BIMAX app icon

BIMAX

Score your biceps. Honestly.

Privacy Policy

Effective: May 5, 2026 · Last updated: May 5, 2026

Plain-English summary (non-binding): BIMAX takes a photo of your bicep, uploads it to our processing infrastructure, sends it to a third-party AI vision model to produce a 0–100 score across six categories, and shows you the result. We don't ask for your name or email. We don't sell your data. We don't use your photos to train our own models. You can stop using the app and delete your data at any time.

1. Who we are

BIMAX (the "Service") is operated by Massive Interface LLC, a Delaware limited liability company ("Massive Interface", "we", "us"). For purposes of the EU/UK General Data Protection Regulation, Massive Interface LLC is the data controller for personal data processed through the Service. Contact: info@massiveinterface.com.

2. What we collect

  • Photos you submit. Cropped images of your biceps that you voluntarily upload for evaluation. We do not access your camera roll beyond the photo you select via the iOS picker.
  • Anonymous device identifier. A random UUID generated on first launch and stored in the iOS Keychain. We use it to attach your subscription entitlement and to apply per-device rate limits. It is not linked to your name, email, or Apple ID.
  • Onboarding answers. If you answer the onboarding questions (training experience, primary goal, build), those values are stored as user attributes and analytics user properties so we can understand cohort behaviour.
  • Subscription data. Purchase status, receipt identifiers, and entitlement state, handled by Apple and RevenueCat. We do not receive or store your payment-card information.
  • Device & usage data. App version, iOS version, device model, crash reports, anonymous diagnostic events, IP address, and approximate region derived from it.
  • Communications. Support messages you send us, and anything you include in them.

3. How we use your data

  • Provide the core Service — accept your photo, evaluate it, and return scores.
  • Operate subscriptions, verify entitlements, prevent fraud and abuse.
  • Investigate bugs, crashes, and abusive activity.
  • Understand which features people use, in aggregate.
  • Comply with law and respond to lawful requests from authorities.

Legal bases (GDPR/UK GDPR): performance of a contract (providing the Service you requested), legitimate interests (security, analytics, product improvement), consent (where required), and legal obligation.

4. AI processing of your photos

When you submit a photo for evaluation, the image is uploaded to our object storage, then transmitted to a third-party AI vision model provider (currently Google LLC (Gemini API)) to generate the scores, critique, and tip. The provider acts under data-processing terms that prohibit training on your content and require deletion after a limited retention window.

We do not use your photos to train our own models, and we do not sell them. Photos are stored in our object storage for up to 30 days to allow re-scoring and debugging, then deleted by lifecycle policy.

AI-generated scores and critique are produced by probabilistic models and may be incorrect, incomplete, biased, or fabricated. They are for entertainment and motivation. See §6 of the Terms of Service for the full disclaimer.

5. Sub-processors

We rely on the following service providers to operate BIMAX:

  • Apple Inc. — App Store distribution, push notifications, subscription billing, receipt validation.
  • Amazon Web Services, Inc. — image storage (S3, US-East region).
  • Render Services, Inc. — application hosting, Redis, background workers.
  • Google LLC (Gemini API) — AI vision model that produces the bicep evaluation.
  • Google LLC (Firebase Analytics, Crashlytics) — anonymous app analytics and crash reporting.
  • RevenueCat, Inc. — subscription entitlement management and user attributes.

Each sub-processor is bound by a data-processing agreement. Current list available on request.

6. International data transfers

BIMAX is hosted in the United States. If you are located in the EU, UK, or other jurisdictions outside the US, your personal data will be transferred to and processed in the US. We rely on the EU Standard Contractual Clauses (and the UK IDTA Addendum where applicable) as the transfer mechanism with our sub-processors.

7. Data retention

Photos uploaded for evaluation are retained for up to 30 days in our object storage and then deleted by lifecycle policy. Anonymous diagnostic and crash logs are retained for up to 90 days. Subscription metadata is retained for as long as required for tax, accounting, and anti-fraud purposes (typically up to 7 years for financial records).

To request earlier deletion of your photos or device record, email info@massiveinterface.com with the anonymous device identifier shown in the app's Settings (or simply uninstall the app and delete the matching keychain entry — your records will be unreachable).

8. Security

We use industry-standard safeguards (TLS in transit, encrypted storage at rest, least-privilege access controls, authenticated API gateway). No system is perfectly secure, and you use the Service at your own risk. See §13–14 of the Terms of Service for our liability limitations.

9. Your rights

If you are in the EU, UK, or EEA, you have the rights to access, correct, delete, restrict, object to, and port your personal data, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.

If you are in California, under the CCPA/CPRA you have the rights to know, delete, correct, and limit the use of sensitive personal information. We do not sell or share your personal data for cross-context behavioral advertising. You will not be discriminated against for exercising your rights.

Everywhere, you can exercise these rights by emailing info@massiveinterface.com. We aim to respond within 30 days.

10. Children's privacy

BIMAX is not directed to children under 13 (or under 16 in the EU/UK), and the Service must not be used to upload photos of anyone under those ages. We do not knowingly collect personal data from children. If you believe a child has provided us data, email info@massiveinterface.com and we will delete it.

11. Cookies and tracking

The BIMAX mobile app does not use browser cookies. The marketing website (massiveinterface.com) uses minimal first-party Google Analytics. We do not use cross-site tracking and we honor Global Privacy Control signals where technically feasible.

12. Breach notification

If we become aware of a personal-data breach that is likely to result in a risk to your rights, we will notify you and any required regulator within the timeframe set by applicable law (within 72 hours under GDPR).

13. Changes to this policy

We will post changes here with an updated "Last updated" date. For material changes, we will notify you in-app or by email before the change takes effect.

14. Contact

Privacy questions, data requests, or complaints: info@massiveinterface.com (Massive Interface LLC).

Back to app page Terms of Service