Privacy Policy

1. Introduction

Gymacetamol ("we", "our", or "us") operates the Gymacetamol workout tracking application. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

By using Gymacetamol, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our service.

2. Data We Collect

We collect the following types of information:

• Account Information: Email address (provided via email login or Google OAuth)
• Workout Data: Exercise names, weights, repetitions, sets, tempo, form quality, session notes, and workout history
• Usage Data: Information about how you use the app, including pages visited and features used
• Device Information: Browser type, device type, and operating system

3. How We Use Your Data

We use your information to:

• Provide and maintain the workout tracking service
• Track your workout progress and calculate statistics
• Authenticate your account and ensure security
• Improve and optimize the application
• Send service-related communications (if necessary)
• Process payments for premium features

4. Legal Bases for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing your personal data:

• Performance of a Contract (Art. 6(1)(b)): Processing your account information and workout data is necessary to provide you with the workout tracking service you signed up for, including authentication, data storage, and progress tracking.
• Legitimate Interest (Art. 6(1)(f)): We process usage data and device information through PostHog analytics to understand how users interact with our app, improve features, and fix bugs. We have assessed that this interest does not override your rights, especially as we do not collect personally identifiable information through analytics and do not record sessions.
• Consent (Art. 6(1)(a)): Where we use non-essential cookies or analytics tracking, we obtain your consent via our cookie consent banner. You may withdraw consent at any time by adjusting your cookie preferences.
• Legal Obligation (Art. 6(1)(c)): We may process and retain certain data where required by law, such as for tax or accounting purposes related to premium subscriptions.

5. Third-Party Services

We use the following third-party services:

• Supabase: Authentication and database hosting (PostgreSQL)
• Vercel: Application hosting
• PostHog: Product analytics to understand how users interact with our app (page views, feature usage, aggregated workout statistics). We do not record sessions or capture personally identifiable information through PostHog.
• Google OAuth: Optional sign-in method
• Payment Processor: For processing premium subscriptions (Stripe or similar)

These services have their own privacy policies. We recommend reviewing them.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. Our third-party service providers, including Supabase, Vercel, PostHog, and Stripe, operate servers in the United States.

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Article 46. Our service providers rely on Standard Contractual Clauses (SCCs) approved by the European Commission to protect your data during international transfers. These contractual commitments require the recipient to protect your data to the same standard as the GDPR.

Additionally, PostHog is configured to use their EU Cloud instance (eu.i.posthog.com), meaning analytics data is processed within the European Union.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Delete your account and all associated data. To delete your account, sign in and visit this page.
• Portability: Request your data in a portable format
• Opt-out: Opt out of marketing communications or data sales (we do not sell your data)
• Restriction: Request that we limit the processing of your data
• Object: Object to our processing of your data based on legitimate interests

To exercise any of these rights, please contact us at info@gymacetamol.com.

Right to Lodge a Complaint: If you are located in the European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU Data Protection Authorities can be found on the European Data Protection Board website.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.

10. Cookies and Local Storage

We use essential cookies for authentication and session management. We also use local storage for analytics (PostHog) to understand how you use our service. You can configure your browser to refuse cookies or clear local storage, but this may affect functionality.

11. Children's Privacy

Gymacetamol is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at: info@gymacetamol.com