Home/Privacy Policy
LEGAL

PRIVACY POLICY

Last updated: March 16, 2026
Your privacy matters to us. This Privacy Policy explains what information Buffro collects, how we use it, and the choices you have. We are committed to protecting your data and being transparent about our practices.

1. Information We Collect

Information you provide:

  • Account information: email address, username, display name, date of birth, gender, profile photo
  • Body metrics: height, weight, and unit preferences (stored locally on your device)
  • Workout data: exercises, sets, reps, weight, duration, distance, RPE, and workout notes
  • Training routines and custom exercises you create
  • AI Coach conversations (stored locally on your device only)
  • Content you post publicly, including shared workouts

Information collected automatically:

  • App usage data and crash reports for improving the App
  • Device information (operating system, app version) for compatibility purposes
  • Authentication tokens for maintaining your session

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the App and its features
  • Sync your workout data across devices via secure cloud backup
  • Power the AI Coach feature by sending your messages to our AI processing service (see Section 4)
  • Enable social features such as the workout feed, following, and likes when you choose to make content public
  • Send important service notifications (e.g., account security alerts)
  • Moderate user-uploaded images for inappropriate content
  • Respond to support requests and communications
  • Detect and prevent fraud, abuse, and violations of our Terms

We do not sell your personal data to third parties. We do not use your workout data for advertising purposes.

3. Data Storage & Security

Local storage: Core workout data — including all exercises, sets, routines, and your AI chat history — is stored locally on your device using SQLite. This data is available offline and does not require a network connection.

Cloud storage: When you are connected to the internet, your workout data is synced to secure cloud servers hosted by Supabase (see Section 4). Cloud backup allows you to restore your data on a new device or after reinstalling the App.

We implement industry-standard security measures including encrypted connections (TLS), row-level security policies, and access controls. However, no system is completely secure, and we cannot guarantee absolute security of your data.

4. Third-Party Services

Buffro uses the following third-party services to power the App:

Supabase (database & authentication): We use Supabase to store cloud-synced workout data and manage user authentication. Your data is stored in Supabase's secure infrastructure. Supabase's privacy policy is available at supabase.com/privacy.

OpenAI (AI Coach feature): When you use the AI Coach (“Ro”), your messages are sent to OpenAI's API for processing. We send only the content of your chat messages — we do not send your workout data, personal details, or account information to OpenAI. By using the AI Coach, you agree that your messages may be used by OpenAI for training, research, evaluation, and other development purposes in accordance with OpenAI's Content Sharing Agreement. Do not share sensitive, confidential, or proprietary information through the AI Coach. AI chat history is stored locally on your device only. OpenAI's privacy policy is available at openai.com/privacy.

Google (authentication): If you choose to sign in with Google, Google will share your email address and profile information with us for authentication purposes. Google's privacy policy applies to your use of Google Sign-In.

5. Data Retention

We retain your account and workout data for as long as your account is active. If you delete your account, your data will be removed from our cloud servers within 30 days, subject to legal retention requirements.

AI chat messages are stored locally on your device only and are deleted when you clear your chat history or uninstall the App. We do not retain AI conversation logs on our servers.

You may request deletion of your data at any time by contacting us at support@buffro.app.

6. Your Rights & Choices

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate information in your account settings
  • Deletion — request deletion of your account and associated data
  • Portability — request an export of your workout data
  • Opt-out — disable social features and keep your workouts private at any time

To exercise these rights, contact us at support@buffro.app.

7. Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information.

Users between 13 and 18 must have parental or guardian consent before creating an account.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email. The “Last updated” date at the top of this page reflects when the policy was most recently revised.

Continued use of the App after changes to this policy constitutes your acceptance of the revised policy.

9. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@buffro.app

You may also use our Contact page to reach us.

Terms of Service →Contact Us