Privacy Policy

This Privacy Policy describes how the mobile application Gym 2.0 ("App") collects, uses and protects information when you use it. Processing is based on the legal bases in Section 5.

1. Who we are

The App is provided by:

Colin Rüegg
Switzerland
Email: [email protected]
Contact form: colinrueegg.com/contact

2. Scope of this Privacy Policy

This Privacy Policy applies to your use of the Gym 2.0 iOS App and to any data processed through its features, including:

• Offline workout tracking and storage on your device
• User account registration and sign-in (using Google Firebase)
• Private in-app messages between users (using Google Firebase)
• The "GymAI" assistant powered by a Meta Llama model

3. Data we collect

3.1 Data stored locally on your device

The core functionality of the App runs entirely offline. The following data is stored locally on your device and is not automatically transmitted to us:

• Workouts, exercises, sets, repetitions and weights
• Custom exercises you create
• Custom workout plans and routines
• Derived statistics and progress information

This data remains on your device unless you explicitly back it up, export it or share it.

3.2 Account data (Firebase Authentication)

If you choose to create an account and sign in, we process:

• Email address
• Password (stored by Firebase in hashed form)
• Technical identifiers required by Firebase for authentication

This data is processed via Google Firebase and is used only to create and manage your user account and to provide account-based features (for example private chats).

3.3 Private messages (Firebase Realtime Database / Firestore)

If you use the in-app private messaging feature, we process:

• Message content you send and receive
• Identifiers of the sender and recipient(s)
• Timestamps and technical metadata (for example, message status)

Messages are stored on Firebase servers so that they can be delivered and displayed in the App.

3.4 GymAI assistant (Llama model usage)

When you use the GymAI feature, we process the text you input into the assistant in order to generate a response. In particular, we process:

• Your prompts, questions and messages to GymAI
• Generated AI responses returned to you

These prompts are processed by an AI model integrated into the App. We log GymAI prompts and generated responses anonymously for quality improvement and debugging. No identifiers such as your email or account ID are linked to these logs.

3.5 Automatically collected technical data

The App does not integrate third-party advertising or analytics SDKs. Apart from the technical data necessary for Firebase to operate (such as device and network identifiers at protocol level), we do not intentionally collect additional analytics or tracking data.

3.6 AI interaction logs

To improve the performance and reliability of the GymAI assistant, anonymized copies of prompts and generated responses may be stored. These logs contain no account identifiers or metadata that can identify you personally. They are used only for debugging, analytics, and model fine-tuning purposes related to the App's AI features.

4. How we use your data

We use the data described above only for the following purposes:

• To provide the core offline workout tracking and statistics
• To create and manage your user account (if you register)
• To enable private messaging within the App
• To provide AI-generated answers through GymAI
• To maintain the security and stability of the App and underlying services
• To improve GymAI accuracy and functionality using anonymized interaction logs

We do not use your data for targeted advertising, user profiling for marketing purposes, or sale of personal data.

5. Legal bases (where applicable)

Depending on your place of residence, data protection laws such as the EU/EEA General Data Protection Regulation (GDPR) or similar laws may apply. Where such laws apply, we process personal data on the following legal bases:

• Performance of a contract: to provide the App and its features you choose to use (Article 6(1)(b) GDPR).
• Legitimate interests: to maintain and improve the App, secure our services and prevent abuse (Article 6(1)(f) GDPR), where these interests are not overridden by your rights.
• Consent: where required by law for specific features; you can withdraw consent at any time by contacting us.

6. Data sharing and third-party service providers

We do not sell your personal data and we do not share it with third parties for their own marketing purposes.

We use the following third-party service provider to operate certain features:

• Google Firebase – for authentication and storage of account-related data and private messages. Google acts as a data processor on our behalf. Data is stored on Firebase servers and processed only for providing the App's functionality (sign-in and messaging).

We may also disclose personal data where required by applicable law, court order, or governmental authority, or to protect our rights, property or safety or that of our users.

7. AI model disclosure (Meta Llama)

The Llama model is integrated into the App in compliance with Meta's model usage policies. Your prompts to GymAI are processed solely for generating responses within the App and are not sent to third-party advertising networks or used for separate profiling.

GymAI processing occurs on servers operated by SOSETH. Prompts are transmitted over HTTPS and logged only in anonymized form as described in Section 3.6.

8. Data retention

• Local workout data: Stored on your device until you delete it or uninstall the App. Uninstalling the App removes locally stored data.
• Account data: Stored for as long as your account is active. If you request deletion of your account, associated personal data will be deleted, unless longer storage is required by law.
• Private messages: Stored for as long as necessary to provide the messaging feature and to ensure integrity of conversations.
• GymAI prompts and responses: An anonymized copy may be logged for model improvement and debugging. These logs are stored separately from account data and irreversibly anonymized after the evaluation period.

9. Security

We take appropriate technical and organisational measures to protect personal data processed through the App, including:

• Using TLS/HTTPS for communication with Firebase
• Using Firebase security rules to restrict access to authenticated users where needed
• Relying on operating system protections for local storage on your device
• Limiting collected data to the minimum necessary for the App to function

10. Children's privacy

The App is not directed specifically at children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and you believe that your child under 13 has provided personal data through the App, please contact us at [email protected]. We will review the request and delete the data where required.

In some jurisdictions, additional age thresholds and parental consent requirements may apply. Where such laws apply, we will handle children's data in accordance with those requirements.

11. Your rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

• Access: to obtain confirmation whether we process personal data about you and to receive a copy.
• Rectification: to correct inaccurate or incomplete personal data.
• Erasure: to request deletion of personal data, subject to legal retention requirements.
• Restriction: to request restriction of processing in certain circumstances.
• Objection: to object to certain processing, where permitted by law.
• Data portability: to receive personal data you provided to us in a structured, commonly used, machine-readable format, where applicable.
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.

To exercise your rights, please contact us at [email protected] or via colinrueegg.com/contact. We may request additional information to verify your identity before responding to your request, where permitted by law.

12. International transfers

The App is developed by a controller based in Switzerland. Data processed through Google Firebase may be stored in data centers located outside of your country. Where required by applicable law, appropriate safeguards (such as standard contractual clauses) are used to protect your personal data when it is transferred internationally.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes to the App or to applicable laws. The current version will always be available via a link from the App Store listing and will show the "Effective date" at the top.

Your continued use of the App after an updated Privacy Policy has been made available constitutes your acceptance of the changes. If you do not agree with the updated Policy, you should stop using the App and may uninstall it.

14. Contact

If you have any questions about this Privacy Policy or about how your data is processed, you can contact:

Colin Rüegg
Email: [email protected]
Contact form: https://colinrueegg.com/contact