getRipped.AI™

STRENGTH · INTELLIGENCE · EVOLUTION

Privacy Policy

Effective July 8, 2026 · Version 1.1

1. Overview

GetRipped, Inc. (“GetRipped,” “we,” “us,” “our,” or “Company”) operates the getRipped.AI mobile application and website (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Your Privacy is Important: We are committed to your privacy and follow a data-minimization approach: we collect only the health and fitness information needed to deliver the Service, we encrypt it in transit and at rest, and we never sell it. We do not store your continuous, raw biometric stream. Some biometric and health data is transmitted to and stored on our servers, generally in summary or aggregated form — for example, the average and maximum heart rate for a workout and a computed recovery score — along with certain individual values you provide or that inform a session (such as height, weight, and daily recovery inputs like HRV and sleep), some of which are held only transiently.

Please read this Privacy Policy carefully. By accessing or using getRipped.AI, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. What Information We Collect

2.1 Account & Authentication Information

When you create an account, we collect your name (via Sign in with Apple or provided manually), email address, phone number (if you choose SMS OTP authentication), Apple User ID, and authentication tokens. Sign in with Apple is handled directly by Apple; we do not store your Apple password.

SMS OTP: If you choose to authenticate via phone number, we use an SMS provider to send one-time passcodes (OTPs). When you enter your phone number and request a code, you consent to receive account-authentication text messages from getRipped.AI. These are transactional messages only — we do not send marketing or promotional texts. Message frequency depends on your login activity, and message and data rates may apply. The passcode is stored only transiently and expires within 5 minutes. No mobile information, including your phone number and SMS opt-in or consent data, is shared with or sold to any third parties or affiliates for marketing or promotional purposes. You can stop receiving codes at any time by switching to Sign in with Apple or deleting your account.

2.2 Profile & Fitness Information

During onboarding you provide age or date of birth, gender or sex, fitness goals, experience level, available equipment, training frequency, and optionally dietary preferences and injury history, used to personalize your workout experience.

2.3 HealthKit Data (iOS Only)

We access HealthKit only with your permission and read only the data types you allow (such as heart rate, HRV, oxygen saturation, sleep, VO2 max, body mass and height, workout data, and steps). To deliver the Service, some HealthKit-derived data is transmitted to, stored on, and processed by our servers and our service providers; we do not upload your entire Apple Health record, read it in the background, or store your continuous raw stream. What we retain is generally in summary or aggregated form (such as workout heart-rate summaries and recovery scores). We use this data only to deliver and improve the Service, and we never sell it. You can revoke access at any time via Settings > Health > Data Access & Devices > getRipped.AI. With your permission, we may write workout summaries and recovery scores back to your Apple Health app.

2.4 Workout Data

During each workout we collect start and end times, exercises performed (name, sets, reps, weight, duration), rest periods, session context, and completion status. To generate and improve your workouts, we share workout and health/fitness context with the partners and service providers that help us operate the Service. This information may also be retained in our systems and used, in de-identified or aggregated form where practical, to improve and train our models and the Service. We do not sell this data or use it for third-party advertising.

2.5 Usage, Device & Subscription Information

We collect minimal usage analytics (error tracking) and, on our website, general engagement metrics. We automatically collect device type, OS version, locale, identifiers, and app version. Subscription and payment data is handled by our subscription and app-store providers; we do NOT store credit card numbers or full payment method details.

3. How We Use & Share Your Information

We use your information to deliver, operate, and improve the Service; personalize and generate your workouts; compute recovery metrics; manage your subscription; communicate with you; and comply with legal obligations. Our legal bases (GDPR & CCPA) are performance of contract, your consent (for HealthKit access, SMS OTP, and optional marketing), our legitimate interests, and legal obligations.

4. Third-Party Partners & Service Providers

We share information with the third-party partners and service providers that help us operate and deliver the Service — for example, providers of cloud hosting, authentication, AI processing, SMS delivery, payment processing, and analytics. We require them to protect your data and to use it only to provide services to us. We do not sell your personal data or share it for third-party advertising. We may disclose information if required by law, disclosing only the minimum necessary. If GetRipped, Inc. is acquired or merged, your information may be transferred as part of that transaction.

5. International Data Transfers

Your personal data is stored in the United States. If you are located elsewhere, your information will be transferred to and processed there. We rely on contractual safeguards (Standard Contractual Clauses), your consent, and security measures (encryption in transit and at rest). EU/UK residents who object may contact [email protected].

6. Data Retention & Deletion

We retain your information only as long as necessary. Biometric and health data we store is generally in summary form (such as workout heart-rate summaries and recovery scores) retained with your workout history; daily recovery inputs (HRV, resting HR, sleep) are held transiently; your height and weight are stored with your profile. Payment and subscription data is kept for 7 years (tax/legal requirement). You can delete your account at any time via the app settings or by contacting [email protected]; upon deletion, your personally identifiable information is anonymized within 30 days. Revoking HealthKit permission stops further collection.

7. Your Privacy Rights

You have the right to access, correct, delete, and port your personal data, and to withdraw consent, at any time. To exercise these rights, email [email protected] with “Privacy Request” in the subject line. California residents (CCPA/CPRA) additionally have the right to know, delete, correct, opt out of sale or sharing, and non-discrimination; we do not sell personal information or engage in cross-context behavioral advertising, and we respond within 45 days. EU/UK residents (GDPR) have the rights of access, rectification, erasure, restriction, portability, and objection, and may lodge a complaint with their local data protection authority; we respond within 30 days.

8. HealthKit & Biometric Data

Before accessing any HealthKit data, iOS presents a permission dialog; access is never automatic, and you can revoke it at any time. We do not read HealthKit in the background or store your continuous raw stream. We minimize what we transmit, but some biometric data — generally summary metrics such as workout heart-rate summaries and the recovery inputs used to compute your recovery score — is sent to and stored on our servers and shared with the providers that help us operate the Service. Heart rate and HRV may qualify as “biometric information” under state laws (e.g., Illinois BIPA, Texas CUBI, Washington HB 1071); where these apply, we collect such data only with your consent, use it only to deliver the Service, and honor deletion requests. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

9. Artificial Intelligence

We use third-party AI providers to help generate your workouts; under their API terms, they do not use your data to train their models. As noted in Section 3, we may use de-identified or aggregated data to develop and train our own models and improve the Service. AI suggestions are not fully automated — you can accept, decline, or modify them, and no decision affecting your account status is made by AI alone. You can request an explanation of any AI suggestion by contacting [email protected].

10. Children’s Privacy

GetRipped.AI is intended only for adults aged 18 and older. The Service is not directed to, and we do not knowingly collect personal data from, anyone under 18. During signup, you must confirm that you are at least 18 years old. If we learn we have collected data from someone under 18, we will delete it promptly. Contact [email protected] with “Minor Account” in the subject line if you believe a minor has provided us data.

11. Data Security

We implement encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, multi-factor authentication for employee access, audit logging, regular security reviews, and vendor security assessments. In the event of a data breach, we will notify affected users without unreasonable delay (generally within 72 hours) and comply with applicable breach-notification laws. No system is completely immune to attacks, and we cannot guarantee absolute security.

12. Cookies & Tracking

This applies only to our website, not the iOS app. Our website uses essential/functional cookies and analytics cookies. We do not use persistent marketing cookies or retargeting pixels (as of July 8, 2026). The iOS app does not use traditional cookies, cross-site tracking pixels, device fingerprinting, or conversion tracking pixels.

13. Updates & Contact

We may update this Privacy Policy and will update the “Last Updated” date; for material changes we will notify you by email and, for app users, may display an in-app notice. Contact us at [email protected], or by mail: GetRipped, Inc., Privacy Requests, Salt Lake City, Utah 84102, United States. We respond to privacy inquiries within 15 business days.


Effective Date: July 8, 2026 · Version 1.1 · Last Updated: July 8, 2026
© 2026 GetRipped, Inc. All rights reserved.