Privacy Policy

Last updated: January 2026

Oliver Galusinski, Obere Amtshausgasse 36/14, 1050 Vienna, Austria ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our PUMP Fitnesstracker mobile application ("App") and website.

1. Data Controller

The data controller responsible for the processing of your personal data is:

Oliver Galusinski
Obere Amtshausgasse 36/14
1050 Vienna, Austria
Email: kontakt@g-dev.at
Website: pump-app.net

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, username, password, profile picture (optional)
• Profile Data: First name, last name, gender, birthdate, height, weight, fitness goals, bio (all optional)
• Workout Data: Exercises performed, sets, reps, weights, workout notes, workout dates and times
• Custom Exercises: Exercise names, descriptions, instructions, media you upload
• Social Content: Posts, comments, reactions, chat messages you create

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App features used, timestamps, crash logs, error reports
• IP Address: Stored for security purposes and fraud prevention

2.3 Health Data (With Your Explicit Consent)

If you choose to connect Apple Health (iOS) or Google Health Connect (Android), we may access:

• Step count and activity data
• Body measurements (weight, height)
• Heart rate data (if provided by connected devices)
• Workout history from connected apps

Health data is only accessed with your explicit permission and is processed in accordance with the GDPR. You can disconnect these integrations at any time through the App's settings or your device's health settings.

Google API Disclosure: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Information

We process your personal data for the following purposes:

• Service Provision: Provide, maintain, and improve the App's functionality (Legal basis: Contract performance, Art. 6(1)(b) GDPR)
• Personalization: Sync your workout data across devices, calculate statistics, progress charts, and personal records
• Social Features: Enable following, sharing workouts, community interaction
• Communication: Send notifications (with your permission), respond to support requests
• Payment Processing: Process subscription payments through app stores
• Security: Detect and prevent fraud, abuse, and security incidents (Legal basis: Legitimate interest, Art. 6(1)(f) GDPR)
• Legal Compliance: Comply with legal obligations (Legal basis: Legal obligation, Art. 6(1)(c) GDPR)

4. Data Sharing and Disclosure

We may share your information with:

4.1 Service Providers (Data Processors)

• Supabase: Database hosting and authentication (EU servers)
• Vercel: Website hosting
• RevenueCat: Subscription management and payment processing
• Sentry: Error tracking and crash reporting
• Apple/Google: App Store and Google Play for payment processing, authentication (Sign in with Apple/Google)

4.2 Other Users

Information you choose to make public (profile, public workouts, posts) will be visible to other users according to your privacy settings. Chat messages are only visible to conversation participants.

4.3 Legal Requirements

We may disclose information when required by law, to protect our rights, or in response to valid legal requests from public authorities.

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase (hosted in the EU). We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL)
• Encryption at rest
• Secure authentication protocols
• Access controls and monitoring
• Regular security reviews

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

• Account data: Retained while your account is active
• Workout data: Retained while your account is active
• After account deletion: Personal data is deleted within 30 days
• Legal requirements: Data required for legal compliance may be retained longer as required by law

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate personal data
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Art. 18): Limit how we process your data
• Right to Data Portability (Art. 20): Export your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7): Revoke previously given consent at any time

To exercise these rights, use the "Export my data" or "Delete account" features in the App's settings, or contact us at kontakt@g-dev.at.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In Austria, this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, www.dsb.gv.at).

8. Children's Privacy

The App is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14. If we become aware of such collection, we will delete the information promptly. Users between 14 and 18 require parental consent for certain features.

9. International Data Transfers

Your data is primarily stored on servers within the European Union. Where data is transferred to countries outside the EU/EEA (e.g., for certain service providers), we ensure appropriate safeguards are in place, including:

• EU Commission adequacy decisions
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable

10. Cookies and Similar Technologies

Our website and app may use cookies and similar technologies (e.g., local storage) to:

• Keep you logged in
• Remember your preferences
• Provide essential functionality

You can control cookies through your browser or device settings. Note that disabling cookies may affect functionality.

11. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. The "Last updated" date at the top indicates when the policy was last revised. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Oliver Galusinski
Obere Amtshausgasse 36/14
1050 Vienna, Austria
Email: kontakt@g-dev.at
Website: pump-app.net