Privacy Policy

Effective date: June 10, 2026

bdywrk is made by Studio Bokeh AI LLC (“bdywrk,” “we,” “us”). This policy explains what data the bdywrk iOS and watchOS app (the “App”) and the bdywrk.app website (the “Site”) handle, and the choices you have. bdywrk is built privacy-first: your workouts are detected, processed, and stored on your device.

The short version

  • Your workouts, health data, and food logs stay on your device. We do not operate servers that receive them.
  • Apple Health data is used only to provide App features — never for advertising, never sold, never shared.
  • The free tier shows ads from Google AdMob. Advertising-related data is the only data that leaves your device, and personalized ads only run with your permission.
  • AI protein estimates are computed on your device. Your food descriptions are never sent anywhere.
  • If we launch optional accounts and cloud sync, they will be opt-in, and this policy describes exactly what would sync before you turn it on.

1. Data stored on your device

The App keeps your data in local app storage, including a shared container that lets the bdywrk widget and Apple Watch app show the same data:

  • Workout sessions: exercise type, rep counts and timestamps, duration, detection confidence, and heart-rate samples recorded during the session.
  • Weekly goals, streaks, and achievements.
  • Protein log entries (food descriptions and gram amounts).
  • App settings and preferences.
  • Diagnostic and usage records, which are stored locally and not transmitted to us.

This data is deleted when you delete the App. It may be included in your device backups according to your iOS backup settings.

2. Apple Health (HealthKit)

With your permission, the App:

  • Reads your heart rate (to show live heart rate and trends during workouts) and your dietary protein (to track daily protein progress).
  • Writes your workouts, active energy burned, heart-rate samples, and dietary protein entries to Apple Health.

We commit to the following for all Apple Health data:

  • It is used solely to provide the App’s fitness features.
  • It is never used for advertising, marketing, or ad targeting.
  • It is never sold, and never shared with data brokers or advertising partners.
  • It is never used to train AI models off your device.

You can grant or revoke Health access at any time in the Health app or in iOS Settings. Entries the App has written to Apple Health are managed by you in the Health app and remain there until you remove them.

3. Motion and camera

Automatic rep counting uses your device’s motion sensors and, for some exercises, the camera. Camera frames are analyzed on your device in real time to detect movement and are never recorded, stored, or uploaded. Motion data is processed on-device only.

4. On-device AI (protein estimator)

The protein estimator runs a small language model entirely on your device. Food descriptions you type are processed locally and never transmitted to us or anyone else. Depending on the App version, the model file is either included with the App or downloaded once from our model host (Hugging Face) when you enable the feature — that download is a plain file fetch and contains none of your data. Estimates are approximations, not nutrition advice.

5. Advertising (free tier)

The free tier shows ads served by Google AdMob. This is the only part of the App that sends data off your device. In connection with serving ads, Google may collect:

  • Your device’s advertising identifier (IDFA) — only if you allow tracking when iOS asks (App Tracking Transparency).
  • IP address, which can be used to estimate coarse, city-level location.
  • Ad interaction data (which ads were shown, viewed, or tapped).
  • Diagnostic and performance data related to ad delivery.

If you decline tracking, ads are non-personalized. Apple’s SKAdNetwork may provide aggregated, privacy-preserving ad attribution either way. You can change your choice at any time in iOS Settings > Privacy & Security > Tracking. Upgrading to Premium removes ads entirely.

No health, workout, motion, or camera data is ever shared with Google or any advertising partner. For details on Google’s processing, see Google’s Privacy Policy and How Google uses data from partners.

6. Purchases

Premium subscriptions are processed by Apple through your Apple Account. We never see your payment details. Your subscription status is checked with Apple and cached on your device so the App and its widget know whether Premium is active.

7. Accounts and cloud sync (optional — where available)

Today the App works without any account, and none of your workout or nutrition data is sent to us. The App ships with cloud sync turned off. If we offer accounts and sync and you choose to opt in, the following would apply:

  • Account: an email address, or Sign in with Apple, used to create and secure your account.
  • Synced content: finished workout sessions (summaries plus rep events, detection confidence, and heart-rate samples), nutrition entries (food text and gram amounts), goals and achievements, and your profile (display name and avatar). Food lookups may be processed by our servers in that mode.
  • Notifications: a device push token, if you enable notifications.
  • Social features: follows, kudos, feed items, and leaderboard entries, if you use them — with controls over your profile’s visibility.
  • Storage: synced data is stored with Amazon Web Services in the United States, encrypted in transit and at rest. Exercise detection always stays on your device — servers only ever receive finished sessions.
  • Deletion: deleting your account (in the App or by emailing us) permanently removes your account and all synced data from our systems.

We will update this policy, and call out the change, before any of these features launch.

8. The bdywrk.app website

The Site uses privacy-respecting, first-party analytics only: a random anonymous identifier (kept for the duration of your browser session) and basic events such as page views. We do not use third-party analytics or cross-site tracking. Forms may be protected by Cloudflare Turnstile to block bots. If account features are available and you sign in, the Site uses secure, httpOnly session cookies and shows the same data described in section 7. The Site is hosted on Amazon Web Services.

9. Service providers

We rely on a small number of providers, each processing only what its function needs:

  • Apple — App distribution, payments, and subscriptions.
  • Google — advertising in the App’s free tier.
  • Amazon Web Services — hosting for the Site and (where available) synced data.
  • Cloudflare — bot protection on Site forms.
  • Upstash — rate limiting for the Site.
  • Hugging Face — hosting for the downloadable AI model file.

10. Aggregated and de-identified data

We may create and use aggregated or de-identified information (for example, overall feature-usage statistics) that cannot reasonably be used to identify you, to understand and improve bdywrk. We do not sell personal information.

11. Your choices and rights

  • Tracking: allow or deny at the iOS prompt, or change anytime in Settings > Privacy & Security > Tracking.
  • Health access: manage in the Health app or iOS Settings.
  • Deleting your data: deleting the App removes all App data from your device; entries written to Apple Health are managed in the Health app; if you have an account, deleting it removes your synced data from our systems.

If the EU/UK GDPR applies to you, you have rights to access, correct, delete, export, restrict, or object to processing of your personal data, to withdraw consent at any time, and to lodge a complaint with your supervisory authority. Where we process personal data, we rely on consent (e.g., personalized ads), performance of a contract (providing the service), and legitimate interests (securing and improving the service).

If you are a California resident, the CCPA/CPRA gives you rights to know, delete, and correct personal information, and to opt out of “selling” or “sharing.” We do not sell personal information. Personalized advertising may be considered “sharing” — you can opt out by denying tracking as described above. We will never discriminate against you for exercising your rights. To make any privacy request, email support@bdywrk.app.

12. Children

bdywrk is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

13. Retention, security, and international transfers

On-device data stays until you delete it. Server-side data (where account features are available) is retained while your account is active and deleted when you delete your account. We use industry-standard safeguards, including encryption in transit and at rest for any server-side data. We are based in the United States; if you use bdywrk from elsewhere, your data is processed in the United States.

14. Changes to this policy

We will post any changes here and update the effective date. For material changes, we will provide more prominent notice in the App or on the Site.

15. Contact

Studio Bokeh AI LLC
support@bdywrk.app

See also our Terms of Use and Support pages.