ExactBurn
Log inSign up

Privacy Policy

Last updated: April 9, 2026

1. Who we are

ExactBurn is a web application that helps gym-goers track the precise calories burned during workouts. References to "ExactBurn", "we", "us", or "our" in this policy refer to the operator of this service.

For any privacy-related questions, contact us at: privacy@exactburn.app

2. Data we collect

We collect only what is necessary to provide the service:

  • Account data: your email address, used for authentication and account management (provided by Supabase Auth).
  • Profile data: age, sex, and body weight — required to calculate accurate calorie estimates using the ACSM MET-based formula.
  • Workout data: sessions, exercises, sets, reps, weights, and durations you log in the app.
  • Payment data: subscription status and Stripe customer ID. Card details are handled entirely by Stripe — we never see or store them.
  • Usage data: anonymous, aggregated page view statistics via Vercel Analytics. No cookies are used for analytics. No personal identifiers are collected or shared.

3. How we use your data

  • To authenticate you and secure your account.
  • To calculate your personalised calorie burn using your profile data.
  • To store and display your workout history.
  • To manage your subscription and process payments via Stripe.
  • To improve the app using anonymous, aggregated usage statistics.

We do not sell your data, share it with advertisers, or use it for any purpose beyond operating ExactBurn.

4. Legal basis for processing (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): processing your account, profile, and workout data is necessary to deliver the service you signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR): anonymous analytics to understand how the app is used and improve it.
  • Legal obligation (Art. 6(1)(c) GDPR): retaining payment records as required by applicable law.

5. Data retention

Your data is retained for as long as your account is active. When you delete your account, all personal data (profile, sessions, exercises, and sets) is permanently deleted within 30 days. Payment records may be retained longer where required by law.

6. Third-party services

  • Supabase (supabase.com) — database and authentication. Data is stored in the EU region.
  • Stripe (stripe.com) — payment processing. Stripe handles all card data under PCI-DSS compliance. See Stripe's Privacy Policy.
  • Vercel (vercel.com) — hosting and anonymous analytics. Vercel Analytics does not use cookies and does not collect personally identifiable information. See Vercel's Privacy Policy.

7. Cookies

ExactBurn uses only essential cookies necessary for authentication (session tokens managed by Supabase Auth). We do not use tracking or advertising cookies. Our analytics (Vercel Analytics) are cookieless. You will be asked for consent on your first visit.

8. Your rights (GDPR)

If you are in the EEA, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data (via Profile Settings).
  • Erase your data — delete your account at any time from Profile Settings to remove all your data permanently.
  • Restrict or object to certain processing.
  • Data portability — request an export of your data.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@exactburn.app.

9. Data security

All data is transmitted over HTTPS. Access to your data is enforced via Row Level Security (RLS) policies — you can only access your own data. Authentication is managed by Supabase Auth using industry-standard JWT tokens. We follow OWASP security guidelines and do not expose API keys in client code.

10. Children's privacy

ExactBurn is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. Continued use of ExactBurn after changes constitutes acceptance of the updated policy.