Privacy Policy

1. Introduction

GymlyPal is designed to help users plan workouts, track training progress and receive useful workout recommendations. We take privacy seriously and aim to collect only the information needed to provide and improve the service.

This Privacy Policy applies when you use the GymlyPal website, app-like web experience, account features, workout tracking tools, recommendation features, social features and email notifications.

2. Who We Are

GymlyPal is a UK-based workout tracking and routine planning service. For privacy questions, requests or concerns, contact us at support@gymlypal.com.

3. Information We Collect

Account data: we collect information you provide when creating or managing an account, such as your name, email address, username, password hash, plan status and account preferences.

Workout data: we store routines, exercises, sets, reps, weights, rest times, workout duration, completed sessions, personal bests, recommendations and related training history you create or log.

Social and shared content: if you use pals, friend requests or shared routines, we process the information needed to show requests, connections, shared plans and activity between users.

Usage data: we may collect logs about how the service is used, including page requests, feature interactions, email delivery events, error logs and security events.

Device and browser data: we may collect technical details such as IP address, browser type, device type, operating system, user agent, approximate location inferred from IP address, and session identifiers.

4. How We Use Your Data

We use personal data to provide the service, authenticate users, save workouts, display routines and history, process subscriptions, manage friend requests, send requested or useful emails, prevent abuse and keep the service secure.

We use workout and usage data to improve recommendations, make Smart Coach more useful, understand which features need improvement, diagnose errors and develop new features.

5. Legal Basis for Processing

Contract: we process account, login, subscription and workout data where it is necessary to provide GymlyPal to you.

Legitimate interests: we process limited usage, security and operational data to keep the service reliable, prevent abuse, improve features and understand product performance.

Consent: where consent is required, such as optional marketing emails or non-essential cookies if introduced, you can withdraw consent at any time.

Legal obligations: we may process information where required to comply with laws, tax rules, billing records, fraud prevention or valid legal requests.

6. Email Communication

GymlyPal may send account and product emails, including welcome emails, workout summaries, friend request notifications, friend accepted notifications, service updates and important account notices.

Email preferences are available in your settings. Most helpful product notifications are on by default, while marketing emails are off by default unless you choose otherwise. You can opt out of non-essential emails at any time through settings or by contacting us.

7. Data Sharing

We do not sell your personal data. We may share limited data with trusted service providers who help us operate GymlyPal, such as hosting providers, database providers, email delivery providers, payment processors, analytics providers if added, and security or error monitoring tools.

Where third-party providers process personal data, they are expected to process it only for the agreed service purpose and to apply appropriate security safeguards. We may also disclose information if required by law or to protect users, the service or our legal rights.

8. Payments and Subscriptions

Paid subscriptions may be processed by a payment provider such as Stripe. Payment providers may collect billing details, payment method information, transaction identifiers and subscription status. GymlyPal does not need to store full card details.

9. Data Retention

We keep account and workout data while your account is active or as needed to provide the service. If you delete your account or request deletion, we will delete or anonymise personal data where reasonably possible, unless we need to retain limited records for legal, billing, security, dispute or fraud prevention reasons.

Operational logs, email logs and security records may be retained for a shorter period unless needed to investigate abuse, errors or security incidents.

10. Security

We use reasonable technical and organisational measures to protect personal data, including password hashing, access controls, session security, CSRF protection, validation, logging of failed email attempts, and limiting access to systems that need the information.

No online service can guarantee absolute security. You are responsible for keeping your login details secure and telling us if you believe your account has been accessed without permission.

11. Your Rights

Depending on your location and applicable law, you may have rights to access your data, correct inaccurate data, request deletion, object to processing, restrict processing, request portability, withdraw consent and complain to a data protection authority.

To make a privacy request, contact support@gymlypal.com. We may need to verify your identity before acting on a request.

12. Cookies

We use cookies and similar technologies for essential login, session and security functions. Read our Cookies Policy for more detail.

13. Changes to This Policy

We may update this Privacy Policy as the service changes. When changes are material, we will take reasonable steps to make users aware of the update.