Privacy Policy for Bright Workout
Privacy Policy for Bright Workout
Last updated: May 18, 2026
This Privacy Policy explains how Bright Workout ("we," "our," or "us") collects, uses, discloses, and protects personal data when you use the Bright Workout mobile app, website, and related services (the "Service"). The Service is available on iOS and Android.
Bright Workout is a fitness, nutrition, sleep, and wellness app. Some information we process may be sensitive, including health, fitness, body, nutrition, mood, and wellness information. Please read this policy carefully.
1. Information We Collect
Account and Registration Information
When you create or manage an account, we may collect:
- email address;
- authentication identifiers from Supabase Auth, Apple Sign In, or Google Sign-In;
- name, profile photo, avatar, and optional profile details;
- password reset and account security information.
Profile, Fitness, Nutrition, and Wellness Information
Depending on what you enter or choose to track, we may collect:
- age or birth date, sex, height, weight, goal weight, body measurements, body-fat estimates, and preferred units;
- fitness goals, activity level, workout history, custom exercises, strength logs, cardio logs, rest timers, calories burned, and workout notes;
- food logs, calorie and macro targets, barcode results, recipes, portion estimates, water intake, diet preferences, allergy notes, and nutrition history;
- sleep goals, sleep logs, meditation activity, guided audio activity, sleep sound preferences, breathing or relaxation activity, mood check-ins, journaling entries, focus items, and wellness goals;
- reminder and notification preferences.
Health App and Device Integration Data
With your permission, Bright Workout may read data from Apple Health, HealthKit, Android Health Connect, Google Fit through Health Connect, or other compatible health sources. Depending on the permissions you approve, this may include:
- steps, distance, active minutes, workouts, exercise sessions, and active calories burned;
- sleep data;
- heart rate, resting heart rate, heart-rate variability, and VO2 max;
- related timestamps, trends, and summaries.
Where available and enabled by you, Bright Workout may also write workout-related data back to a connected health platform. You can revoke health permissions at any time in your device settings.
Camera, Photos, Microphone, and Speech Data
If you grant permission, we may process:
- camera images for food analysis, barcode scanning, movement tracking, exercise challenges, or profile photos;
- selected photos you choose to upload or analyze;
- microphone or speech input used to transcribe voice commands or other app interactions.
Camera, photo, microphone, and speech permissions are used only for the features you choose to use. Some speech recognition may be handled by your device operating system or platform speech services.
App, Device, Analytics, and Diagnostics Data
We may collect technical and usage information such as:
- app version, device model, operating system, platform, language, and general app configuration;
- app interactions, feature usage, screen events, and performance events;
- crash reports, diagnostic logs, and error information;
- approximate technical metadata such as IP address or network request metadata when needed to operate cloud services.
We use analytics tools such as PostHog to understand app usage and improve performance. We do not use Apple Health or Health Connect data for advertising.
Purchase Information
If we offer paid features, subscriptions, trials, or in-app purchases, purchases may be processed by Apple App Store, Google Play, RevenueCat, or another payment provider. We may receive purchase status, product identifiers, entitlement status, renewal status, transaction identifiers, and related subscription metadata. We do not receive your full payment card details from app-store purchases.
Information from Support and Communications
If you contact us, we may collect your email address, message content, attachments, and any information needed to respond to your request.
2. How We Use Your Information
We use personal data to:
- create, authenticate, secure, and manage your account;
- provide fitness, nutrition, sleep, wellness, meditation, journaling, and tracking features;
- store and display your logs, goals, trends, summaries, and progress;
- calculate calorie targets, macros, body metrics, hydration goals, readiness-style indicators, sleep scores, health direction metrics, and related insights;
- process food images, barcode scans, manual food estimates, recipes, workout generation, and other AI-powered features;
- connect with Apple Health, HealthKit, Android Health Connect, Google Fit through Health Connect, and other third-party integrations you authorize;
- send reminders, notifications, account messages, support replies, and service updates;
- analyze app usage, debug issues, improve reliability, and develop new features;
- detect, prevent, and respond to fraud, abuse, security incidents, and policy violations;
- comply with legal obligations and enforce our Terms of Service.
3. AI Processing
Some Bright Workout features use AI or automated systems to analyze food images, estimate nutrition, generate recipes, generate workout programs, or provide coaching-style suggestions.
When you use these features, we may send the relevant input, such as a food image, food description, recipe ingredients, workout preferences, or custom instructions, to our backend and AI service providers for processing. AI outputs may be stored with your account if you save them as logs, recipes, workouts, or other app content.
Do not submit information to AI features that you do not want processed for that feature. AI outputs are estimates and should not be treated as medical, nutritional, or professional advice.
4. Supabase and Other Service Providers
We use Supabase for backend services, authentication, database storage, file storage, and edge functions. Supabase processes personal data on our behalf to help operate the Service.
We may also use service providers for analytics, diagnostics, cloud infrastructure, AI processing, authentication, app-store purchases, notifications, email, and support. These providers may process personal data only as needed to provide services to us, comply with law, or protect their systems.
Personal data may be processed and stored in the United States, the European Economic Area, or other regions where we or our providers operate. Where required, we use appropriate transfer safeguards, such as standard contractual clauses or equivalent protections.
5. Food and Nutrition Data Sources
Bright Workout may use food and nutrition data from third-party sources such as USDA FoodData Central, Open Food Facts, branded food databases, barcode databases, and user-provided entries. These sources may be incomplete, inaccurate, or user-contributed. You should verify nutrition and allergen information independently.
6. How We Share Information
We do not sell your personal information.
We may share information:
- with service providers that help us operate, secure, analyze, and improve the Service;
- with Apple Health, HealthKit, Health Connect, Google Fit through Health Connect, or similar integrations when you authorize data sharing;
- with app stores, payment processors, or subscription providers to process purchases and manage entitlements;
- with AI providers when you use AI-powered features;
- with legal, safety, or security parties when required by law, to protect rights and safety, or to investigate abuse;
- in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections;
- with your consent or at your direction.
We may share aggregated or de-identified information that cannot reasonably identify you.
7. Health Data Protections
Health and fitness data is used to provide user-facing Bright Workout features, such as activity tracking, sleep tracking, workout summaries, trends, and wellness insights.
We do not use Apple Health or Health Connect data for advertising, sell it to data brokers, or use it to determine credit, insurance, employment, or similar eligibility decisions.
You control health-data access through Apple Health, HealthKit, Health Connect, Google Fit, and device permission settings. If you revoke access, Bright Workout may stop receiving new health data, but previously stored data may remain in your Bright Workout account until deleted under this policy.
8. Legal Bases for Processing
If you are in a region where legal bases are required, we process personal data based on one or more of the following:
- your consent, such as when you grant health, camera, microphone, photo, notification, or analytics permissions;
- performance of a contract, such as providing the Service and managing your account;
- legitimate interests, such as improving, securing, and debugging the Service;
- legal obligations, such as complying with applicable law or valid legal requests.
You may withdraw consent where processing is based on consent, but this will not affect processing that occurred before withdrawal.
9. Data Retention and Deletion
We retain personal data for as long as your Bright Workout account exists or as long as needed to provide the Service, comply with law, resolve disputes, enforce agreements, protect security, maintain backups, or support legitimate business operations.
You can delete your account in the app settings. Account deletion is intended to permanently delete your account and associated app data, subject to limited retention where required or permitted by law, security, fraud prevention, dispute resolution, backups, or legitimate business operations.
You may also contact us to request deletion. Temporary app caches, local device data, health sync metadata, and diagnostic logs may be deleted periodically or after inactivity. You may need to delete local app data from your device or revoke health permissions separately through your device settings.
10. Your Rights and Choices
Depending on where you live, you may have rights to:
- access personal data we hold about you;
- correct inaccurate or incomplete personal data;
- delete personal data;
- export or receive a copy of personal data;
- object to or restrict certain processing;
- withdraw consent for certain processing;
- opt out of certain analytics or communications;
- appeal a decision if we deny a privacy request, where required by law.
You can control many choices directly in the app or your device settings, including:
- health data permissions;
- camera, microphone, speech recognition, photo, and notification permissions;
- notification preferences;
- account deletion;
- optional profile and tracking inputs.
To exercise privacy rights or request analytics opt-out support, contact us at info@brightworkout.com.
11. Security
We use technical and organizational safeguards designed to protect personal data, including authentication, access controls, encrypted transport, service-provider security controls, and database-level authorization where appropriate.
No method of transmission or storage is completely secure. You are responsible for keeping your login credentials secure and for using a secure device.
12. Children's Privacy
Bright Workout is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has registered or provided personal data without appropriate consent, contact us at info@brightworkout.com and we will take appropriate steps to delete the data.
13. Third-Party Links and Services
The Service may link to or integrate with third-party services, including app stores, health platforms, authentication providers, food databases, AI providers, and external websites. Third-party services have their own privacy policies and practices. We are not responsible for their privacy practices.
14. Updates to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as through the app, website, app-store release notes, email, or other appropriate means.
Your continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated policy.
15. Contact Us
If you have questions or concerns about this Privacy Policy or your data, contact us at: