Gymmino Privacy Policy

1. Data Controller

The data controller responsible for your information is:

• Name: Davide Rossi

• Address: Via Marconi 9 Monterado, Trecastelli (AN), IT

• Contact Email:davidereusrossi@gmail.com

2. Types of Data Collected

Gymmino collects information necessary to provide and improve the workout tracking service:

A. Data Collection

• Account Data: When you register, we collect your email address and a unique User ID via Supabase Auth and RevenueCat.

• Workout Data: We collect and store your exercise logs, including exercise names, number of sets, repetitions, and timestamps.

• Personal Data: Gymmino collects personal fitness metrics including gender, age, weight, height to provide personalized workout calculations. We do not collect clinical medical data or professional health records."

• Usage Data: We may collect technical information such as your device's IP address, operating system version, and app crash logs for performance monitoring.

B. Subscriptions and Payments

• We use RevenueCat to manage subscriptions and in-app purchases

• Payment Processing: All payments are processed through the Google Play Store. We do not directly collect or store your credit card or bank account details.

• Transaction Data: RevenueCat receives a record of your purchase history and a unique identifier to verify your subscription status.

• Security: Data sent to RevenueCat is encrypted in transit via HTTPS."

3. Purpose and Legal Basis of Processing

We process your data based on the following legal grounds:

• Performance of a Contract: To provide the core functionality of the app (saving and displaying your workouts).

• Consent: When you sign up, you consent to the storage of your data on our cloud servers.

• Legitimate Interests: To maintain app security and fix technical bugs.

Here is the updated Third-Party Service Providers paragraph for your Privacy Policy, incorporating both Supabase and RevenueCat while ensuring all technical and security details are clear.

4. Third-Party Service Providers

We use Supabase (a backend-as-a-service provider) to host our database and handle user authentication, and RevenueCat to manage in-app subscriptions and verify your purchases.

• Data Transmission: Your data is transmitted to these servers using secure HTTPS encryption.

• Supabase Role: Supabase securely stores your account information, workout logs, and fitness metrics (age, weight, height).

• RevenueCat Role: RevenueCat receives a unique identifier and your transaction history from the Google Play Store to validate and manage your subscription status.

• Security Standards: Both Supabase and RevenueCat maintain high industry security standards to protect your information against unauthorized access.

• Privacy Commitment: We do not sell your personal data, fitness metrics, or purchase history to any third parties.

5. Account and Data Deletion

We value your privacy and provide you with full control over your data. Because we use Supabase for secure cloud storage, your workout logs and account information are stored on external servers. You have the right to request the deletion of this information at any time.

How to Delete Your Data

You may request the deletion of your account and all associated data (including workout logs, profile information, and login credentials) through the following methods:

1. In-App Deletion: Go to the Settings -> Profile section within the app and select "Delete Account." This will trigger a process to permanently remove your data from our Supabase database.

2. Email Request: If you can no longer access the app, you can send a formal deletion request to @gymminoapp@gmail.com. Please use the subject line "Data Deletion Request" and include the email address associated with your account.

What Data is Deleted?

Upon receiving a deletion request:

• Your personal identifiers (Email and User ID) will be removed from our authentication system.

• All workout history (exercises, sets, reps, and dates) stored in our database will be permanently erased.

• Data is typically deleted within [e.g., 7 to 30] days of the request, in compliance with GDPR standards.

6. Children’s Privacy

Gymmino is not intended for use by children under the age of 13 (or 16 in certain EU jurisdictions). We do not knowingly collect personal data from children. If we discover that a child has provided us with personal data, we will delete it immediately from our servers.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the bottom.