Bazu!

Privacy Policy

Last updated: January 15, 2026

Effective date: January 15, 2026

Bazu Fitness LLC ("Bazu!", "we", "us", or "our") is a strength-training and fitness-tracking application. We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

This Privacy Policy describes how we collect, use, store, and share your information when you use:

  • Bazu! Workout App (iOS 18+)
  • getbazu.com and related subdomains
  • Any other services or features provided by Bazu Fitness LLC

If you disagree with any part of this Policy, please discontinue using Bazu!.

Geographic Availability

Bazu is currently available in the United States. While our services are primarily designed for US-based users, the app may be accessible from other locations.

1. Information We Collect

We collect the following categories of information to provide and improve the service.

1.1 Account & Identity Information

Required Information:

  • Name
  • Email address (for email/password authentication)
  • Authentication provider identifier (Apple ID, Google account, or email)
  • Email verification status
  • Unique user identifier (generated by Firebase)

Optional Information:

  • Display name (if you choose to set one)
  • Profile photo (if uploaded)

Collected via Firebase Authentication and Firebase Storage (for optional profile images).

1.2 Workout & Fitness Data (Sensitive Data)

Information you enter or generate during use:

  • Exercises performed
  • Sets, reps, weight, duration
  • Workout history
  • Routines and goals
  • Personal records
  • Training frequency and patterns

When HealthKit integration launches, we may request permission to read health-related data (for example, calories, heart rate, workouts) and write workouts from Bazu! into Apple Health. We never access or share HealthKit data without explicit user permission.

1.3 Usage & Device Information

Collected automatically via Firebase Analytics and Crashlytics:

  • Device type, model, OS version
  • App version
  • Time spent in app, screens visited
  • Crash logs and diagnostics
  • App performance metrics
  • Unique device identifiers (non-advertising)

Advertising & Tracking:

  • We do NOT use the Advertising Identifier (IDFA)
  • We do NOT participate in cross-app tracking
  • We do NOT request App Tracking Transparency (ATT) permission
  • Firebase Analytics uses privacy-preserving, anonymized measurement only

1.4 Approximate Location (Future)

If enabled in a future update, we may collect approximate (non-precise) location to improve insights, global analytics, and regional product features. We do not collect precise GPS or background location.

1.5 Cookies & Web Tracking (Website Only)

  • Session cookies
  • Analytics cookies
  • Page visit information

You can control cookie settings via your browser.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide the Core App Experience

  • Sync workouts across devices
  • Maintain account security
  • Show progress insights
  • Generate recommendations
  • Enable rest timers, routines, and goals

2.2 Improve & Personalize the Product

  • Understand workout behavior to optimize design
  • Suggest progressive overload recommendations
  • Provide upcoming features (rest timer logic, PR detection, and similar)

2.3 Analytics & Performance (Firebase Analytics & Crashlytics)

  • Fix bugs
  • Optimize performance
  • Improve retention and onboarding

2.4 Notifications (Firebase Cloud Messaging)

  • Workout reminders
  • Goal reminders
  • App updates and feature announcements

You can disable notifications at any time.

2.5 Compliance & Security

  • Detect fraudulent or abusive activity
  • Enforce legal requirements
  • Maintain application integrity

3. Legal Basis for Processing (GDPR-Aware)

For users in the EEA, UK, or similar regions, we process data under these legal bases:

  • Performance of Contract: To provide the app you requested
  • Consent: HealthKit, analytics opt-in, notifications
  • Legitimate Interests: Improving the app, security, diagnostics
  • Legal Obligation: Responding to lawful requests

4. How We Share Your Information

We do not sell your personal data. We share information only with trusted third-party processors needed to operate Bazu!.

4.1 Service Providers (Processors)

We use the following third-party services:

Firebase (Google LLC)

  • Authentication
  • Firestore database
  • Storage (profile images)
  • Analytics
  • Crashlytics
  • Cloud Messaging

Firebase may store data in the United States or other regions. Data is encrypted in transit and at rest.

Third-Party Privacy Policies:

We maintain appropriate agreements with all service providers to ensure data security and privacy protection. We comply with applicable US privacy laws, including state privacy laws such as the California Consumer Privacy Act (CCPA). For users outside the US who access our services, we apply privacy-protective practices aligned with international standards.

Apple HealthKit (Future)

  • Health data is stored locally on your device unless you explicitly allow sync.
  • We do not use HealthKit data for advertising or third-party analytics.

Website Tools

Examples include Cloudflare (security/CDN) and privacy-friendly website analytics if added later.

We will update the Policy if new third-party processors are introduced.

5. Data Retention

We retain data only as long as necessary to provide the service, comply with legal obligations, resolve disputes, and maintain security.

Retention Rules

  • Workout data: Until the user deletes their account
  • Account and profile data: Until deletion request
  • Crash logs and analytics: 90–180 days (Firebase default)
  • Backups: Securely deleted on a weekly rolling basis

When you delete your account, all identifiable data is deleted from Firestore, Auth, and Storage within 14 days, except for crash logs that may remain in anonymized form and aggregated or anonymized analytics (non-identifiable).

Offline Data Integrity

Bazu is designed for offline-first functionality. When you work out without internet:

  • All data is saved locally on your device
  • Automatic sync occurs when connectivity returns
  • Visual "pending sync" indicator shows unsynced data

While we make best efforts to prevent data loss, we cannot guarantee sync success in all scenarios (for example, device failure, app deletion before sync completes). Maintain periodic internet connectivity to ensure data synchronization.

6. Your Rights & Choices

Depending on your region, you may have the right to:

  • Access the data we hold about you
  • Request correction
  • Request deletion
  • Data portability: Request a copy of your data in a structured format by emailing support@getbazu.com. We will provide your workout data within 30 days in JSON or CSV format.
  • Withdraw consent
  • Opt-out of analytics (future toggle)
  • Opt-out of notifications
  • Restrict processing (where applicable)

To make a request, email support@getbazu.com.

We will respond within 30 days for general requests and within 45 days for US-state privacy laws (for example, CCPA/CPRA).

California Consumer Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA/CPRA):

Right to Know: Request details about personal information we've collected about you in the past 12 months, including categories of data, sources, business purposes, and third parties with whom we share data.

Right to Delete: Request deletion of your personal information, subject to certain legal exceptions (for example, completing transactions, security purposes, legal compliance).

Right to Correct: Request correction of inaccurate personal information we maintain about you.

Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

How to Exercise Your Rights: Email support@getbazu.com with "California Privacy Request" in the subject line. Include your name and email address associated with your account. We will respond within 45 days. You may designate an authorized agent by providing written authorization.

Verification: For security, we may request additional information to verify your identity before processing requests.

7. Security

We use technical and organizational safeguards such as:

  • Encryption in transit (TLS)
  • Encryption at rest (Firebase default)
  • Access control and least-privilege principles
  • Secure authentication and session management
  • Firestore user-scoped rules with isolation
  • Regular security reviews

However, no system is 100% secure. You use the service at your own risk.

8. International Data Transfers

Because we use Firebase (Google), your information may be transferred to and processed in the United States, EU regions (if Firebase EU data residency is used), or other regions where Google cloud infrastructure operates.

Transfers follow Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable.

9. Children's Privacy

Bazu! is not intended for users under 16 years old. We do not knowingly collect personal information from anyone under 16.

If you believe data was collected from a child under 16, contact us immediately.

10. Third-Party Links

The app or website may contain links to external sites. We are not responsible for their content or privacy practices.

11. Changes to This Privacy Policy

We may update this Policy periodically. If changes are material, we will notify users via in-app notice, email (if appropriate), or an update banner on the website. The “Last updated” date will always reflect the latest version.

12. Contact Us

Bazu Fitness LLC
Email: support@getbazu.com
For privacy-specific inquiries: support@getbazu.com

Back to HomeTerms of Service