only its own data.
- Data is encrypted in transit (HTTPS/TLS) and at rest.
No system is perfectly secure, but we take reasonable measures to protect your information.
9. Sharing and disclosure
We share data only with:
- Service providers acting on our behalf (e.g., Supabase for hosting/storage; RevenueCat and the app stores for subscriptions; email/analytics providers we use to operate the service), bound to protect it and use it only for us.
- Legal authorities when required by law.
- A successor in the event of a merger or acquisition (you will be notified).
People you choose to message (e.g., an accountability partner) receive only what you explicitly send them from your device.
10. Data retention
We keep your account data while your account is active. When you delete your account, we permanently erase your cloud data — including database records and stored photos — typically immediately, and within 30 days at the latest from backups. Data you keep only on your device is removed when you delete the App or clear its data.
11. Your rights and choices
In the App you can:
- Export all your data: Settings → Account → Export My Data.
- Delete your account and all associated cloud data: Settings → Account → Delete Account.
- Opt out of marketing emails (Section 5).
Depending on where you live (e.g., EEA/UK under GDPR, California under CCPA/CPRA), you may also have rights to access, correct, restrict, or object to processing (including opting out of the use of sensitive data for certain purposes), and to data portability. To exercise these, use the in-app tools above or email support@thebullpentraining.com. We will not discriminate against you for exercising your rights.
12. Children's privacy
Project BOD is not intended for children under 13, and account creation requires confirming you are 13 or older. Some content is labeled 18+. We do not knowingly collect data from children under 13; if you believe a child has provided us data, contact us and we will delete it.
13. International transfers
Your data may be processed in countries other than your own, including the United States. Where required, we use appropriate safeguards for such transfers.
14. Changes to this policy
We may update this policy. We will post the new version with a revised "Last updated" date and, for material changes, notify you in the App or by email.
15. Contact us
Questions or privacy requests: support@thebullpentraining.com