Privacy policy
GYM RAT INC Privacy Policy
Effective Date: February 25, 2026
1. INTRODUCTION
At Gym Rat Inc., (collectively “GRI,” “us,” “we,” or “our”), our mission is to empower people to live a stronger, healthier, and more confident life. We exist to simplify your life – not to overstep.
We take your privacy seriously and want you to understand how we use, collect, and share Personal Data and the measures we take to protect your Personal Data. “Personal Data” means any information that identifies you or can be reasonably linked to you, or information which is otherwise considered to be “personal information” or “personal data” under applicable laws.
This Privacy Policy applies to Personal Data we collect about GRI members and other consumers who interact with GRI or use our services, including by visiting our websites or our social media pages or by using our mobile apps, the MTRC Device, any MTRC accessories, or any features, content, or applications offered by GRI in connection therewith (collectively, the “Services”). This Privacy Policy does not cover the practices of companies or people that we do not own, control or manage. We are not responsible for the policies and practices of any third parties, and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through the Services. For clarity, we are responsible for the data protection practices of our data processors (i.e., those processing Personal Data of which we are the controllers in relation to the Services) in accordance with the data protection laws applicable to the jurisdiction in which you reside.
We have provided supplemental notices below for residents of certain U.S. states.
2. HOW WE COLLECT PERSONAL DATA
We collect Personal Data about you from:
· Yourself, when you provide such information directly to us, such as when completing your profile or responding to a questionnaire;
· MTRC Device that you connect to gym equipment;
· Interactions with AI-powered features of the services, including through gym or trainer-administered functionality, as described in Section 8 below;
· Automatic data collection, such as Cookies, local storage objects, web beacons, and other similar technologies in connection with your use of the Services;
· Customers and partners, such as employers, insurance companies, coaches, teams, or other organizations that engage with our Services;
· Marketing and advertising partners, such as companies that have entered in joint marketing relationships with us or assist us with marketing or promotional services, which may provide us with data related to how you interact with our Services, advertisements, or communications;
· Social media, other third-party platforms, and linked accounts, devices, or features, if you interact with our pages on social media sites, post content to their sites using the Services, sign into the Services through a third-party site or service, or otherwise link accounts, devices, or features to your MTRC account; and
· Data providers, such as information services and data licensors, when we supplement your data.
Mobile Application and Device Permissions
Our mobile applications may request certain device permissions in order to provide core functionality. These permissions are used only for the purposes described below:
· Bluetooth Permission: Used to connect with compatible fitness devices (including MTRC devices and third-party sensors). Bluetooth data is used solely for device pairing, synchronization, and functionality.
· Location Permission: Certain mobile operating systems require location access to enable Bluetooth device scanning. We use location access solely for Bluetooth discovery and do not use this permission to track your physical location unless separately disclosed and enabled by you.
· Photo Library Access: Used only when you choose to upload or save profile images. We do not access your photo library without your direct action.
3. PERSONAL DATA WE COLLECT
We may collect the following types of Personal Data:
· Contact details, such as your first and last name, email and mailing address, and phone number;
· Profile data, such as username and password that you may establish to create a MTRC account, as well as any photographs or information you choose to include in your MTRC profile;
· Communications that we exchange with you, including when you contact us via email, web app, or mobile app with questions, feedback, or reviews;
· Fitness Data, including but not limited to physiological metrics, some of which may be collected via third-party apps (Apple Health and/or Google Fit), such as resting heart rate, heart rate variability, respiratory rate, skin temperature and blood oxygen saturation level; acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; data reflecting recovery; your physiological profile, including birthday, gender identity, weight, height, fitness/athlete level (e.g., professional or recreational); and details you choose to submit about your habits, diet, medications, and female health tracking. We may use certain of this information to customize your experience with us as part of our Services;
· Payment and transactional data needed to complete your orders on the website or through the Services (including name, email address, payment card information, bank account number, billing information) and your transaction history, although GRI does not have access to payment card numbers. Our payment processors will collect the financial information necessary to process your payments in accordance with the payment processor’s respective services agreement and privacy policy;
· Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails that you open and the links within them that you click);
· Device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP Address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area;
· Geolocation data, if enabled, such as GPS (precise geolocation), IP Address, and movement on certain exercise types if you give permission for GRI to do so; and
· Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
· This may include information about the features you access, session duration, crash logs, and performance diagnostics.
4. COOKIES AND SIMILAR TECHNOLOGIES
GRI uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, as well as to analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data included on the Services (such as on a website or in an email) or placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).
Cookie Usage and Type. GRI uses the following Cookies:
· Essential Cookies: Essential Cookies are required for providing you with features or Services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and Services unavailable.
· Functionality Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (e.g., your region).
· Performance/Analytical Cookies: Performance/Analytical Cookies allow us to understand how users use our Services by collecting information on how often a user engages with a particular feature of the Services. We use these aggregated statistics internally to improve the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google, Inc. (“Google”) uses Cookies in connection with its Google Analytics services.
· Marketing Cookies: Marketing Cookies collect data about your online activity and identify your interests so that we and our advertising partners can provide marketing that we believe is relevant to you. For more information, please see the section below titled “Interest-based advertisements.”
Online tracking opt-outs. There are a number of ways you can opt out of certain interest-based advertising and other online tracking activities, which we have summarized below.
· Blocking Cookies in your browser. Most browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept Cookies by default until you change your settings.
· Blocking advertising ID use in your mobile device settings. Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of your advertising ID associated with your mobile device for interest-based advertising purposes.
5. HOW WE USE PERSONAL DATA
We process and use Personal Data for the following purposes:
Service delivery, including to:
· Provide, operate, improve, develop, understand, and personalize the Services and our business, including testing, research, analysis, and product development;
· Satisfy the reason you provided the information to us, including for delivery of the Services and responding to and fulfilling requests;
· Communicate with you about the Services, including Service announcements, updates, or offers;
· Provide support and assistance for the Services;
· Create and manage your account or other user profiles;
· Customize website content and communications based on your preferences; and
· Process orders, memberships, or other transactions.
Research and development. We may create and use Aggregated Data, De-Identified Data, or other anonymous data from Personal Data we collect, including Fitness Data, for our business purposes, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use anonymous Fitness Data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features. Aggregated or de-identified data does not identify you personally and may be used and retained by GRI for research, analytics, product development, and other lawful business purposes.
Direct marketing and advertising. We may use data from the Personal Data we collect, including Fitness Data and certain data collected when you browse our website, to send you direct offers or other marketing messages or to advertise the Services or other GRI product offerings.
Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services. We and our advertising partners may use Cookies and similar technologies to collect information about your interaction over time across the web, our communications, and other online services, and may use that information to serve online ads. We comply with the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising.
Compliance and protection, including to:
· Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
· Comply with or enforce our legal or contractual obligations, resolve disputes, and enforce our Terms of Use and Terms of Sale;
· Audit our internal processes for compliance with legal and contractual requirements and internal policies;
· Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
· Respond to law enforcement requests and as required or permitted by applicable law, court order, or governmental regulations.
6. HOW WE SHARE PERSONAL DATA
We may share your Personal Data with:
· Service providers, such as payment processors, vendors who advertise our Services or other GRI products, security and fraud prevention consultants, hosting and other technology and communications providers, our third-party Large Language Model (“LLM”) partner that powers AI and Machine Learning features (as described in Section 8 below), analytics providers, and staff augmentation and contract personnel, that provide services to us or on our behalf;
· Advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your Fitness Data with advertising partners;
· Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they render to us;
· Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process;
· Business transferees, such as acquirers and other relevant participants in business transactions (or diligence or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, GRI or our affiliates (including, in connection with a bankruptcy or similar proceedings);
· Distributors and retailers of our Services or other GRI products; and
· Affiliates of GRI.
7. HOW YOU MAY SHARE PERSONAL DATA THROUGH THE SERVICES
Depending on how you use the Services, you may share Personal Data with:
· Other users of the Services or the general public, such as through our MTRC Social feature, which allow you to choose to share information and content with other users of the Services, and users are by default searchable by other users. When you make Personal Data visible to other users of the Services, including through the MTRC Social feature, it may become publicly available and can be collected, viewed, and used by anyone;
· Third-party social media platforms, or linked accounts, devices, or features, when you choose to connect your account on those services with your MTRC account or post content to social media;
· Managing entities. If your use of the Services is on behalf of or managed by a managing entity, such as a coach, team, organizing body, or other entity with which you are affiliated, your account information and Personal Data may be shared with the managing entity subject to your consent, and you hereby consent to that managing entity allowing that information to be publicly shared, subject to any features of the Services that expressly override that control. The managing entity will determine how the relevant information and content is shared; and
· Corporate wellness programs. If you use the Services in connection with an employer or organizational corporate wellness program, we may share your information with that organization subject to your consent. Typically, we will share only aggregated data with these organizations.
Business and Organizational Use
If you access the Services as part of a gym, training facility, corporate wellness program, or other organization (each, a “Managing Entity”), your account and associated data may be administered by that Managing Entity pursuant to its agreement with GRI.
We may process Personal Data of athletes or clients on behalf of a Managing Entity in order to provide the Services. In such cases, we act as a service provider or processor with respect to that data, subject to our contractual obligations with the Managing Entity. In other circumstances, including where we use data for product improvement, research, analytics, or security purposes, GRI acts as an independent controller.
We may also use aggregated or de-identified data derived from such information for research, analytics, product improvement, and other lawful business purposes, as described in this Privacy Policy.
8. AI and Machine Learning Features
We may use artificial intelligence (“AI”), machine learning, or large language model (“LLM”) technologies in connection with certain features of our Services, including business-facing products such as trainer applications, dashboards, analytics tools, and other professional services offerings.
These technologies may analyze data provided through the Services in order to generate insights, recommendations, summaries, analytics, or other outputs designed to improve user experience and product functionality.
Where AI or LLM technologies are provided by third-party service providers, we require such providers to process data in accordance with our agreements with them and applicable law.
We may share data with such providers only to the extent necessary to provide the relevant AI-powered features.
We may retain prompts, inputs, generated outputs, and related metadata in order to improve performance, maintain system integrity, provide support, and enhance our Services, consistent with this Privacy Policy.
Users should avoid submitting sensitive identifying information in free-text fields unless necessary for the intended use of the feature.
Trainer App
AI-powered features may analyze client movement data, performance metrics, or other Service-generated information to generate training recommendations, summaries, or suggested coaching corrections for professional users.
Where applicable, summarized or performance-related information regarding trainers may be made available to the Managing Entity in accordance with the agreement between GRI and that entity.
We may collect and process Personal Data relating to professional users, including trainers, such as account information, usage data, and performance-related analytics. Certain trainer-level information may be made available to the applicable Managing Entity pursuant to its agreement with GRI.
9. YOUR CHOICES
Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contacting hello@mtrcapp.com or via the “Data Management” feature available in the GRI Privacy Center gymratinc.com/privacy. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as aggregated data or de-identified data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Privacy settings. You can change certain privacy settings, such as whether you are searchable on MTRC by your name or username, if you scroll down to Settings, located on the Main Menu page of the MTRC mobile application, and select “Privacy,” where you can choose to make yourself private or searchable.
Push notifications and device permissions. You can change your settings related to push notifications and device permissions through the settings on your mobile device.
Geolocation data. You may allow or disallow GRI to collect geolocation data by enabling or disabling location services on your mobile device. If you decline to grant GRI access to this data, we will not be able to provide certain Services, capabilities, or features to you.
Fitness Data. You can disable collection of additional Fitness Data by un-pairing your MTRC device from your mobile device. If you unpair your MTRC device from your mobile device, we will not be able to provide certain Services, capabilities, or features to you.
Marketing communications. You can opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the GRI Privacy Center gymratinc.com/privacy or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Services.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
10. OTHER SITES AND SERVICES
The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control mobile applications, websites, or online services offered or operated by third parties, and we are not responsible for their actions. You can learn about and control how these third parties use and share Personal Data, including with GRI, by reviewing their privacy notices and exercising the privacy choices the third party may offer.
11. DATA SECURITY AND RETENTION OF PERSONAL DATA
We employ a number of physical, technical, organizational, and administrative security measures designed to protect the Personal Data we collect. While we endeavor to protect the privacy of your account and other Personal Data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your Personal Data.
We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g., for tax, legal, accounting, or other purposes), whichever is longer.
Certain workout and device-generated data may initially be stored locally on your device. If you choose to create an account or enable synchronization features, select data may be securely transmitted to and stored on our servers to enable backup, cross-device access, analytics, or feature functionality.
12. PERSONAL DATA OF CHILDREN
If you are under the age to consent to data sharing, as applicable based on your jurisdiction, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under the age to consent to data sharing, as applicable based on jurisdiction, we will delete that information as quickly as possible. If you believe that a child under the age to consent to data sharing, as applicable based on your jurisdiction, may have provided us Personal Data, please contact us at hello@mtrcapp.com.
13. CHANGES TO THIS PRIVACY POLICY
We are constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. Changes will be posted on the GRI website and available on other GRI Services. We will alert you to material changes by placing a notice on the GRI website, by sending you an email, and/or by some other means. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.
14. CONTACT US
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to hello@mtrcapp.com or at the mailing address below.
Gym Rat Inc, 4504 Trevor Park Lane, Houston, TX 77018
15. U.S. STATE-SPECIFIC PRIVACY NOTICE
If you are a resident of California, Colorado, Connecticut, Delaware (as of January 1, 2025), Iowa (as of January 1, 2025), Maryland (as of October 1, 2025), Minnesota (as of July 31, 2025), Montana, Nebraska (as of January 1, 2025), New Hampshire (as of January 1, 2025), New Jersey (as of January 15, 2025), Oregon, Tennessee (as of July 1, 2025), Texas, Utah, and Virginia, the law in your state may provide you with the following rights:
· Information: The Privacy Policy describes the types of Personal Data (including “Personal Information” as defined in applicable laws) we collect in the “Personal Data We Collect” section above and the sources through which we collect Personal Data in the “How We Collect Personal Data” section above. We describe the purposes for which we use and share this data in the “How We Use Personal Data” section above and the “How We Share Personal Data” section above.
· Access: You can request a copy of the Personal Data that we maintain about you.
· Deletion: You can ask to delete the Personal Data that we have collected from you.
· Correction: You can ask to correct inaccuracies in your Personal Data.
· Opt-out of sale and sharing of your Personal Data: You can ask to opt out of the selling or sharing of your Personal Data, the processing of your Personal Data for purposes of targeted advertising, and/or profiling in furtherance of decisions that produce legal or similarly significant effects, which you can exercise according to the instructions in the “Online tracking opt-outs” section of the Privacy Policy.
· Appeal: You may be permitted to appeal our decision, if we deny your request.
In addition, and as set forth below, California law requires us to identify, for the 12-month period prior to the date of this Privacy Policy, what information we may have “sold” or “shared” about you. For the 12-month period prior to the date of this Privacy Policy, GRI has not sold any Personal Data. We do not sell Personal Data. For the 12-month period prior to the date of this Privacy Policy, GRI has only shared Personal Data as described above. As we explain in this Privacy Policy, we use Cookies and other tracking technologies to analyze website and application traffic and use, and to facilitate advertising. To limit use of Cookies and other tracking technologies, please review the instructions provided in the “Online tracking opt-outs” section. You may also direct us to share your data, as described in the “How You Share Personal Data Through the Services” section of the Privacy Policy.
You are entitled to exercise the rights described above free from discrimination.
Exercising Your Rights. To exercise these rights, you can submit requests as follows:
· To request access to, correction of, or deletion of Personal Data collected via your use of the Services, please either (i) use the “Data Management” feature available on the GRI Privacy Center gymratinc.com/privacy; or (ii) email us at hello@mtrcapp.com.
· To learn how to opt-out of interest-based ads and other online tracking, see the “Online tracking opt-outs” section of the Privacy Policy.
· To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
· Authorized agents: You can empower an “authorized agent” to submit requests on your behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
Please note that we are only required to honor requests to know twice in a 12-month period.
California Shine the Light. This Privacy Policy describes how we may share your Personal Data for marketing purposes. If you are a California resident, the Shine the Light law permits you to request and obtain from us once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us through the contact form on our website.