IT Download free
Back to home
GymTree Trainee

Privacy Policy

How we collect, use, protect, and delete your data.

1. Data Controller

The data controller for your personal data is:

Matteo Dante
Email: matteo.dante8@gmail.com

For privacy, data protection, or rights requests, you can contact us at the email address above.

2. Scope of This Policy

This Privacy Policy explains how GymTree Trainee ("GymTree", the "App", or the "Service") collects and processes personal data when you use the App, website, and related features, including workout, nutrition, progress, subscription, and artificial intelligence features.

This Policy should be read together with our Terms of Service.

3. Personal Data We Collect

3.1 Account and Authentication Data

  • name, surname, or display name, if provided;
  • email address;
  • Apple or Google account identifiers used for login;
  • technical information needed to maintain the session and protect the account.

3.2 Fitness, Nutrition, and Progress Data

If you use the relevant features, we may process data that can reveal information about your health, fitness, or lifestyle, including:

  • workout goals, level, preferences, and available equipment;
  • workout programs, exercises, sets, reps, weights, timers, history, and notes;
  • diet plans, preferences, foods, quantities, calories, and macronutrients;
  • weight, body measurements, check-ins, progress photos, and images uploaded by you;
  • free-text notes you decide to enter.

These data may qualify as special categories of personal data under Art. 9 GDPR when they reveal health-related information. We process them with particular care and, where required, based on your explicit consent.

3.3 AI Coach and AI Feature Data

  • messages, prompts, responses, preferences, and conversations with the AI Coach;
  • texts, photos, programs, or plans you ask AI to analyze, generate, or digitize;
  • context needed to provide useful responses, such as your current program, diet plan, goals, and relevant progress.

3.4 Purchase and Subscription Data

  • PRO subscription status or other in-app purchase status;
  • transaction identifiers, receipts, or equivalent information provided by Apple;
  • we do not collect full credit card or payment details, which are handled by Apple.

3.5 Technical, Diagnostic, and Security Data

  • device type, operating system, App version, language, and technical settings;
  • error logs, crash reports, performance, and diagnostics;
  • IP address, technical identifiers, timestamps, and data needed for security, abuse prevention, and Service operation;
  • push notification tokens, if you enable notifications.

4. Data We Do Not Intend to Collect

GymTree is not intended for medical emergencies, diagnosis, healthcare treatment, or medical record management. Please do not enter unnecessary data, third-party data without authorization, extremely sensitive information that is not requested, or illegal content.

GymTree does not currently use HealthKit or Apple Health to read or write health data unless otherwise stated in the App. If we introduce HealthKit integrations in the future, we will update this Policy and request the required permissions.

5. Purposes and Legal Bases

Purpose Legal basis
Create and manage your account, authenticate you, and provide the Service Performance of contract (Art. 6(1)(b) GDPR)
Manage workouts, diet plans, progress, and core features Performance of contract (Art. 6(1)(b) GDPR) and, for special category data, explicit consent (Art. 9(2)(a) GDPR)
Provide AI features, AI Coach, content generation, or digitization Performance of contract and explicit consent where special category data is processed
Manage subscriptions, in-app purchases, receipts, and access rights Performance of contract (Art. 6(1)(b) GDPR) and legal/tax obligations where applicable
Send push notifications requested or enabled by the user Consent (Art. 6(1)(a) GDPR)
Diagnostics, crash reports, security, abuse prevention, and technical improvement Legitimate interest (Art. 6(1)(f) GDPR)
Respond to support, privacy, or legal requests Legal obligation, legitimate interest, or performance of contract depending on the request

6. Consent and Withdrawal

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of previous processing. Withdrawal may limit or disable features that require those data, such as AI Coach, progress photos, program personalization, or diet plan personalization.

You may also deny or revoke system permissions, such as camera, photos, or notifications, from iOS settings. The App should offer reasonable alternatives when a feature does not strictly require a specific permission.

7. Artificial Intelligence and OpenAI

GymTree uses AI technology providers, including OpenAI Ireland Ltd. and/or affiliates, to process requests and generate AI Coach responses, programs, plans, or other content.

When you use AI features, we may send the AI provider your message content and the context strictly necessary, such as relevant goals, program, diet plan, or progress.

According to OpenAI’s API documentation, data sent through the API is not used to train or improve models by default unless there is an explicit opt-in. Abuse monitoring logs may be retained for up to 30 days unless different approved controls apply or retention is legally required. We do not claim "zero data retention" unless that control is actually enabled for our account or project.

AI responses are generated automatically, may contain errors, and do not constitute medical, nutritional, or professional advice.

8. Data Recipients

We may share personal data only as necessary to provide, protect, or manage the Service:

Recipient Purpose Country/area
OpenAI Ireland Ltd. and affiliates/subprocessors AI features and content generation EU / USA and other countries under applicable safeguards
Apple Inc. App Store distribution, in-app purchases, receipts, push notifications, Sign in with Apple USA / countries where Apple operates
Google LLC Google Sign-In authentication, if chosen by the user USA / countries where Google operates
Railway Corp. or equivalent hosting providers Server hosting, database, technical infrastructure EU / USA depending on configuration and safeguards
Sentry / Functional Software, Inc. or equivalent tools Crash reports, diagnostics, error monitoring USA / EU depending on configuration and safeguards
Advisers or authorities Legal compliance, legal claims, authority requests As legally required

We do not sell your personal data. We do not use fitness data, health data, photos, or AI content for behavioral advertising or advertising data mining.

9. International Transfers

Some providers may process data outside the European Economic Area. Where this happens, we use appropriate GDPR safeguards, such as European Commission Standard Contractual Clauses, adequacy decisions, the EU-US Data Privacy Framework where applicable, supplementary measures, or other lawful mechanisms.

You can request information about applicable safeguards by contacting matteo.dante8@gmail.com.

10. Data Retention

We retain data only for as long as needed for the purposes described or to comply with legal obligations:

  • Account data: until account deletion, unless legal or security reasons require retention.
  • Fitness, nutrition, progress, and photo data: until you delete them or delete your account, unless legal obligations apply.
  • AI conversations and AI content: until manual deletion, where available, or account deletion, unless technical or legal needs require retention.
  • Diagnostic data and crash reports: usually for a limited period, for example up to 90 days, unless security or technical investigation requires longer retention.
  • Purchase and receipt data: for as long as needed to manage access, prevent fraud, and comply with accounting/tax obligations.
  • Support or privacy requests: for as long as needed to handle the request and demonstrate compliance.

After account deletion, we delete or anonymize personal data within a reasonable period, usually within 30 days, except for data we must retain for legal, accounting, security, fraud prevention, or legal claims purposes.

11. Account and Data Deletion

If the App allows account creation, you can initiate account deletion directly in the App, usually from Profile/Settings. We may require confirmation or re-authentication to prevent accidental or unauthorized deletion.

Account deletion removes your account and associated personal data that we are not legally required to keep. Account deletion does not automatically cancel Apple subscriptions: you must cancel your subscription through Apple ID → Subscriptions.

12. Your Rights

Subject to GDPR and applicable law, you may exercise the following rights:

  • access your personal data;
  • rectify inaccurate or incomplete data;
  • delete your data;
  • restrict processing;
  • data portability;
  • object to processing based on legitimate interest;
  • withdraw consent;
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact matteo.dante8@gmail.com. We usually respond within 30 days, unless extensions are allowed by law.

13. Children

GymTree is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will take appropriate steps, including deletion where necessary.

14. Security

We implement reasonable technical and organizational measures to protect personal data, including encryption in transit, access controls, authentication, security logging, backups, and technical monitoring. However, no system is 100% secure, so we cannot guarantee absolute security.

15. Cookies and Similar Technologies

The GymTree website may use technical cookies or similar technologies necessary for operation, such as session management, security, and language preferences. We do not use profiling or marketing cookies without notice and consent where required.

The mobile App does not use traditional web cookies, but may use technical identifiers, secure tokens, and local storage needed for session, security, preferences, and operation.

16. iOS Permissions and Device Data

The App may request access to camera, photo library, notifications, or other permissions only when needed for a feature chosen by the user. iOS permission descriptions should clearly explain how the data is used. You can change permissions from device settings.

17. Changes to This Policy

We may update this Policy to reflect technical, legal, or Service changes. For material changes, we will notify you by reasonable means, such as through the App, email, or website.

18. Complaints

If you believe that the processing of your data violates the GDPR, you may lodge a complaint with the competent supervisory authority. In Italy:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
www.garanteprivacy.it