Privacy Policy
Effective Date: January 18, 2026
Last Updated: May 14, 2026
Garcia Embedded Solutions LLC (“we,” “us,” or “our”) operates the Muscle Memory mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.
1. Information We Collect
1.1 Information You Provide
Account Information
- Email address and password (required when you create an account)
- You may use the App without an account before signing up. If you later create an account, any data you generated before signing up is associated with that account.
Profile Information
- Biometrics (all optional): height, weight, date of birth, gender
- Preferred units (metric / imperial)
- Fitness preferences including:
- Workout goals and focus areas
- Available equipment
- Workout frequency
- Experience level
- Typical workout duration
Fitness Data
- Custom exercises you create (name, description, muscle groups, equipment, instructions)
- Workouts and workout splits you build
- Workout session history including:
- Exercises performed
- Sets, reps, and weight lifted
- Session duration
- Rate of perceived exertion (RPE)
- Body weight recorded for the session
- Heart-rate data captured during the session
- Personal notes
Health-Device Integrations (optional, with your permission)
- Apple Health (iOS) and Android Health Connect: if you grant permission, the App reads basic biometrics (such as height, weight, date of birth, biological sex) and heart-rate samples to populate your profile and workout sessions. We do not write data back to these services.
- Bluetooth heart-rate monitors: if you choose to pair a compatible device, we record its readings with the session.
Health-device data is requested only after you explicitly enable the integration in the App, and you can revoke permission at any time in your device's system settings.
User-Generated Content
- Exercises, workouts, and splits you choose to make public
- Ratings and written reviews of public content
- Messages you send to the in-App AI trainer and the responses you receive
- Feedback submissions (bug reports, feature requests, general feedback) and your votes on other users' feedback
1.2 Information Collected Automatically
Usage Data
- App usage patterns and feature interactions
- Workout completion statistics
- AI feature usage counts (used for billing and quota; the content of your AI prompts is not sent to our analytics provider)
- Performance metrics (screen load times)
- Error logs and crash reports
- Session replays — short recordings of your in-App screens used to debug UX issues. Text you type into form fields is masked from these recordings.
Device Information
- Device type and operating system
- App version
- General location (country/region level only, not precise location)
1.3 Information from Third Parties
Payment Information
Subscriptions are processed through a third-party subscription provider and through the Apple App Store or Google Play Store. We receive your subscription status, expiration date, and product identifiers. We do not receive or store your payment card details.
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the App – Store your workouts, track your progress, and sync data across devices
- Personalize your experience – Generate AI-powered workout recommendations based on your preferences
- Process subscriptions – Manage premium features and subscription status
- Improve the App – Analyze usage patterns to fix bugs and develop new features
- Communicate with you – Respond to feedback and support requests
- Ensure security – Detect and prevent fraud or unauthorized access
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Performance of contract |
| Storing and syncing your fitness data | Performance of contract |
| Processing subscriptions | Performance of contract |
| AI workout generation | Performance of contract |
| Analytics and app improvement | Legitimate interests |
| Error tracking and debugging | Legitimate interests |
| Responding to your feedback | Legitimate interests |
| Marketing communications (if any) | Consent |
You may withdraw consent at any time where consent is the legal basis. This will not affect the lawfulness of processing before withdrawal.
4. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
4.1 Service Providers
We use trusted third-party services to operate the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloud database provider | Stores your account and fitness data | Account data, fitness data, user preferences |
| Cloud compute provider | Runs our backend services | Request data needed to serve the feature in use |
| AI provider (OpenAI) | Generates AI workout plans, AI chat responses, and content-moderation results | The prompt for the AI feature in use (your profile preferences, your chat messages, or the text you submitted). We do not send your email address or password. |
| Subscription provider | Manages premium subscriptions and entitlements | A pseudonymous user ID and your subscription/purchase events |
| Analytics provider | Product analytics and session replay | Usage events, device info, and masked session replays keyed to a pseudonymous ID |
| App stores (Apple, Google) | App distribution and in-app purchases | Whatever the platform collects per its own privacy policy. We do not receive your payment details. |
Each provider is contractually obligated to protect your data and use it only for the specified purposes.
4.2 Public Content
If you choose to make an exercise, workout, or split public, other users can discover, view, copy, favorite, and rate that content, and any written review you post is visible to other users. Public content is associated with your account internally but the App does not currently display your email address or any account-level identifier alongside it.
4.3 Legal Requirements
We may disclose your information if required to:
- Comply with applicable law or legal process
- Protect the rights, property, or safety of Garcia Embedded Solutions LLC, our users, or others
- Enforce our Terms of Service
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy.
5. Data Storage and Security
5.1 Where We Store Your Data
- Cloud: Your data is stored with our service providers, whose servers are located in the United States
- On-device: The App caches your data locally so it works offline
5.2 How We Protect Your Data
We use industry-standard security practices, including:
- Encrypted data transmission (HTTPS/TLS)
- Passwords are never stored or transmitted in plaintext, and we never see your password
- Access controls that isolate each user's data
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
5.3 Data Retention
We retain your data for as long as your account is active. When you delete your account:
- All personal data is permanently deleted from our servers
- This includes your profile, exercises, workouts, sessions, and preferences
- Deletion is irreversible
Anonymous, aggregated data (e.g., total app downloads) may be retained indefinitely.
6. Your Privacy Rights
6.1 All Users
Regardless of your location, you can:
- Access your data – View all data stored in the App
- Update your data – Edit your profile, exercises, and workouts at any time
- Delete your data – Delete your account to remove all data permanently
- Opt out of analytics – Disable analytics tracking in the App settings
- Export your data – Request a copy of your data by contacting us
6.2 European Users (GDPR)
If you are in the EEA, UK, or Switzerland, you have additional rights:
- Right to rectification – Correct inaccurate personal data
- Right to erasure – Request deletion of your personal data
- Right to restrict processing – Limit how we use your data
- Right to data portability – Receive your data in a structured, machine-readable format
- Right to object – Object to processing based on legitimate interests
- Right to withdraw consent – Withdraw consent at any time
- Right to lodge a complaint – File a complaint with your local data protection authority
To exercise these rights, contact us at support@garcia-embedded.com. We will respond within 30 days.
6.3 California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
Right to Know
You can request disclosure of:
- Categories of personal information collected
- Sources of personal information
- Business purposes for collection
- Categories of third parties with whom we share data
- Specific pieces of personal information collected
Right to Delete
You can request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale
We do not sell your personal information. Therefore, no opt-out is necessary.
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
To submit a request, contact us at support@garcia-embedded.com. We will verify your identity before fulfilling requests.
7. Analytics and Tracking
7.1 What We Track
We use a third-party product-analytics provider to understand how users interact with the App. This includes:
- Feature usage (which screens you visit, which features you use)
- Workout completion rates
- Error occurrences
- Performance metrics
- Session replays of in-App screens (text you type into form fields is masked from these recordings) used to debug UI bugs
We do not track:
- Precise location
- Contacts, calendars, or phone data
- Messages or communications outside the App
- The contents of text you type into the App
7.2 Opting Out
You can disable analytics tracking at any time in the App settings. When disabled, we will not collect usage data from your device.
8. International Data Transfers
Your information may be transferred to and processed in the United States, where our service providers are located. If you are located outside the United States, please be aware that data protection laws may differ from your jurisdiction.
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
9. Children's Privacy
The App is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@garcia-embedded.com, and we will delete the information.
10. Third-Party Links
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy in the App
- Updating the “Last Updated” date at the top
- Sending an email notification for significant changes
Your continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Garcia Embedded Solutions LLC
Email: support@garcia-embedded.com
For GDPR inquiries, you may also contact your local data protection authority.
13. Summary of Data Practices
| Category | What We Collect | Why | Shared With |
|---|---|---|---|
| Account | Email, password | Authentication | Cloud database provider |
| Profile | Height, weight, DOB, gender, preferences | Personalization | Cloud database provider |
| Fitness | Exercises, workouts, sessions, sets/reps, RPE | Core functionality | Cloud database provider |
| Health-device | Heart-rate readings and biometrics from Apple Health / Android Health Connect (with permission) | Track effort and populate your profile | Cloud database provider; nothing written back to the health platforms |
| AI | Profile preferences, chat messages, exercise drafts, feedback text | Plan generation, chat, content moderation | AI provider (OpenAI) |
| Subscription | Status, expiration, purchase events | Premium features | Subscription provider |
| Usage | Feature interactions, errors, masked session replays | App improvement | Analytics provider |
This Privacy Policy is provided in English. If translated, the English version shall prevail in case of any discrepancy.