Privacy Policy

1. Introduction and Data Controller Information

Welcome to GymFroog ("we," "us," "our," or "the App"), a fitness tracking mobile application. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information.

Data Controller

App Name: GymFroog
Contact Email: contact@gymfroog.com
Website: www.gymfroog.com
Location: France

This policy applies to all users worldwide and complies with international data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Lei Geral de Proteção de Dados (LGPD).

2. Information We Collect

We collect information that you provide directly, information collected automatically, and information from third parties as described below:

2.1 Personal Information You Provide Directly

• Account Registration: Email address, username, password (encrypted with industry-standard encryption), display name
• Optional Profile Data: Date of birth, gender, weight, height, fitness goals, workout preferences, profile photo
• Workout Data: Exercise logs, sets, reps, weights lifted, workout duration, rest periods, training programs you create, workout notes and comments
• Progress Tracking: Body measurements (weight, height, body fat percentage if provided), performance metrics, personal records, progress photos (if uploaded), workout history and statistics
• Communication Data: Feedback, support requests, survey responses, any correspondence with us

2.2 Information Collected Automatically

• Device Information: Device type, model, manufacturer, operating system version, unique device identifiers (Android ID, IDFA), mobile network information, screen resolution
• Usage Data: App features accessed, screens viewed, time spent in app, session frequency and duration, buttons clicked, user interactions, app crashes and errors
• Analytics Data: Firebase Analytics collects performance data, crash reports, and aggregated usage statistics to help us improve the app
• Network Information: IP address (anonymized), internet service provider, connection type (WiFi/mobile data)
• Location Data: We do NOT collect precise geolocation data. Approximate location may be derived from IP address for regional analytics and ad serving

2.3 Advertising-Related Data

• Advertising Identifiers: IDFA (iOS), Google Advertising ID/GAID (Android) - these are anonymized identifiers used for advertising purposes
• Ad Interaction Data: Ad impressions, clicks, conversions, ad preferences
• Collected by: Google AdMob (our advertising partner)
• Control: You can opt-out of personalized ads through device settings or in-app Privacy Settings

2.4 Authentication Data from Third Parties

• Google Sign-In: If you choose to sign in with Google, we receive your Google account email, name, and profile picture (with your consent). We do NOT have access to your Google password.

3. How We Use Your Information

We use the collected information for the following purposes, with legal basis under GDPR Article 6:

3.1 To Provide and Maintain the Service (Legal Basis: Contract Performance)

• Create and manage your user account
• Authenticate your identity and prevent unauthorized access
• Store and sync your workout data across devices
• Enable core app features (workout tracking, program creation, progress analytics)
• Provide offline functionality and data synchronization

3.2 To Personalize Your Experience (Legal Basis: Legitimate Interest / Consent)

• Generate AI-powered workout recommendations based on your history and goals
• Display personalized fitness insights and progress reports
• Remember your preferences and settings
• Provide customized content and features

3.3 For Analytics and Improvement (Legal Basis: Legitimate Interest)

• Analyze app usage to improve functionality and user experience
• Monitor app performance and identify technical issues
• Conduct research and development for new features
• Generate aggregated, anonymized statistics (not linked to you personally)

3.4 For Advertising (Legal Basis: Consent)

• Display advertisements through Google AdMob
• Show personalized ads based on your interests (only with your explicit consent)
• Measure ad performance and effectiveness
• Note: You can opt-out of personalized ads at any time

3.5 For Communication (Legal Basis: Consent / Legitimate Interest)

• Send important service announcements and updates
• Respond to your support requests and inquiries
• Send push notifications (only with your permission)
• Request feedback to improve the app

3.6 For Legal Compliance (Legal Basis: Legal Obligation)

• Comply with applicable laws and regulations
• Respond to legal requests and prevent fraud
• Enforce our Terms of Service
• Protect our rights and the safety of our users

4. Data Sharing and Third-Party Services

We do NOT sell your personal information to anyone. We only share data with trusted third-party service providers as necessary to operate the app:

4.1 Service Providers We Use

Firebase (Google LLC)

• Services: Authentication, Cloud Firestore (database), Cloud Functions, Firebase Analytics, Crash Reporting
• Data Shared: Email, user ID, workout data, usage statistics, device information
• Purpose: Core app infrastructure, data storage, user authentication, performance monitoring
• Privacy Policy: https://firebase.google.com/support/privacy
• Location: Data stored in United States and/or European Union (EU) data centers

Google AdMob (Google LLC)

• Services: Mobile advertising platform
• Data Shared: Advertising identifiers (IDFA/GAID), device type, OS version, app usage data, approximate location (country/region), ad interaction data
• Purpose: Display advertisements, measure ad performance
• Privacy Policy: https://policies.google.com/privacy
• Opt-Out: You can disable personalized ads in app Settings > Privacy or device settings

4.2 We Do NOT Share Data With

• Social media companies (unless you explicitly connect your account)
• Data brokers or aggregators
• Marketing companies for their own purposes
• Any entity for sale or rental of your information

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests (e.g., court orders, subpoenas, law enforcement requests) to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Protect the safety of our users or the public

4.4 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred. We will notify you via email and/or prominent notice in the app before your data becomes subject to a different privacy policy.

5. Your Privacy Rights and Choices

You have significant control over your personal information. Depending on your location, you have the following rights:

5.1 Rights Under GDPR (European Union Users)

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format (JSON/CSV)
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Restrict Processing: Limit how we use your data
• Right to Withdraw Consent: Withdraw consent at any time (for consent-based processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

5.2 Rights Under CCPA (California Residents)

• Right to Know: Request disclosure of data collection and sharing practices
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do NOT sell personal information
• Right to Non-Discrimination: Equal service regardless of exercising your privacy rights

5.3 Rights Under LGPD (Brazil Residents)

• Confirmation of data processing
• Access to personal data
• Correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion of unnecessary data
• Data portability to another service provider
• Information about entities with which data is shared

5.4 How to Exercise Your Rights

In-App: Go to Profile > Settings > Privacy & Data

• View your data
• Export your data (download as JSON file)
• Delete your account and all data
• Manage ad personalization preferences

By Email: Send requests to contact@gymfroog.com with subject line "Privacy Rights Request"

Response Time: We will respond within 30 days (GDPR/LGPD) or 45 days (CCPA)

Verification: We may ask for verification of your identity before processing requests

6. Data Security and Protection

We take data security seriously and implement industry-standard measures to protect your information:

Security Measures

• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS)
• Encryption at Rest: Data stored on Firebase servers is encrypted using AES-256 encryption
• Secure Authentication: Passwords are hashed using bcrypt with salt. We never store passwords in plain text
• Firebase Security Rules: Strict access controls ensure users can only access their own data
• Regular Updates: We regularly update our security practices and apply security patches
• Access Controls: Limited employee access to personal data on a need-to-know basis
• Monitoring: Continuous monitoring for security threats and suspicious activity

Important Disclaimer

While we implement strong security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You use the app at your own risk. If you become aware of any security breach, please contact us immediately at contact@gymfroog.com.

7. Children's Privacy (COPPA Compliance)

Age Restriction: GymFroog is NOT intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children under 13.

If You Are a Parent or Guardian: If you believe your child under 13 has provided us with personal information, please contact us immediately at contact@gymfroog.com. We will promptly delete such information from our systems.

Age Verification: During account creation, users must confirm they are at least 13 years old (or 16 in the EU).

Parental Consent (EU Users Aged 13-15): Users in the European Union aged 13-15 require verifiable parental consent to use the app and for us to process their personal data.

8. Data Retention and Deletion

How Long We Keep Your Data

• Active Accounts: We retain your personal data for as long as your account is active and you continue using the app
• Deleted Accounts: When you delete your account, data is retained for 30 days in backups, then permanently deleted
• Legal Requirements: Some data may be retained longer if required by law (e.g., financial records, legal disputes)
• Aggregated Data: Anonymized and aggregated data (not linked to you) may be retained indefinitely for analytics

Account Deletion Process

To delete your account and all associated data:

1. Open the GymFroog app
2. Go to icon Profile > popup showed
3. Tap "Delete Account"
4. Confirm deletion

What Happens: You will be immediately logged out, your account will be deactivated, and all personal data will be permanently deleted within 30 days. For detailed instructions, visit: Account Deletion Guide

9. International Data Transfers

GymFroog is operated from France, but our service providers (Firebase, AdMob) may store data on servers located in different countries, including the United States.

Data Transfer Safeguards

• Firebase: Google uses Standard Contractual Clauses (SCCs) approved by the European Commission for EU data transfers
• GDPR Compliance: All data transfers comply with GDPR Chapter V requirements
• Adequacy Decisions: Where possible, we transfer data to countries with adequacy decisions from the EU Commission
• Your Rights: You maintain all your privacy rights regardless of where data is processed

10. Advertising and Tracking Technologies

10.1 Google AdMob

We use Google AdMob to display advertisements in the app. AdMob uses cookies and similar tracking technologies.

• What AdMob Collects: Advertising ID, device info, app usage, ad interactions, approximate location
• Personalized vs. Non-Personalized Ads: You can choose between personalized ads (based on interests) or non-personalized ads
• Ad Partners: Google AdMob works with third-party ad networks who may also collect data

10.2 App Tracking Transparency (iOS 14.5+)

On iOS devices, we request your permission before tracking your activity across other companies' apps and websites for advertising purposes.

• Grant Permission: Allows personalized ads based on your activity
• Deny Permission: You still see ads, but they won't be personalized
• Change Settings: iOS Settings > Privacy > Tracking

10.3 How to Opt-Out of Personalized Ads

In the App: Profile > Settings > Privacy > Disable "Personalized Ads"

On Android: Settings > Google > Ads > Opt out of Ads Personalization

On iOS: Settings > Privacy > Tracking > Disable for GymFroog

10.4 Do Not Track

Our app does not currently respond to Do Not Track (DNT) signals, as there is no industry standard for DNT compliance in mobile apps.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

• Material Changes: We will notify you via email (if provided) and/or prominent in-app notification at least 30 days before changes take effect
• Minor Changes: Updated "Effective Date" at the top of this policy
• Your Choice: If you disagree with changes, you may delete your account before changes take effect

We encourage you to review this policy periodically. Your continued use of the app after changes constitute acceptance of the updated policy.

12. Cookies and Similar Technologies

While GymFroog is a native mobile app (not a website), we use technologies similar to cookies:

Technologies We Use

• Local Storage: To store your preferences, settings, and offline data on your device
• Analytics SDKs: Firebase Analytics SDK to collect usage data
• Advertising SDKs: Google AdMob SDK for serving ads
• Authentication Tokens: To keep you logged in securely

Control: You can manage these through in-app settings or by clearing app data in device settings (note: this will log you out and delete local data).

13. Contact Us and Data Protection Officer

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us:

For Privacy-Specific Inquiries

Please use the subject line "Privacy Request" or "Data Protection Request" for faster processing.

Response Time

• General inquiries: Within 5 business days
• Privacy rights requests: Within 30 days (GDPR/LGPD) or 45 days (CCPA)
• Urgent security matters: Within 24 hours

14. Supervisory Authority (EU Users)

If you are located in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Find your local authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en

15. Google Play Store Compliance

This Privacy Policy complies with Google Play Store's Data Safety requirements. We have accurately disclosed our data collection and sharing practices in the Play Store listing.

Data Safety Declaration

• Data Collected: Personal info (email, name), Fitness info (workouts, measurements), App activity
• Data Sharing: Analytics partners (Firebase), Advertising partners (AdMob)
• Security Practices: Data encrypted in transit, users can request data deletion
• Data Usage: App functionality, personalization, analytics, advertising

Questions? We're Here to Help

Your privacy is important to us. If you have any questions or concerns about how we handle your data, please don't hesitate to reach out.