Effective date: 2026-07-04 · Applies to Powerhaus for iOS (TestFlight beta) and the Powerhaus web companion
Powerhaus is a workout tracker. We built it to be the honest fitness app — no ads, no dark patterns, no selling your data. This policy explains, in plain language, exactly what we collect, why, who can see it, and how to get rid of it.
The short version
We collect your email, your workout data, and (if you choose to log them) body measurements.
Your data is private by default. Nobody else sees it unless you share it — by inviting a coach or publishing a program to the community.
We don't sell your data. We don't run ads. We don't use third-party advertising or tracking SDKs.
You can delete your account from inside the app. After a 7-day grace period, it's permanently erased.
What we collect and why
Account information
Email address and password — to create and secure your account. Passwords are handled by our authentication provider (Supabase Auth) and are never visible to us in plain text.
Display name — shown on your profile and, if you publish or coach, to other users.
Optional profile extras — a short bio, your gym's name, featured personal records, and a profile cover image, if you choose to add them.
Fitness and workout data
Workout logs — sessions, exercises, sets, weight, reps, warmup flags, and any notes you write.
Personal records — best lifts and estimated one-rep maxes, calculated from your logged sets.
Programs — training programs you create, clone, or follow, and your progress through them.
Body measurements — only if you log them: body weight, body fat percentage, and tape measurements (chest, waist, hips, biceps, thighs, calves, neck).
We use this data for one purpose: showing you your training history, progress charts, and analytics. Training analytics (like volume and workload trends) are computed from your own logged workouts.
Powerhaus does not connect to Apple Health / HealthKit. Nothing is read from or written to other health apps.
Notifications
Push tokens — if you enable notifications, we store the device push token needed to deliver them (via Apple's and Expo's push services). You control which notification types are on, per category, in settings.
Usage events
Onboarding and app events — lightweight events like "screen viewed" or "onboarding completed," tied to your account. We use these to understand where the app confuses people and to improve it. This is our own database — not a third-party analytics company.
Records we keep to protect users
Coach activity log — actions within a coaching relationship (comments added, suggestions made, relationship changes) are logged. Both parties in the relationship can see this log. It exists so coaching stays accountable.
Consent records — when you accept the coach or coachee terms, we record which version you accepted and when.
Abuse-prevention counters — things like invite-code lookup attempts are counted to rate-limit guessing attacks. Moderation reports you file (about coaches or community programs) are stored for our review.
Email-change safety records — when you change your account email, we briefly keep the old and new address (up to 7 days) as part of account-security safeguards.
Beta-specific
Beta cohort flag — during the beta, your account is marked as a beta participant. This is how every feature stays free for you during the beta, and how you'll keep your permanent Beta Founder badge afterward. The flag itself is permanent; it contains no extra personal information.
Crash reports — we plan to add crash telemetry (Sentry) during the beta so crashes on your device can be diagnosed. Crash reports contain technical device/app-state information, not your workout content. This policy will be updated if the scope of crash data changes.
Feedback — if you email us feedback or send it through TestFlight, we receive whatever you include (TestFlight feedback and screenshots go through Apple — see Apple's terms for how TestFlight itself handles data).
What we do NOT collect
No location. No contacts. No advertising identifiers. No third-party ad or tracking SDKs. No HealthKit data. No payment information during the beta (see "Payments" below).
Who can see your data
By default: only you. Every table in our database enforces row-level security — your workouts, records, measurements, and programs are readable only by your account.
There are exactly three ways anyone else sees your data, and all three start with an action you take:
1. Inviting a coach (or accepting a coachee)
If you connect with a coach in the app, that coach can view your workouts, programs, personal records, training analytics, and body measurements for as long as the relationship is active. Two things to know:
You can hide body measurements from your coach with the "Hide body data from coach" toggle — the rest of the sharing still works.
You can revoke the relationship at any time, which immediately cuts off the coach's access.
Coaches never get your password, email settings, or account controls — read access to training data only, plus the ability to comment and suggest program edits.
2. Publishing a program to the community
Publishing is always an explicit action. When you publish a program, its name, description, structure, and your display name become visible to other Powerhaus users, along with upvote and clone counts. Your workout logs, records, and measurements are never included. If someone clones your program, your display name travels with it as attribution.
3. Reports and moderation
If a user reports a coach or a community program, a small number of administrators can view the report and the minimum related records needed to act on it (for example, the reported program, or the coaching relationship's activity log). Administrators can also view aggregated onboarding statistics. Admin moderation actions are themselves audit-logged.
We never sell your data, share it with advertisers, or hand it to third parties for their own purposes.
Where your data lives
Your data is stored in our backend, hosted on Supabase (built on managed cloud infrastructure, with our project hosted in a United States region). Data is encrypted in transit. Service providers we rely on to run the app:
Supabase — database, authentication, and backend hosting
Expo / Apple Push Notification service — delivering push notifications (device push tokens only)
Sentry (planned during beta) — crash diagnostics
Apple — TestFlight distribution and beta feedback (governed by Apple's terms)
These providers process data only to provide their service to us.
Payments
Nothing is purchasable in the beta. All features are unlocked free for every beta tester, and we collect no payment information. Powerhaus does have paid supporter tiers (they're shown transparently in the app), and payment processing will be added at public launch through the App Store's own purchase system. When that happens, this policy will be updated first — purchases will be handled by Apple, and we will still never see your full payment details.
Retention and deletion
Delete your account any time, in the app: Profile → Account → Delete account. Deletion starts a 7-day grace period during which you can restore everything just by signing back in. After 7 days, your account and its data are permanently and automatically purged.
Inactive free accounts: if a free-tier account shows no activity for 90 days, we automatically anonymize the profile — email and profile details are cleared and the display name becomes "Deleted User." Signing in again keeps the account active and prevents this.
Email-change safety records expire after 7 days.
Everything else is kept while your account exists, because it is your training history — that's the product.
You can also email us (address below) to request deletion or a copy of your data, and we'll handle it.
Children
Powerhaus is rated 17+ and is not directed at children. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, contact us and we'll delete it.
Changes to this policy
If we change what we collect or how we use it, we'll update this page, change the effective date at the top, and — for anything meaningful — tell you inside the app before the change applies. We won't quietly move the goalposts.