Privacy Policy
Last updated: May 31, 2026
Planner text = local. Todo titles, notes, and private planning text stay on your device.
Stats = stored. Workout data is stored server-side for sync and progress tracking.
Subscription = stored. Account and billing data are stored for service operation.
No ads. No selling data. No cross-site tracking.
1. Who We Are
PushupDoro is operated by Astravia Studios ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use the PushupDoro application ("the Service").
For questions about this policy, contact us at [email protected].
2. What We Collect
Account Information
When you create an account, we collect:
- Email address (for authentication and account management)
- Name (optional, for personalization)
Workout Data (Stored Server-Side)
We store workout statistics to enable sync, progress tracking, and streaks:
- Number of completed sessions
- Rep counts, session timing, and completion history
- Session timestamps and duration
- Daily contracts and completion status
- Streak and consistency data
Subscription and Billing Data
When subscriptions launch, we will collect:
- Billing information processed through our payment provider (we do not store full card numbers)
- Subscription status and billing history
- Transaction records as required for accounting and tax compliance
What We DO NOT Collect
- Camera footage, images, or video frames
- Pose detection data, body measurements, or biometric identifiers
- Location data
- Health or medical data
- Browsing history or cross-site tracking data
3. Camera Processing
PushupDoro uses your device camera for real-time pose estimation during exercise. This is important to understand:
- All processing is on-device. Camera frames are processed in your browser's memory using MediaPipe (Google's on-device ML library)
- No frames are uploaded. Camera data never leaves your device. We cannot see your workouts
- No recording or caching. Frames are discarded immediately after pose estimation
- No biometric storage. Joint coordinates exist only in runtime memory and are not persisted
- You control the camera. You can stop it at any time. It shuts down automatically after 15 minutes of inactivity
4. How We Use Your Information
Your data is used to:
- Provide and maintain the Service
- Sync your progress across devices
- Calculate streaks, statistics, and achievements
- Process subscription billing (when applicable)
- Send important service-related communications
- Respond to support requests
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for their marketing purposes.
5. Third-Party Services
We use the following third-party services to operate PushupDoro:
- Clerk — Authentication provider. Processes your email address and manages login sessions. SOC 2 Type II certified. Clerk Privacy Policy
- Vercel — Application hosting and edge delivery. Serves the app and processes request metadata (including your IP address) to route and deliver pages
- Railway / Neon — Database hosting. Stores your workout data with TLS encryption in transit and at rest
- Cloudflare — CDN and DDoS protection in front of our application. May process IP addresses for security and traffic routing
- Vercel Analytics — Lightweight, cookieless product analytics for aggregate usage trends
- MediaPipe (Google) — On-device pose detection library. Pose estimation runs entirely in your browser, and no camera or workout data is sent to Google. The library runtime and ML model are downloaded once from Google's and jsDelivr's public CDNs (storage.googleapis.com, cdn.jsdelivr.net), which receive your IP address as part of that download, as with any web asset
When subscriptions launch, a payment processor (such as Stripe) will handle billing. We will update this policy with specific details at that time.
6. Data Storage and Security
Your workout data is stored securely in our database hosted on Railway/Neon.tech. We use industry-standard encryption for data in transit (TLS) and at rest.
Authentication is handled by Clerk, a SOC 2 Type II certified provider. We do not store passwords directly.
While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
7. Data Retention
- Active accounts: We retain your data for as long as your account is active
- Account deletion: Upon deletion request, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records)
- Billing records: Transaction records may be retained for up to 7 years for tax and accounting compliance
8. Your Rights
You have the right to:
- Access — Request a copy of your data
- Delete — Request deletion of your account and data
- Export — Download your workout history
- Correct — Update your account information
- Withdraw consent — Delete your account at any time
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
9. Cookies and Local Storage
We use minimal cookies and local storage strictly for functionality:
- Authentication cookies — Set by Clerk to maintain your login session
- Local storage — Used to cache app state, preferences, and offline data on your device
For aggregate usage measurement we use Vercel Analytics, which is cookieless and privacy-friendly: it does not set tracking or advertising cookies, does not collect personal information, and does not follow you across other websites. We do not use tracking cookies, advertising cookies, or cross-site behavioral tracking.
10. Children's Privacy
PushupDoro is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.
11. International Data Transfers
Your data may be transferred to and processed in the United States, where our servers and third-party service providers are located. By using the Service, you consent to such transfers.
For EU/EEA Users: We process your data based on your consent (which you provide by creating an account) and our legitimate interests in providing the Service. You have the right to withdraw consent at any time by deleting your account.
12. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know — Request what personal information we collect and how it's used
- Right to Delete — Request deletion of your personal information
- Right to Opt-Out — We do not sell personal information
- Non-Discrimination — We will not discriminate against you for exercising your rights
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For subscribers, material changes will be communicated via email.
14. Contact Us
For questions about this Privacy Policy, please contact us at [email protected]