Privacy Policy
Mirror Fitness (referred to below as "Mirror" or "we") is built and operated by Collin Kinnaird as an independent solo developer. This policy explains exactly what data Mirror handles and what we do with it — written in plain English, accurate to what the app actually does, not legal boilerplate.
The short version: Mirror does not have any servers of its own. Your workout data stays on your device and (if you use iCloud) in your private iCloud account. We never see it. The only data that leaves your device is anonymous usage analytics through a privacy-first service called TelemetryDeck — no name, email, location, or anything that could identify you.
1. What Mirror collects
Mirror handles three kinds of data, all generated by you using the app:
Workout and goal activity
- Rep counts, form scores (0–100), and per-rep grades
- Session duration, sets, and exercise type (squat, push-up, plank)
- Form readings used during scoring (knee angle, torso lean, hip-line deviation)
- Estimated calories burned (computed from your activity, on-device)
- Goals and "Big Goals" — including any titles you type yourself
- Workout templates and scheduled workouts you create
- Trophy/achievement unlock dates
Optional profile data
- Age — optional, only used to refine calorie estimates
- Weight in lb or kg — optional, only used to refine calorie estimates
If you leave these blank, Mirror uses a default of 154 lb to estimate calories and ignores age entirely. They are never required.
Camera input
Mirror requests camera access so Apple's on-device Vision framework can detect your body pose during a workout and give you real-time form feedback. The video feed is processed frame-by-frame in memory and is then immediately discarded. No frames are saved, recorded, uploaded, or sent anywhere — not even to us. Mirror cannot see what your camera sees; only Apple's on-device pose model can, and it doesn't keep anything either.
App preferences
- Your weight unit (lb/kg)
- Whether you've opted into reminders and the weekly recap
- Accessibility toggles (larger workout text, color-blind mode, audio coach on/off)
- Dashboard layout customization
- "Hide camera body" privacy-mode toggle
2. Where your data is stored
On your device. Workout sessions, goals, templates, schedules, and trophy unlock dates live in a local SwiftData database on your iPhone. Your preferences live in iOS's standard user-defaults storage.
In your private iCloud (only if you're signed in). When you're signed into iCloud, your SwiftData records sync to your private iCloud database so they're available across your devices. This is Apple's CloudKit — your data lives in your iCloud account, encrypted, and we don't have access to it. If you're not signed into iCloud, Mirror falls back to local-only storage.
Nowhere else. Mirror has no servers, no third-party storage, and no backups outside of your iCloud.
3. Anonymous analytics (TelemetryDeck)
The only data Mirror sends off your device is anonymous usage analytics through a service called TelemetryDeck, which is explicitly designed to be privacy-respecting. TelemetryDeck does not receive your name, email, IP address, advertising identifier, or any other personally identifying information.
The events we send are aggregate, categorical, and anonymous — things like:
- "A workout session started" / "A session ended" (with rep count, score, duration)
- "An achievement was unlocked" (which one)
- "A goal was created" / "completed" / "deleted"
- "A setting was changed" (which setting, what value)
- "A rep completed" (rep number within the session, score, grade)
These help us understand which features people actually use so we can improve them. You can read TelemetryDeck's privacy practices on their website. To request deletion of your TelemetryDeck data, contact us using the email below — because the data is anonymous, deletion is best-effort.
4. Apple services Mirror uses
- CloudKit (Apple's private iCloud database) — syncs your workout/goal/template/schedule data across your own devices. Apple, not us, provides this service. Data is encrypted and stays in your iCloud account.
- Game Center (Apple Watch companion app only) — reports trophy unlocks to Apple's achievement system. No scores are submitted; no leaderboard data is shared.
- Local notifications — reminders generated by your device for goal deadlines and the weekly recap. Nothing is sent through any push server. You can disable notifications anytime in iOS Settings or in Mirror's Settings tab.
5. What Mirror does NOT collect
For clarity, Mirror does not access or collect any of the following:
- Your name, email address, phone number, or any contact info
- Your location (no GPS, no IP-based location)
- Your Photos library, microphone, or motion sensors
- Your health records or HealthKit data (currently — see "Future changes" below)
- Web browsing history or activity in other apps
- Advertising identifiers or any tracking IDs
6. Your rights and choices
- Delete your data. Uninstalling Mirror removes all on-device data. To also remove the iCloud copy, go to iOS Settings → your Apple ID → iCloud → Manage Storage → Mirror, and tap Delete Data.
- Opt out of analytics. Email us using the address below to request that we stop sending TelemetryDeck events from your install (best-effort).
- Access requests. Because Mirror has no servers and we don't store your data, the data you'd ever want a copy of is already on your device or in your iCloud. iOS Settings → Privacy & Security → App Privacy Report shows the system-level summary.
- EU/UK (GDPR) and California (CCPA). You have the right to access, correct, delete, and object to processing of your data. The above steps satisfy each of these — and because we don't sell, share, or profit from your data, the "do not sell" and "do not share" rights have nothing to act on.
7. Children
Mirror is intended for users 13 years or older, per Apple's App Store age requirements. We do not knowingly collect data from children under 13. If you believe a child under 13 has installed Mirror, contact us and we'll help.
8. Security
Data on your device is protected by iOS's standard encryption. Data in iCloud is encrypted end-to-end by Apple. Data sent to TelemetryDeck travels over TLS (HTTPS). Because we have no servers, the most common kind of data breach — a leak from a developer's database — is not possible with Mirror.
9. Changes to this policy
If Mirror adds features that meaningfully change how data is handled, this page will be updated and the "Last updated" date at the top will change. We'll surface a notice in the app on the first launch after a material change. Continuing to use Mirror after a change means you accept the updated policy.
10. Future changes worth knowing about
We're a small operation iterating quickly. Two things on the roadmap that could meaningfully change this policy: integration with Apple Health (for heart-rate data on the Apple Watch and optional body-composition goals), and optional progress photos for tracking visible body changes over time. Both would be opt-in and would store data on your device and in your private iCloud only — never on our servers, never shared with anyone. We'll update this policy and notify you in the app before either ships.
11. Contact
Questions, deletion requests, or privacy concerns — email mirrorfitnessios@gmail.com.