Privacy Policy
Last updated: April 20, 2026
1. Who We Are
SmartGym is a fitness application developed and operated by Rodolfo A. (Baldurion) Jaubert, trading as SmartGym Labs, based in Katowice, Poland.
For any questions or requests regarding this Privacy Policy, contact us at:
Email: contact.smartgymapp@gmail.com
2. Data We Collect
We collect only the data necessary to provide you with the SmartGym experience.
2.1 Authentication Data — Firebase Authentication (Google)
- Email address
- Display name (optional, if provided by you)
- Authentication tokens and session identifiers
- Account creation and last sign-in timestamps
This data is managed by Google Firebase Authentication. Google’s privacy policy is available at https://policies.google.com/privacy.
2.2 Fitness & Application Data — MongoDB Atlas
Stored on our backend (hosted on MongoDB Atlas, operated by MongoDB, Inc.):
- Weight, height, age, fitness level, and training goal
- Registered injuries and physical limitations
- Workout routines you create or save
- Exercise session logs and history
- Body metrics history (weight and body measurements over time)
- Personal fitness preferences and app settings
- Selected language preference
2.3 Smart Features Data — External Analysis Service
When you use smart diagnostic or personalized recommendation features, certain fitness profile data is transmitted to an external analysis service hosted on Microsoft Azure App Service for processing.
Important: This service does not retain your data beyond the processing window. It is not used for model training, advertising, or any purpose other than generating your personalized results within the App.
No raw photos or sensitive biometric data are transmitted to this service.
2.4 Gym Scanner Photos
When you use the Gym Scanner feature, photos you take are transmitted to our backend for equipment identification. Photos are not stored after analysis is complete. They are processed in memory and discarded immediately once the response is returned to your device.
2.5 Static Assets — Cloudflare R2
Exercise GIF animations are served from Cloudflare R2 (CDN). Cloudflare may collect standard server access logs (IP addresses, timestamps) as part of CDN operation. No personal data is collected beyond this.
2.6 What We Do NOT Collect
- We do not use Google Analytics, Mixpanel, or any analytics platform
- We do not use advertising networks, tracking pixels, or fingerprinting
- We do not collect payment information (the app is free with no in-app purchases)
- We do not use tracking cookies on this website
- We do not sell, rent, or trade your data to any third party
3. Legal Basis for Processing (GDPR)
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Email, authentication tokens | Contract performance — Art. 6(1)(b) | Account creation and authentication |
| Fitness data, preferences, body metrics | Contract performance — Art. 6(1)(b) | Delivering the personalized app experience |
| Smart features data | Consent — Art. 6(1)(a) | Personalized diagnostics and recommendations |
| Gym scanner photos | Consent — Art. 6(1)(a) | Equipment identification (not stored post-analysis) |
4. International Data Transfers
Your data may be stored and processed on servers located in the United States and European Union by our third-party processors (Google Firebase, MongoDB Atlas, Microsoft Azure App Service, Cloudflare). These transfers are conducted in compliance with GDPR requirements through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with each sub-processor
- Adequacy decisions where applicable
5. Data Retention
| Data | Retention Period |
|---|---|
| Account & authentication data | Retained while your account is active |
| Fitness & workout data | Retained while your account is active |
| Body metrics history | Retained while your account is active |
| Gym scanner photos | Deleted immediately after analysis |
| After account deletion | Permanently deleted within 30 days |
| Encrypted backup copies | Purged within 30 days of account deletion |
We retain only what is required to operate the service. No data is kept beyond what is described above, except where required by applicable law.
6. Your Rights (GDPR)
As a user in the European Economic Area or United Kingdom, you have the following rights:
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) — Request deletion of your data
- Right to data portability — Receive your data in a structured, machine-readable format
- Right to object — Object to processing based on legitimate interests
- Right to restrict processing — Request that we limit how we use your data
- Right to withdraw consent — Withdraw consent at any time (without affecting prior lawful processing)
- Right to lodge a complaint — With the Polish supervisory authority:
UODO (Urząd Ochrony Danych Osobowych) Website: https://uodo.gov.pl Address: ul. Stawki 2, 00-193 Warsaw, Poland
To exercise any of these rights, contact us at: contact.smartgymapp@gmail.com
We will respond to your request within 30 days.
7. Children’s Policy
SmartGym is intended for users who are 13 years of age or older. We do not knowingly collect personal data from children under 13.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at contact.smartgymapp@gmail.com. We will take prompt steps to delete such data.
This policy is consistent with the Children’s Online Privacy Protection Act (COPPA) and applicable EU regulations on data protection for minors.
8. Security
We implement appropriate technical and organizational measures to safeguard your data:
- All data in transit is protected using HTTPS / TLS encryption
- Authentication is managed by Firebase Authentication (Google-grade security infrastructure)
- Database data at rest is encrypted using MongoDB Atlas encryption at rest
- Access to production systems is strictly limited to authorized personnel
- Regular security reviews are conducted
No system is perfectly secure. If you believe your account has been compromised, contact us immediately.
9. This Website
This website (heybaldur.github.io/smartgym-web) is a static website hosted on GitHub Pages. It does not use tracking cookies, session cookies, analytics scripts, or any third-party tracking technologies. Only technically essential functionality is used.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
- Display a notification banner within the SmartGym app
- Send an email notification to registered users
- Update the “Last updated” date at the top of this document
Continued use of SmartGym after the effective date of changes constitutes your acceptance of the updated policy.
11. Contact
For any privacy-related questions, requests to exercise your rights, or concerns:
SmartGym Labs Rodolfo A. (Baldurion) Jaubert Katowice, Poland
Email: contact.smartgymapp@gmail.com
We aim to respond to all inquiries within 5 business days.