Apple & Google Sign-In FAQ

Frequently Asked Questions About Social Sign-In:

Q: Is signing in with Apple or Google safe?

A: Yes! Social sign-in is actually more secure than passwords in many ways: • Your Apple/Google password is never shared with us • Multi-factor authentication from Apple/Google protects your account • Biometric verification (Face ID, Touch ID) adds another layer of security • We use industry-standard OAuth 2.0 with cryptographic nonces to prevent replay attacks

Q: What information does Build Stability receive from Apple/Google?

A: We only receive: • Your email address (or a private relay email with Apple) • Your name (only when you first sign in with Apple, and only if you choose to share it) We do NOT receive your password, contacts, photos, or any other private data.

Q: Can I use Apple's "Hide My Email" feature?

A: Yes! Apple's Hide My Email creates a unique, random email address that forwards to your real email. This keeps your real email private while still receiving all Build Stability notifications. Note: If you're a client accepting an invitation, you must use the email that received the invitation.

Q: What if I signed up with email/password but want to use Apple/Google now?

A: Simply sign in with Apple or Google using the same email address as your existing account. The system automatically detects the matching email and links the social identity to your existing account. After linking: • You can use either method to sign in — your password still works too • Your profile, business memberships, workout plans, and all data remain unchanged • The "Last used" badge on the login page updates to show your most recent sign-in method This only works when the email addresses match exactly. If your Apple or Google account uses a different email, the accounts will not link.

Q: Can I remove social sign-in access?

A: Yes, you can revoke access anytime: • Apple: Go to Settings > Apple ID > Password & Security > Sign in with Apple, find Build Stability, and tap "Stop Using Apple ID" • Google: Go to myaccount.google.com > Security > Third-party apps with account access, find Build Stability, and remove access

Q: What happens if I revoke social sign-in access?

A: You'll need to use password reset to regain access to your account, or re-authorize the social sign-in. Your account data remains intact.

Q: Why am I getting an "email mismatch" error?

A: This happens when clients try to accept an invitation with a different email than they were invited with. For security, you must sign in with the same email address that received the invitation. To check which email was invited, search your inbox for an email from "buildstability" or your trainer's business name. Solutions: • Use password signup with the invited email instead — you can add social sign-in later by signing in with Apple or Google using that same email • Ask your trainer to cancel the invitation and re-invite you at the email address you use with Apple or Google Note: Apple's "Hide My Email" relay addresses will not match your invitation email and will trigger this error.

Q: Does social sign-in work on the mobile app?

A: Yes! Social sign-in works on: • iOS app (Apple Sign-In and Google Sign-In) • Web browsers on any device • Android app (Google Sign-In)

Q: Why is Apple Sign-In showing as required on iOS?

A: Apple requires apps that offer third-party sign-in (like Google) to also offer Apple Sign-In. This is an App Store policy to give users a privacy-focused option.

Q: I'm a trainer - which sign-in method should I recommend to my clients?

A: Both work great! Here are some guidelines: • iPhone users: Apple Sign-In is seamless and privacy-friendly • Android/Gmail users: Google Sign-In is most convenient • Privacy-conscious clients: Apple Sign-In with "Hide My Email" • Clients who forget passwords: Either social sign-in option reduces friction

Q: Can my clients use social sign-in?

A: Yes! When you invite a client, they can choose to: • Create a password, OR • Sign up with Apple or Google (must match the invited email) Social sign-in makes onboarding faster and reduces "I forgot my password" support requests. If a client signs up with a password first, they can add social sign-in later — when they tap "Continue with Apple" or "Continue with Google" on the login page using the same email, the accounts link automatically.

Q: Is social sign-in available for team members (admins/trainers)?

A: Yes, all users can use social sign-in regardless of their role in the business.