Privacy Policy

Last updated: 2026-05-20

This policy describes what Yim collects, why, and how we handle it. It applies to the Yim mobile app and the website at yimapp.pro.

1. What we collect

• Account info: name, email, date of birth, gender, profile photo, Instagram handle (optional), home gym, training style, goals, experience level, and interests.
• Workout data: the exercises, sets, reps, weight, and routines you log.
• Body data: weight, height, body fat, and tape measurements you enter, plus AI scan scores derived from photos you submit.
• Photos: profile photo, feed posts, scan photos, and Peak source photos. Scan and Peak source photos are private and never appear in the feed.
• Social data: who you follow, messages you send and receive, QR mutual-follows, and verified meetups.
• Location: approximate location, rounded to roughly one kilometre, used to show nearby lifters. Your exact location is never stored or shown.
• Device and usage: device identifier, app version, push token, and interaction events used for analytics, abuse prevention, and improving the product.
• Purchase data: Apple receipt identifiers, Whop subscription identifiers, and the resulting Yim Pro entitlement state.

2. Why we collect it

• To operate the workout tracker and the social features.
• To deliver AI physique scores and Peak renders.
• To verify subscriptions and grant Yim Pro entitlement.
• To send transactional, account, and lifecycle email.
• To prevent abuse and enforce our Terms.

3. Who processes your data on our behalf

We use the following subprocessors. Each only handles the data needed for its function.

• Apple, Inc. — Sign in with Apple, App Store payments, push notifications.
• Supabase, Inc. — database, authentication, and image storage (US data centres).
• OpenRouter, Inc. — routing for AI scan and Peak model inference.
• Alibaba Cloud (Qwen vision models) — the underlying AI model used for physique, conditioning, and aesthetics scoring. Photos sent for scoring are not retained by the model provider.
• Google LLC (Gemini image models) — the underlying AI model used for Peak renders.
• Resend, Inc. — transactional and lifecycle email delivery.
• Vercel, Inc. — hosting of the app's backend and the website.
• Whop, Inc. — web purchase processing.

We do not sell your data. We do not share your data with advertisers.

4. AI processing

When you run a scan or a Peak render, the photo you submit is sent to OpenRouter, which forwards it to the underlying model provider listed above. The photo and the resulting score are stored in your Yim account so the Progress tab can chart your scan history. You can delete a scan at any time from the app, which removes both the score and the source photo from our database within seven days.

AI outputs are statistical estimates only. They are not medical, fitness, or nutritional advice and should not be relied on as such.

5. Location data

Yim only stores your location rounded to roughly one kilometre. Your exact GPS coordinates are never written to our database. Other users see your approximate distance (e.g., "3 mi away") only if you have enabled "Show distance away" in Privacy & Social settings.

6. Retention

• Account data: kept while your account is active.
• Scans and source photos: kept until you delete the scan, then removed within seven days.
• Subscription receipts: kept for as long as required by Apple and tax law (typically seven years).
• Analytics events: kept for 24 months, then aggregated.

When you delete your account, all of the above is deleted within thirty days, except where we are legally required to keep specific records.

7. Your rights

You can access, correct, export, or delete your data at any time from the Account screen in the app, or by emailing hello@yimapp.pro. Residents of the EEA, UK, California, and other regions with applicable privacy law have additional rights, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

8. Children

Yim is not for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, contact us and we will delete the account.

9. Security

We use industry-standard practices to protect your data, including encryption in transit and at rest, server-side authorization, and least-privilege service credentials. No security is perfect; if you discover a vulnerability, please report it to security@yimapp.pro.

10. Changes

We may update this policy. Material changes will be communicated through the app or by email at least seven days before they take effect.

11. Contact

Yim, c/o the operator listed at the time of contact. Email hello@yimapp.pro.