Privacy Policy - Bastion Fitness

At Bastion Fitness ("Bastion," "we," "us"), we treat your fitness data with the same respect we treat our own training. This Privacy Policy outlines exactly what we collect, why we collect it, and—most importantly—what we won't do with it.

1. Information We Collect

1.1. Personal Identification Information

Account Details: Name, email address, password (hashed), and profile photo.
Gym Affiliation: The gym or organization you are a member of.

1.2. Health and Fitness Data ("Protected Fitness Data")

We collect specific metrics to provide our core service—tracking your fitness progress. This includes:

Body Metrics: Body weight, gender (for leaderboard categorization), and age.
Performance Data: Workout results (times, rounds, reps), weight lifted, 1-Rep Maxes (1RM), and benchmark scores.
Notes: Personal journal entries and notes attached to workouts.

1.3. Technical Data

Device information (mobile vs. desktop), IP address, and browser type, used solely for security logging and improving user experience.

2. How We Use Your Data

We use your data strictly to provide and improve the Bastion Fitness platform:

Programming Logic: To calculate personalized lifting weights based on your 1RM percentages.
Progress Tracking: To generate history charts and identify Personal Records (PRs).
Leaderboards: To display your scores on your gym's leaderboard (if your privacy settings allow).
Gym Management: To allow your coaches to view your attendance and performance to help them coach you better.

3. Data Ownership and Sharing

3.1. WE DO NOT SELL YOUR DATA

We will never sell, rent, or trade your personal information or Protected Fitness Data to third parties.

We do not sell data to insurance companies.
We do not sell data to advertisers.
We do not sell data to data brokers.

3.2. Sharing with Your Gym

By joining a Gym on Bastion, you authorize that Gym's staff (Owners and Coaches) to view your:

Name and Profile Photo.
Workout Logs and Results.
Attendance history.
Personal Records.

This sharing is essential for your coaches to provide programming and feedback. You can leave a Gym at any time to revoke this access.

3.3. Public Visibility

By default, your workout results are visible to other members of your Gym (the "Community Board"). You can adjust your privacy settings to make your logs "Private" (visible only to you and your coaches).

3.4. Service Providers

We use trusted third-party sub-processors to run our infrastructure. They process data only according to our instructions:

Google Cloud Platform / Firebase: Hosting, database, and authentication.
Stripe: Payment processing (we do not store full credit card numbers).
Transactional Email Provider: Sending password resets and notifications.

4. Data Storage and Security

4.1. Security Measures

Encryption: Data is encrypted in transit (using TLS 1.2+) and at rest (AES-256) on our servers.
Access Control: Strict role-based access controls ensure only authorized Bastion engineers can access the database for maintenance purposes.

4.2. Data Retention

We retain your data for as long as you maintain an account.

Deletion: If you delete your account, your personal identifiers are removed from our active database immediately. Backup archives may retain data for up to 30 days before being overwritten.

5. Your Rights

Access: You can view all your logged data within the app.
Portability: You can request an export of your workout history in a machine-readable format.
Correction: You can edit any past workout result or body metric.
Erasure: You can request the permanent deletion of your account and data via [Settings > Delete Account] or by emailing privacy@bastionfit.com.

6. Children's Privacy

Bastion is not intended for use by children under the age of 13. We do not knowingly collect data from children under 13.

7. Contact Us

For any privacy-related questions or to exercise your rights, please contact our Data Protection Officer at:

Email: privacy@bastionfit.com
Address: [Your Business Address]