Volume — Fast workout logging with honest insights

Introduction

Misty Step ("we," "us," or "our") operates Volume ("the Service"), a workout tracking application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Volume, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Name (if provided)
Profile information (optional)
Authentication credentials (managed by Clerk)

1.2 Workout Data

When you use the Service, we collect:

Exercise names and types
Set data (reps, weight, date/time)
Workout history and patterns
User preferences and settings

1.3 Usage Information

We automatically collect:

Device information (type, OS, browser)
Usage patterns and interactions
Performance metrics (page load times, errors)
Analytics data (via Vercel Analytics, aggregated and anonymous)

2. How We Use Your Information

We use the collected information to:

Provide and maintain the Service
Sync your workout data across devices
Generate AI-powered insights and analytics about your training
Send weekly recaps and notifications (if enabled)
Improve and optimize the Service
Detect and prevent technical issues and abuse
Communicate with you about updates and features
Comply with legal obligations

3. AI and Machine Learning

Volume uses AI (powered by OpenRouter and third-party model providers) to:

Generate weekly workout summaries and insights
Identify training patterns and trends
Provide personalized recommendations

Your workout data may be processed by OpenRouter and the underlying model provider to generate these insights. We only send the data needed to generate insights, and all data sent to AI services is encrypted in transit.

4. Third-Party Services

We use the following third-party services:

Clerk (Authentication)

Manages user authentication and account security. See Clerk's Privacy Policy.

Convex (Database)

Stores and syncs your workout data in real-time. See Convex's Privacy Policy.

Vercel (Hosting & Analytics)

Hosts the application and provides aggregated, anonymous analytics. See Vercel's Privacy Policy.

Sentry (Error Tracking)

Monitors errors and performance issues. Personal data is automatically redacted. See Sentry's Privacy Policy.

OpenRouter (AI Gateway)

Routes AI requests to third-party model providers to generate workout insights and summaries. See OpenRouter's Privacy Policy.

5. Data Security

We implement security measures to protect your data:

All data transmitted via HTTPS encryption
Secure authentication via Clerk
Automatic PII (personally identifiable information) redaction in error logs
Regular security audits and updates
Access controls and user isolation

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You can delete your account at any time through the settings page.

When you delete your account, we will delete your workout data and personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your Privacy Rights

You have the right to:

Access your personal data and workout information
Export your data in JSON format
Correct inaccurate information
Delete your account and associated data
Opt out of email communications
Withdraw consent for AI features

To exercise these rights, contact us at hello@mistystep.io.

8. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us so we can delete it.

9. International Users

Volume is hosted in the United States. If you access the Service from outside the U.S., your data may be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date and, where appropriate, by email or in-app notification.

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Email: hello@mistystep.io

Website: mistystep.io

Additional Rights for EU and California Users

If you are in the European Union or California, you may have additional rights under GDPR or CCPA, including the right to request deletion, portability, and restriction of processing.