Privacy information for gymbout.

This privacy policy applies to the gymbout mobile app, the gymbout website, public share pages, account deletion support, and related support or admin workflows.

Controller: Gymbout, H. Halbig, Stuttgarter Str. 24, 72141 Walddorfhäslach, Germany. Responsible person: Harald Halbig. Privacy contact: support@gymbout.com.

No data protection officer has been appointed because gymbout is not currently required to appoint one. Privacy requests can be sent to the support address above.

Depending on how you use gymbout, the app and website process account, profile, authentication, training, competition, social, media upload, moderation, notification, payment, support, health, location, analytics, crash report, device, browser, and local cache data.

Providing account and training data is necessary when you want to create an account, enter a bout, appear in rankings, upload verified lifts, use social features, or receive support. Optional integrations such as Health, location, analytics/crash reporting, notifications, and premium purchases depend on your consent, platform permission, or explicit feature use.

gymbout processes data to provide the service, perform the user agreement, secure the platform, fulfill legal obligations, process consent-based features, and protect legitimate interests such as abuse prevention, product reliability, support, and fair competition.

Where European data protection law applies, the usual legal bases are contract performance, legitimate interests, consent, and legal obligations. Consent-based processing can be withdrawn at any time without affecting processing that happened before withdrawal.

gymbout uses Supabase authentication for email OTP, password login, token validation, session refresh, auth redirects, blocked or banned account checks, and account deletion.

During signup and profile setup, gymbout stores account fields such as athlete id, username, preferred unit, birthdate, gender, country code, and invite-code claims where applicable. Authentication sessions are stored locally on your device so the app can keep you signed in.

gymbout processes bout attempts, sets, exercise data, weights, repetitions, timestamps, scores, bodyweight values, season and league information, ranking visibility, and local drafts to run competitions and calculate results.

Some profile, season, badge, leaderboard, verified lift, and social data can be visible to other users or publicly available through website share pages when the product exposes those surfaces. You should not submit private information as public profile text or social handle data if you do not want it shown.

You can add profile text, country, profile image, and optional social handles. Profile images are uploaded to Supabase Storage. Verified lift videos are uploaded to Supabase Storage and linked to review metadata in the database.

gymbout may process reports, review notes, admin decisions, and moderation status to handle abuse, fraud, illegal content, safety issues, or competition-integrity concerns. Admin tooling on the website is protected and used for operational workflows such as athletes, badges, exercises, gyms, reports, seasons, verified lifts, and editorial administration.

If you grant permission, the app can read workout sessions and bodyweight from Apple HealthKit or Android Health Connect. The integration is optional and can be disabled through the app or operating-system permissions.

Health data is used to match tracked workouts with bout attempts and to suggest or store bodyweight where the app feature requires it. Selected workout metadata, provider information, start and finish times, and bodyweight values can be sent to gymbout when you use the related features.

If you grant location permission and use nearby gym discovery, the app reads your current or last known device location. gymbout sends rounded latitude and longitude to its Supabase edge function and to Google Places to search for nearby gyms.

The nearby gym function uses a radius around your rounded position and can cache Google Places responses for performance. Selecting a gym can create or link a gym record in gymbout.

If you enable notifications, gymbout stores push tokens, platform, locale, and notification preferences. Push notifications are delivered through Apple Push Notification service or Firebase Cloud Messaging, depending on your platform.

Notifications can relate to account activity, competitions, seasons, social features, moderation, premium features, or app functionality. You can change notification permissions in the operating system and app settings.

The mobile app includes Firebase Analytics and Crashlytics. Collection is disabled by default in the app configuration and is enabled only through the app's tracking consent path.

When enabled, gymbout can process app interaction and screen-view events, athlete id as analytics user id, crash diagnostics, current screen, tracking-enabled state, app/device details, and related technical diagnostics. When disabled, the app clears or disables analytics and crash-reporting user context where the platform SDK supports it.

Premium purchases are handled through Apple App Store, Google Play, and RevenueCat. gymbout configures RevenueCat with your gymbout athlete id as the app user id to fetch customer information, offerings, purchase results, restore status, and premium entitlement state.

RevenueCat webhooks can send subscription and entitlement events to gymbout. gymbout stores billing event payloads, product/store identifiers, entitlement state, expiry, grace period, renewal status, and related fields needed to provide premium access and handle billing support.

The public website provides legal pages, public share pages, and protected admin tooling. The website can process browser request data, route parameters, public profile/share data, account deletion requests, and admin session data where authorized users access protected tools.

The website and app may use local storage, cookies, or comparable technologies where required for session handling, preferences, security, routing, or platform operation. Hosting, database, and edge-function providers can generate technical logs such as request metadata and IP-related data.

gymbout uses processors and platform providers listed in the processing-location table on this page. Data is shared only where needed for app operation, hosting, authentication, storage, notifications, analytics/crash reporting after consent, location search, health/platform integrations, billing, app-store operation, email support, security, or legal compliance.

Some providers may process data outside Germany or the European Union. Where required, gymbout relies on appropriate safeguards such as processor terms, standard contractual clauses, adequacy decisions, platform terms, or consent-based transfers.

gymbout keeps personal data only as long as needed for the purposes described in this policy, account operation, competition integrity, security, support, legal obligations, or legitimate retention needs. Local device data can remain on your device until the app or data is removed.

You can delete your account in the app or request deletion by email. Account deletion removes profile data, leaderboard history, follower/following connections, verified lift submissions, and badges from the live service, subject to limited retention for security, abuse prevention, accounting, legal obligations, backups, or claims.

gymbout uses access controls, authenticated API calls, protected admin tooling, platform permissions, and provider security controls to protect personal data. No internet service can guarantee absolute security.

gymbout does not use automated decision-making that produces legal effects in the sense of Article 22 GDPR. Competition integrity, trust, ranking, premium, and moderation systems can use rules or signals, but restrictions or reviews are tied to product operation, fraud prevention, support, and moderation workflows.

This policy can be updated when the product, processors, legal requirements, or data flows change. The last-updated date at the top shows the current version.