Legal

Privacy Policy

Last updated: 2026-05-24

This Privacy Policy describes how Marble (“we,” “us,” or “our”) handles your information when you use the Marble iOS application (the “App”). By using Marble, you agree to the practices described here.

1. Information we collect

Information you provide during onboarding

When you set up the App, you enter:

• Profile information: age, height, weight, units, self-rating of your physique
• Training preferences: goals, motivations, training experience, equipment available, training days per week, body areas to prioritize, any injuries

Body photos

You upload front and side photos of your body for physique grading. These photos are the most sensitive category of data we handle.

Workout logs

When you complete a workout in the App, we store the exercises, sets, weights, reps, and timestamps you logged.

Information collected automatically

• Anonymous account identifier: a randomly generated user ID created when you first open the App. We do not collect your name, email address, phone number, precise location, contacts, or Apple HealthKit data.
• IP address: logged server-side when you call our backend functions, solely to prevent abuse and enforce rate limits (see Section 5). IP addresses are never used for analytics, advertising, profiling, or geolocation.
• Subscription status: we receive entitlement information (whether your subscription is active) from Apple. We do not see your payment card or billing details.

2. How we use your information

• To grade your physique: your front and side photos are analyzed to produce a physique score, body-fat estimate, and per-muscle-group ratings.
• To build and refine your training program: your profile information, training preferences, injuries, and physique grades are used to generate a personalized 12-week training program and to refresh that program when you re-measure or request adjustments.
• To track your progress: workout logs power streak counts, workout history, and re-measurement comparisons inside the App.
• To operate and protect the App: IP addresses are used solely to detect and prevent abuse of our backend services. We discard them when your account is deleted.
• To manage your subscription: subscription status determines whether you can access premium features.

3. How we share your information

We do not sell your information. We share it only with the service providers below, each acting on our instructions to operate the App:

Google (Generative Language API)

Your body photos and profile information are sent to Google’s Generative Language API to compute your physique grade and to generate your training program. Photos and profile data leave the App and our backend and are transmitted to Google for processing. Google’s handling of this data is governed by their own terms; we do not control their retention beyond what their API agreement specifies.

Supabase

Supabase hosts our database, file storage (where your photos are stored), authentication, and edge functions. All your App data resides on Supabase infrastructure, accessed only by you (via per-user row-level security) or by our own service-role processes for account-deletion and rate-limiting operations.

Apple

Apple operates the App Store, processes your subscription payments, and may receive crash and performance diagnostics if you have enabled sharing in iOS Settings. We do not see your payment card or billing address.

Legal disclosures

We may disclose information if required to do so by law, a valid legal request, or to protect the safety of users or the public.

4. Where your data is stored

Your data is stored on Supabase infrastructure, which operates servers in multiple regions. By using the App, you understand that your data may be processed in the United States or other countries that may have different data-protection laws than your home country.

5. Abuse prevention and IP logging

To prevent attackers from spinning up many anonymous accounts to drain our Google API budget, we log the source IP address of each call to our AI grading and program-generation functions. These logs are:

• Used solely for per-user and per-IP rate limiting
• Never used for analytics, advertising, profiling, or geolocation
• Never sent to Google or any third party
• Automatically deleted when you delete your account (cascade via your user record)

6. How long we keep your information

We retain your data for as long as your account exists. When you delete your account inside the App (Settings → Delete account), the following are removed:

• Your profile
• All physique assessments and scores
• All training programs
• Your workout history
• All photos stored in our backend
• Your IP-logging records

This deletion is permanent and cannot be undone. Server backups containing your data are purged on our backend provider’s standard schedule. Data already transmitted to Google for processing is subject to Google’s own retention policies.

7. Your choices and rights

• Access: you can view your physique scores, training programs, and workout history inside the App.
• Deletion: use the in-app account-deletion flow described above.
• Correction: profile fields can be updated in the App.
• Withdraw consent: stop using the App and delete your account.
• Data portability: contact us at the address in Section 12 and we will work in good faith to provide your data in a reasonable timeframe and format.

If you are in the European Union, United Kingdom, or European Economic Area: under the GDPR, you have additional rights including the right to lodge a complaint with your local data-protection authority. The legal bases on which we rely are (a) your consent to upload photos and use the App, (b) the contract for the App you have entered into by accepting these terms, and (c) our legitimate interest in preventing fraud and abuse of our service.

If you are a California resident: the CCPA and CPRA give you additional rights to know, delete, and limit the use of your personal information. We do not sell personal information, do not share it for cross-context behavioral advertising, and do not use sensitive personal information for purposes other than those listed in this Policy.

8. Children

Marble is not directed to children. We do not knowingly collect information from anyone under 14. Onboarding requires an age input and the App will not function for ages outside the supported range. If you believe a child under 14 has provided us with information, please contact us so we can delete it.

9. Security

We protect your data with reasonable technical and organizational measures, including: TLS encryption in transit, per-user row-level security on our database, restricted service-role access, and rate limiting on our backend functions. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

10. Changes to this Policy

We may update this Privacy Policy. The “Last updated” date at the top of this page reflects the most recent revision. For material changes, we will notify you through the App or by another reasonable means before the change takes effect.

11. A note on fitness

Marble provides general fitness and aesthetic guidance based on inputs you provide. It is not medical advice and is not a substitute for consultation with a qualified physician. Consult a doctor before beginning any new exercise program, especially if you have an injury or pre-existing condition. Individual results vary.

12. Contact

Questions, complaints, or data requests: support@marblefitness.app

Contact

Questions about this policy? Email support@marblefitness.app.