This Privacy Policy describes how [YOUR LEGAL NAME OR BUSINESS NAME] ("we," "us," or "our") handles information when you use the Ghost Gains application ("the App"). By using the App, you agree to the practices described here. If you do not agree, do not use the App.
Ghost Gains is a single-device fitness tracker. Everything you log is stored on your device. We do not run a server, do not maintain user accounts on our end, and cannot see your data. The only time information leaves your device is when you use AI features โ at which point your input is sent directly from your device to the AI provider whose API key you configured.
The App stores the following locally on your device using browser localStorage:
This data never leaves your device unless you actively use AI features or export it yourself.
The App uses a "bring your own key" (BYOK) model. To use AI features, you provide your own API keys from third-party providers. When you use these features, your input is transmitted directly from your device to the provider you configured. We do not see, store, or proxy this data.
Providers and the data they may receive:
If you do not configure these keys, no information leaves your device.
Information stored on your device is used to operate the App's features: track your logs, compute progress, render personalized AI responses, award XP, and so on. Information sent to AI providers is used by those providers to generate the response you requested.
We do not sell, rent, lease, or share your personal information with anyone, for any purpose. We could not even if we wanted to โ we don't have it. The only "sharing" that occurs is between your device and the AI providers you configured, and that sharing is governed by each provider's own policies.
Data is stored in your browser's localStorage on the device you use the App from. Passwords are hashed locally using PBKDF2-SHA256 with a random salt before storage; we never see your plaintext password.
Browser localStorage is not encrypted at rest by default. Treat your device's lock screen as your security boundary. If someone else has physical access to your unlocked device, they can read the App's data using browser developer tools. If your device is lost or compromised, we cannot help you recover data โ we never had a copy.
Your data persists on your device until you delete it. You may:
Because we do not collect or store your personal information on our servers, most data-subject rights are exercised directly on your device through the App's UI. You can access your data (it's all visible in the App), correct it (edit in the App), delete it (DELETE ACCOUNT), and port it (EXPORT MY DATA).
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.
Categories of personal information we collect: identifiers (username, display name you choose), customer records (your logs and profile), health-related information you voluntarily enter (food, weight, workouts). We do not collect biometric identifiers, geolocation, financial information, or sensitive categories beyond what you voluntarily input.
Sources: directly from you (App input) and the AI providers you configured (their responses to your queries).
Business or commercial purpose: to operate the App on your device. We do not use your information for advertising or any commercial purpose beyond providing the App's features.
Right to know, delete, correct, and port: all available in-App as described in Section 6.
Right to opt out of sale or sharing: we do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes beyond providing the App.
Right to non-discrimination: we will not deny you service, charge you a different price, or provide a different level of service for exercising your privacy rights.
To exercise any right that is not available in-App, contact us at [YOUR PRIVACY CONTACT EMAIL].
If you are in the European Economic Area or the United Kingdom, the GDPR / UK GDPR applies to your personal data. Our legal basis for processing your information is your consent, given by using the App after accepting the Terms.
You have the right to access, rectify, erase, restrict, and port your data, and to object to processing โ all available in-App. You also have the right to lodge a complaint with your national supervisory authority.
The App is for adults 18 years of age and older. We do not knowingly collect personal information from anyone under 18. The first-run age gate asks you to confirm you are 18+. If you believe a minor has used the App and provided information, contact us so we can delete it โ though in practice all such data is on the minor's device and they can delete it directly.
The App may link to third-party websites (including AI providers' websites). We are not responsible for the privacy practices of those third parties. Review their policies before providing them with information.
We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date at the top. Material changes will be communicated in-App. Your continued use of the App after a change constitutes acceptance of the updated policy.
Questions, requests, or complaints about this Privacy Policy or our data practices: [YOUR PRIVACY CONTACT EMAIL].