Privacy Policy

Effective Date: 2025-08-30
Last Updated: 2025-08-30

Gymbers (“Gymbers”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you access or use our website (the “Website”), mobile applications (the “App”), and any associated online communities or services (collectively, the “Services”).

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for processing your personal data is Gymbers, operated by the founder under an individual capacity. Contact: contact@gymbers.com.

2. Data We Collect

2.1 Data collected via the Website

  • Account and login details (email, password, username)
  • Newsletter and signup information
  • Analytics data (cookies, IP address, browser type, device identifiers)

2.2 Data collected via the App

  • Account and login details
  • Workout and health-related data (weight, repetitions, body measurements, progress history)
  • Device and technical data (IP address, operating system, app version)
  • Crash logs and error reports

2.3 Data collected via Communities

  • Any data you provide directly on third-party platforms (e.g., Discord, Facebook, Skool, X) is governed by the respective platform’s privacy policy. Gymbers does not store this data, other than publicly available information such as usernames or group participation status.

2.4 Payment Data

  • Payment processing is handled by third-party providers (Apple Pay, Google Pay, PayPal, Stripe).
  • Gymbers does not store payment card details.
  • We may store limited transaction references for record-keeping and fraud prevention.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Performance of a contract – to provide you with the Services, including accounts, subscriptions, and purchased content.
  • Legitimate interests – to maintain and improve the Services, ensure security, and conduct analytics.
  • Legal obligations – to comply with applicable laws (e.g., accounting, consumer protection).
  • Consent – where required (e.g., optional features, newsletters).

4. How We Use Your Data

We use the data collected for the following purposes:

  • To provide, operate, and maintain the Services
  • To process subscriptions, purchases, and transactions
  • To analyze usage and improve performance of the Services
  • To ensure security, detect fraud, and prevent abuse
  • To send transactional or service-related communications
  • To comply with legal obligations

5. Data Sharing and Processors

We may share your data with trusted third-party service providers who process data on our behalf, including but not limited to:

  • Supabase – database and authentication
  • Hostinger, Vercel – hosting and infrastructure
  • Google Analytics – analytics services
  • Firebase Crashlytics – crash reporting
  • Beehiiv – email communications
  • Stripe, PayPal, Apple, Google – payment processing

These providers may store or process data in the European Union and the United States. Appropriate safeguards, including Standard Contractual Clauses, are applied where required by law.

6. Data Retention

  • All personal data, including workout and health records, is deleted upon account deletion.
  • Transaction references may be retained for legal and accounting purposes in accordance with statutory obligations.

7. Data Subject Rights

As a user located in the European Union or other applicable jurisdictions, you have the following rights under the GDPR and equivalent laws:

  • Right of access – to request a copy of your personal data.
  • Right of rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your personal data.
  • Right to restriction of processing – to limit how we process your data.
  • Right to object – to object to processing carried out on the basis of legitimate interests.
  • Right to lodge a complaint with a supervisory authority.

Please note that data export/portability is not currently supported.

8. Children’s Privacy

The Services are intended for users aged 18 and older. Gymbers does not knowingly collect personal data from individuals under the age of 18. If we become aware that data has been collected from a minor, we will delete it promptly.

9. Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration. However, no system is completely secure, and we cannot guarantee absolute protection.

10. International Data Transfers

Personal data may be processed and stored in the European Union and the United States. Where required, we implement safeguards such as Standard Contractual Clauses to ensure an adequate level of protection.

11. Changes to This Privacy Policy

Gymbers reserves the right to modify or update this Privacy Policy at any time. Material changes will be communicated to users, and continued use of the Services constitutes acceptance of the revised policy.

12. Contact Information

For any privacy-related questions or requests, please contact us at:
Email: contact@gymbers.com