Privacy Policy
Last updated: March 18, 2026
WorkoutX ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our API service at workoutxapp.com.
1. Information We Collect
We collect the following information when you register and use our service:
- Account information: Email address, name, and password (hashed with bcrypt)
- API usage data: Request timestamps, endpoints called, response times, and IP addresses (for rate limiting)
- Billing information: Subscription plan, billing status. Payment details are handled entirely by Stripe — we never store card numbers or payment credentials
2. How We Use Your Information
- Provide and operate the WorkoutX service
- Send transactional emails (account confirmation, password reset, quota warnings)
- Process subscription payments via Stripe
- Monitor for abuse and enforce rate limits
- Generate anonymized analytics to improve our service
3. Data Sharing
We do not sell your personal data. We share data only with:
- Stripe: For payment processing. Stripe's privacy policy applies to data shared with them
- Resend: For transactional email delivery
- Railway: Our cloud hosting provider where your data is stored
We may disclose information if required by law or to protect our rights and the safety of our users.
4. Data Retention
We retain your account data for as long as your account is active. API usage logs are retained for 90 days for analytics and debugging. You may request deletion of your account and associated data at any time by contacting us.
5. Security
We take reasonable measures to protect your information, including:
- Passwords hashed using bcrypt (cost factor 12)
- API keys are generated using cryptographically secure random bytes
- All connections use HTTPS/TLS encryption
- PostgreSQL database access is restricted to our API server
6. Cookies
Our dashboard uses localStorage (not cookies) to store your authentication token on your device. No tracking cookies are used.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and data
- Export your data in a machine-readable format
To exercise these rights, contact us at support@workoutxapp.com.
8. Children's Privacy
WorkoutX is not intended for children under 13. We do not knowingly collect personal information from children under 13.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.
10. Contact
For privacy inquiries, contact us at privacy@workoutxapp.com.