This privacy policy describes how GymPilot ("the app", "we", "our") handles information when you use it. GymPilot is a strength-training and workout-logging app published by Crivid AS, organisation number 937 567 308, registered in Norway.
Crash reports (Firebase Crashlytics)
GymPilot uses Firebase Crashlytics. When the app crashes, an automatic report is sent to Firebase (Google LLC). This report includes: the line of code where the crash occurred, the device model and operating-system version, the app version, and a randomly generated installation ID. It is not linked to your name, email, phone number, or Google account, and it does not contain any of your training data, body measurements, or heart-rate readings.
Usage analytics (Firebase Analytics)
GymPilot uses Firebase Analytics (Google LLC) to understand, in aggregate, how the app is used — for example which screens are opened and how often the app is launched — so we can improve it. Analytics events are tied to a randomly generated, app-instance identifier, not to your name, email, phone number or Google account, and GymPilot does not collect an advertising ID. Analytics never includes your training data, routines, body measurements or heart-rate readings. Firebase may derive a coarse, country-level location from the network (IP) address of the request; we do not retain the IP address or use it to identify you.
Apart from crash diagnostics and these anonymous usage-analytics events, GymPilot transmits no other data off your device. We do not build an identified profile of you, and we do not sell or share your data with advertisers.
Everything you create and track in the app is stored locally on your device only, in a private on-device database, and is never uploaded to us:
Uninstalling the app removes this data. You can export your training log to a file (see "Import & export" below); we recommend backing up anything you want to keep before uninstalling.
GymPilot's progression analysis (including plateau detection and progress estimates) and its recovery model run entirely on your device. No training data, heart-rate data or measurements are sent to us or to any third party for analysis. The calculations happen locally using the data already stored on your phone.
GymPilot can optionally connect to a Bluetooth Low Energy (BLE) heart-rate monitor or chest strap (for example a Polar H10) to display your live heart rate during a workout. The connection is made directly between your phone and the monitor. Heart-rate data is stored locally on your device and is never uploaded to us. The Bluetooth scan permission is flagged "never for location" — we do not use Bluetooth to derive, infer or track your location. Connecting a monitor is entirely optional: every feature except the live heart-rate display works without it.
GymPilot's rest timer runs entirely on your device. When a rest period ends, the app can play an optional sound to alert you; the sound is generated on your device and can be turned off in Settings. The rest timer sends no data off your device, and GymPilot does not use push notifications or background services.
GymPilot can count your steps during an active workout, using your device's built-in step-counter sensor (physical activity). Step counting is on by default and runs automatically while a workout is in progress; it stops when the workout ends. You can turn it off at any time under "Count steps during workouts" in Settings. The step count is stored locally on your device alongside that workout and is never uploaded to us. On Android 10 and later this uses the physical-activity (activity recognition) permission, which is requested at runtime the first time a workout counts your steps. Declining it simply means steps are not counted; every other feature still works.
GymPilot can optionally read your steps and heart rate from Android Health Connect, so that data recorded by another app or device (for example a Garmin watch synced through Health Connect) can appear in your training log. This is off by default and happens only after you turn on "Sync from Health Connect" in Settings and grant the Health Connect permission. GymPilot only reads these two data types — it never writes to Health Connect. The data is used and stored only on your device; it is never uploaded to us, shared or sold. You can revoke access at any time by turning the setting off, or by removing GymPilot's permission in the Health Connect app. On devices without Health Connect the feature is simply unavailable, and every other feature still works.
GymPilot is local-first and has no Crivid server that receives your training data. The app communicates over the internet only with the following services:
As a normal technical part of any internet request, this service may log your IP address. We do not use it to identify you, and we store no such logs ourselves.
GymPilot requests only the permissions it needs:
On Android 11 and earlier, the legacy Bluetooth permissions also require the location permission to perform BLE scans; on these older systems it is requested only for that purpose and is never used to determine your location. The app does not request the camera, microphone, contacts, phone state, or SMS access.
GymPilot lets you export your training log and import data using files you choose. These files are read from, and written to, storage you select on your own device. They are not sent to us.
GymPilot is free to use, with an optional paid upgrade ("GymPilot Pro") offered as a subscription. The purchase itself is processed entirely by Google Play — Crivid AS never receives or stores your card number or payment details. To unlock Pro features and restore your purchase across reinstalls, GymPilot uses a subscription-management service, RevenueCat, Inc., which receives a record of your purchase (your subscription status and transaction history) together with an anonymous app-generated identifier. You do not create an account or log in; this identifier is not linked to your name, email or device advertising ID. This data is transmitted over an encrypted (HTTPS/TLS) connection and is used only to verify your subscription and let you restore it. No training data, heart-rate data or measurements are ever sent to RevenueCat.
You can request deletion of the purchase data held by RevenueCat by contacting us at the address below.
Google Play privacy: policies.google.com/privacy · RevenueCat privacy: revenuecat.com/privacy
Data collected by third-party services is stored on their respective servers:
All other data stays on your device for as long as you keep the app installed.
We use the following services. Their handling of data is governed by their own policies:
Crash reporting can be turned off in the app under Settings → Privacy. Crash reporting and usage analytics are both anonymous and carry no advertising identifier, and analytics is limited to aggregate usage. Every feature of GymPilot works fully offline; used without a network connection, the app sends no crash or analytics data off your device at all.
GymPilot is a training log and planning tool, not a medical device. Estimated one-rep-max values, progression and plateau analysis, recovery estimates, heart-rate readings and any other figures shown are advisory only and may be inaccurate. GymPilot does not provide medical advice. Consult a qualified physician or trainer before starting a new training programme, and stop and seek help if you feel unwell. Crivid AS is not liable for injury, loss or inconvenience arising from use of the app.
GymPilot is not directed at children under 13, and we do not knowingly collect any data that could identify a child.
If you are in the EEA, you have the right to request a copy of data we hold, request deletion, object to processing, or lodge a complaint with your local authority (in Norway: Datatilsynet). The data that leaves your device is limited to anonymous crash diagnostics, anonymous usage-analytics events, and — if you subscribe to GymPilot Pro — your purchase record and an anonymous identifier held by RevenueCat. Crash diagnostics are not linked to your identity, so we may be unable to retrieve or delete those on an individual basis; purchase data held by RevenueCat can be deleted on request (contact us below). Your training data never reaches us — it stays on your device under your control.
If this policy changes, we will update the date above and post the revised version at this address.
Crivid AS
Furuhaugvegen 21, 7359 TANEM, Norway
Org.nr: 937 567 308
hellothere@crivid.com