Privacy Policy

Effective Date: November 17, 2025

This Privacy Policy explains how ATMA LLC ("we," "us," "our," or "FlexPath") collects, uses, stores, and protects your personal information in connection with your use of our mobile application "FlexPath AI: Pain Free Workout" (the "App") and our website https://tryflexpath.com (the "Website") (collectively, the "Services"). This policy also explains your rights regarding your personal information and how you can exercise them.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account and use FlexPath, we collect the following information:

  • Account Information: Email address, display name, and display photo (provided by third-party authentication providers such as Apple, Google, or directly during signup)
  • Fitness Profile Information: Biological sex, age, height, weight, fitness goals, preferred workout frequency, preferred workout duration, and any special physical or medical needs you choose to share with us
  • Workout Data: Workout completion rates, exercise feedback, perceived exertion ratings, exercise preferences (liked/disliked exercises), and notes you add to your workouts
  • Communication Information: When you contact us for support, we collect your name, email address, and the content of your messages

1.2 Information Collected Automatically

We do not collect device identifiers, IP addresses, browser information, or other derivative data beyond what is necessary for authentication and analytics purposes.

1.3 Information from Third-Party Services

When you sign up using third-party authentication services (Apple, Google), we receive your display name, display photo, and email address as provided by those services. We do not collect any additional information from third-party sources.

2. How We Use Your Information

We use your personal information for the following purposes:

  • Account Management: To create and manage your user account, authenticate your identity, and provide you with access to our Services
  • Personalized Workout Plans: To generate AI-powered, personalized workout plans tailored to your fitness goals, physical abilities, and limitations
  • Workout Progression: To automatically adjust and extend your workout plans based on your completion rates, feedback, and progress
  • Service Improvement: To improve our Services, develop new features, and enhance user experience based on aggregated, anonymized usage patterns
  • Customer Support: To respond to your inquiries, provide technical support, and address your concerns
  • Service Communications: To send you password reset emails, data breach notifications (if applicable), and push notifications about workout plans and app updates
  • Analytics: To understand how users interact with our Services using anonymized data

2.1 AI-Powered Workout Plan Generation

We use artificial intelligence services, including OpenAI's ChatGPT, to generate personalized workout plans for you. To create these plans, we share anonymized, non-personally identifiable information with OpenAI, including:

  • Biological sex, age, height, weight
  • Fitness goals, workout frequency preferences, workout duration preferences
  • Special physical or medical needs you have disclosed
  • Workout completion rates and feedback

Important: This data is sent without any personally identifiable information (such as your name, email, or account ID). OpenAI processes this anonymized data solely to generate your workout plan and does not retain it after processing. We do not sell, rent, or share your personal information with AI services.

3. How We Share Your Information

We do not sell, rent, or trade your personal information for monetary gain.

We share your information only in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who help us operate and improve our Services:

  • Supabase: For secure user authentication and cloud storage of your account information. Supabase stores all data within the United States. Please note that Supabase is NOT HIPAA and SOC2 compliant.
  • OpenAI (ChatGPT): For AI-powered workout plan generation. Only anonymized, non-personally identifiable data is shared with OpenAI, as described in Section 2.1.
  • Amplitude: For analytics and understanding user behavior patterns. We anonymize personal information before it is shared with Amplitude for analytics purposes.
  • Apple Inc.: For in-app subscription payments processed through the App Store. We do not store your payment information; Apple handles all payment processing securely.

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Obligations

We may disclose your personal information if required by law or in response to valid legal requests from law enforcement agencies or government authorities.

3.3 Business Transfers

In the event of a business sale, merger, or acquisition, we will provide users with adequate notice and make it simple to delete any or all information from their profiles. We will not transfer your data without giving you the opportunity to opt out.

3.4 No Disclosure to Third Parties

We do not disclose personally identifiable information to business affiliates, advertising partners, data brokers, or any other third parties not listed above.

4. Data Storage and Security

4.1 Where Your Data is Stored

  • Account Information: Stored securely in Supabase servers located in the United States
  • Workout History and Notes: Stored locally on your device. This data is not currently backed up to the cloud, so it will not transfer to a new device
  • Profile Information: When you switch devices, only your profile information (submitted during onboarding) transfers over

4.2 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption in Transit: All communications between the App and our servers are encrypted using HTTPS/TLS protocols
  • Encryption at Rest: Your data benefits from Apple's ecosystem security, which encrypts the app container on your device. Only you can access your own data. Cloud storage encryption is provided by Supabase's standard security measures, though Supabase is not HIPAA or SOC2 compliant
  • Limited Access: Access to personal data is restricted on a need-to-know basis within our organization

4.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email as required by applicable law.

5. Data Retention

We retain your personal information for as long as your account remains active. We also automatically purge inactive accounts annually to minimize data retention.

Upon account deletion:

  • All of your personal information is permanently deleted within 14 days of your request
  • We do not retain any personally identifiable information after deletion
  • Anonymized analytics data may remain, but it cannot be linked to you since your account no longer exists

6. Your Privacy Rights

6.1 Access and Update

You can view and update your personal information at any time within the App settings.

6.2 Account Deletion

You can request deletion of your account and all associated personal information by emailing us at support@tryflexpath.com. We will process your deletion request within 14 days.

6.3 Opt-Out of Communications

You can manage push notification preferences in your device settings. We do not send marketing emails or newsletters.

6.4 Data Portability

You can request a copy of your personal information by contacting us at support@tryflexpath.com.

7. State-Specific Privacy Rights

7.1 California Residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to know what personal information we collect, use, and disclose
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

CCPA Disclosures

  • We do not sell or rent personal information for monetary gain
  • We do not generate revenue by selling user information
  • We have not disclosed personal information to third parties for their direct marketing purposes in the past 12 months
  • We share anonymized information with AI services (OpenAI) solely for workout plan generation, as described in Section 2.1

To exercise your CCPA rights, contact us at support@tryflexpath.com.

7.2 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to access, correct, delete, and obtain a copy of their personal information. Contact us at support@tryflexpath.com to exercise these rights.

8. Children's Privacy

FlexPath is not intended for use by individuals under the age of 18. While anyone can download the App, our target audience does not include minors. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

9. International Users and Data Transfers

FlexPath is designed for users in the United States. All data storage and processing occurs within the United States. We do not transfer or store personal information outside the United States. If you access our Services from outside the U.S., please be aware that your information will be transferred to, stored, and processed in the United States.

10. Push Notifications

We use push notifications to inform you when your workout plan is ready, provide workout reminders, and deliver important app updates. You can control push notification permissions in your device settings. We do not use third-party providers for push notifications; all notifications are sent directly from our servers.

11. Cookies and Tracking Technologies

Our App does not use cookies. Our Website may use basic cookies for functional purposes (such as maintaining session state). We do not use tracking cookies for advertising or marketing purposes.

12. Third-Party Links

Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Medical Disclaimer and User Responsibility

FlexPath is not a medical device and does not provide medical advice, diagnosis, or treatment. The information and workout plans provided through our Services are for informational and educational purposes only. You should consult with qualified healthcare professionals before starting any exercise program, especially if you have pre-existing medical conditions, injuries, or physical limitations. Never disregard professional medical advice or delay seeking it because of information provided through FlexPath.

13.1 User Responsibility for Accurate Information

To help ensure a safe and pain-free workout experience, you are responsible for providing complete and accurate information to the AI system. You acknowledge that pain is subjective and may vary in nature and intensity. The AI system may distinguish between types of pain; however, it is your responsibility to discontinue any activity that causes discomfort you deem unsafe and to seek professional medical advice when necessary.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this page. We will not make material changes that reduce your privacy rights without providing you with notice.

Your continued use of FlexPath after changes become effective constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry as promptly as possible, typically within 30 days.

16. Our Commitment to Privacy

FlexPath was created to help people with mobility limitations and chronic pain achieve their fitness goals in a judgment-free, accessible environment. Privacy is fundamental to that mission. We are committed to:

  • Collecting only the information necessary to provide you with personalized workout plans
  • Storing your workout history locally on your device whenever possible
  • Anonymizing data before sharing it with AI services
  • Never selling or renting your personal information
  • Giving you control over your data with clear deletion processes
  • Being transparent about our data practices

Thank you for trusting FlexPath with your fitness journey.