Privacy Policy

Last updated: February 2026

Note for Users: GymSync acts as a Data Processor for the majority of the data we hold, with your Personal Trainer acting as the Data Controller.

1. Data Controller

For the purpose of the General Data Protection Regulation (GDPR) and other data protection laws:

GymSync
Email: support@gymsync.app

When you sign up via a Personal Trainer (PT), that PT is also a Controller of your personal data related to your training program and progress.

2. Data We Collect

We collect the following types of information:

  • Account Information: Name, email address, profile picture, and encrypted password.
  • Usage Data: Booking history, token balance, and activity logs.
  • Health Data (Special Category): Workout logs, exercises performed, body statistics (if provided), and notes entered by you or your PT. By using these features, you explicitly consent to the processing of this health data.
  • Device Data: IP address, browser type, and device identifiers (used for security and PWA functionality).

3. How We Use Your Data

We use your data strictly to provide and improve the GymSync service:

  • To provide and maintain the Service (e.g., managing bookings and tokens).
  • To notify you about changes to our Service.
  • To allow you to participate in interactive features (e.g., logging workouts).
  • To provide customer support.
  • To detect, prevent and address technical issues.

4. Data Storage and Transfers

Your data is hosted in Germany (EU) via our provider NetCup, ensuring strict adherence to EU data residency laws.
We use third-party processors who may process data:

  • Vercel / AWS: For serverless function execution.
  • Google / Mozilla / Apple: For Push Notification delivery services (VAPID).

5. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you. This is available directly in your Settings page.

Right to Erasure

You can request that we delete your account and all associated data ("Right to be Forgotten"). This is available in your Settings page.

Right to Rectification

You can update your personal information at any time via your Profile settings.

Right to Data Portability

You can download your data in a structured, commonly used format (JSON) from your Settings.

6. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

If you delete your account, your data is permanently removed from our active database immediately. Backups may retain data for up to 30 days before being overwritten.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@gymsync.app.