Privacy Policy

Last updated: March 18, 2025

The GymPal team ("us", "we", or "our") operates the GymPal application (the "Service").

Introduction

This page informs you of our policies regarding:

  • Collection
  • Use
  • Disclosure of personal data
  • Choices available regarding your data

We use your data to provide and improve the Service. By using the Service, you agree to our data practices as described here. Capitalized terms not defined here carry the same meanings as in our Terms and Conditions.

Definitions

  • Service: The GymPal application operated by Dot Com Ventures
  • Personal Data: Information identifying a living individual
  • Usage Data: Automatically collected operational metrics (e.g., session duration)
  • Cookies: Small data files stored on your device
  • Data Controller: Entity determining data processing purposes (we fulfill this role)
  • Data Processors: Third parties processing data on our behalf
  • Data Subject: Individual using our Service and subject to Personal Data collection

Information Collection and Use

We collect various data types to operate and improve the Service:

AI Chatbot Service ("Flex")

  • We operate an AI-powered chatbot service called "Flex" that processes personal data through conversational interactions
  • The AI system automatically processes your messages, questions, and responses to provide fitness-related information
  • All conversations with the AI chatbot are logged and may contain personal data including health information, fitness goals, and personal preferences

Types of Data Collected

Personal Data

May include (but not limited to):

  • Email address
  • First and last name
  • Cookies and Usage Data

Note: We may use Personal Data for marketing communications. Opt-out available via unsubscribe links.

AI Chatbot Interaction Data:

  • Conversation content and message history with the AI chatbot
  • User queries and responses related to fitness, health, and wellness
  • Timestamps and duration of AI interactions
  • User preferences and personalization data derived from conversations
  • Health and fitness information voluntarily shared during AI interactions
  • Technical data including session identifiers and interaction patterns

Usage Data (Mobile)

When accessing via mobile devices:

  • Device type/ID
  • IP address
  • Operating system
  • Browser type
  • Diagnostic data

Tracking & Cookies

  • Technologies: Cookies, beacons, tags
  • Cookie types:
    • Session: Service operation
    • Preference: User settings
    • Security: Protection mechanisms

You can refuse cookies but may lose service functionality.

Data Use Cases

The GymPal team uses collected data to:

  • Maintain/improve Service quality
  • Notify of changes
  • Enable interactive features
  • Provide customer support
  • Analyze usage patterns
  • Prevent technical issues
  • Send marketing communications (opt-out available)
  • Comply with legal obligations

AI Chatbot Service Operations:

  • Provide automated responses and fitness guidance through the AI chatbot
  • Improve AI response accuracy and relevance through conversation analysis
  • Personalize AI recommendations based on user interaction history
  • Analyze conversation patterns to enhance AI functionality and user experience
  • Generate fitness and wellness insights from aggregated conversation data
  • Ensure AI safety and prevent inappropriate or harmful responses

AI Training and Improvement (with explicit consent only):

  • We may use anonymized conversation data to improve AI model performance
  • Individual conversations are never used for AI training without explicit user consent
  • Users can opt-out of AI improvement activities at any time
  • Third-party AI providers are contractually prohibited from using your data for their own model training

Legal Compliance (GDPR)

For EEA residents, processing bases include:

  • Contract fulfillment
  • Your consent
  • Legitimate business interests
  • Payment processing
  • Legal compliance

AI Chatbot Processing Legal Bases:

  • Contract Performance: Processing necessary to provide AI chatbot services as part of our Service
  • Legitimate Interests: Improving AI functionality, preventing abuse, and ensuring service quality
  • Explicit Consent: Required for using conversation data for AI model training or improvement
  • Vital Interests: Only in exceptional circumstances where AI assistance might relate to health emergencies

Special Category Health Data:

  • Health and fitness information shared with the AI requires explicit consent
  • Users can withdraw health data consent without affecting other Service features
  • Health data processing is limited to providing relevant fitness guidance
  • No health data is used for commercial purposes beyond agreed Service provision

Data Retention

General Data Retention:

  • Personal data retained only as long as necessary for stated purposes
  • Extended retention for legal compliance or dispute resolution where required
  • Usage data typically retained for shorter periods

AI Chatbot Data Retention:

  • Conversation data with AI chatbot retained for maximum 24 months unless deleted earlier
  • Users may request immediate deletion of specific conversations or all AI interaction history
  • Anonymized conversation data may be retained longer for AI improvement (with consent)
  • Health and fitness data from AI conversations deleted within 12 months unless user requests longer retention
  • AI training data (where consented) retained until consent is withdrawn

Data Deletion Rights:

  • Right to request deletion of all AI conversation history
  • Right to request deletion of specific conversations or data points
  • Right to prevent use of conversation data for AI training purposes
  • Deletion requests processed within 30 days

International Data Transfers

Data Processing Locations:

  • Primary data processing occurs in Sweden and other EU/EEA countries
  • AI service providers may be located outside the EU/EEA with appropriate safeguards
  • All international transfers protected by Standard Contractual Clauses or adequacy decisions
  • Conversation data with AI may be processed in multiple jurisdictions for service delivery

AI Provider Transfers:

  • Third-party AI services may involve data transfers to non-EU countries
  • All AI providers required to implement appropriate technical and organizational safeguards
  • Users consent to necessary international transfers for AI service provision
  • Right to object to specific international transfers where alternative processing is feasible

Data Disclosure Scenarios

Business Transactions

Notice before transfers during mergers/acquisitions

Legal Requirements

When mandated by:

  • Court orders
  • Government authorities
  • Fraud prevention needs
  • Public safety concerns

Security Measures

  • Industry-standard protections implemented
  • No 100% secure electronic transmission method
  • Regular security assessments conducted

AI Data Security:

  • AI conversation data encrypted in transit and at rest
  • Access to AI interaction data restricted to authorized personnel only
  • Regular security audits of AI systems and data handling practices
  • AI providers subject to equivalent security standards through contractual agreements
  • Conversation data isolated from other Service data where technically feasible

AI Risk Disclosures:

  • AI responses may be inaccurate, incomplete, or inappropriate
  • Users should verify AI-provided health and fitness information with qualified professionals
  • AI systems may experience technical failures or generate unexpected outputs
  • We maintain monitoring systems to detect and address problematic AI responses
  • Users should not rely solely on AI guidance for critical health or fitness decisions

California Privacy (CalOPPA)

  • We honor browser Do Not Track settings
  • Configure via browser preferences

Your GDPR Rights

Standard GDPR Rights:

  • Access, correction, deletion of personal data
  • Processing restrictions and data portability
  • Consent withdrawal and objection to processing

AI-Specific Rights:

  • Right to Human Intervention: Request human review of AI decisions affecting you
  • Right to AI Explanation: Understand how AI processes your data for recommendations
  • Right to AI Opt-Out: Choose to disable AI data processing while maintaining other Service features
  • Right to Training Data Exclusion: Prevent your conversations from being used for AI training
  • Right to Conversation Export: Download your AI interaction history in portable format
  • Right to AI Correction: Correct inaccurate AI responses or recommendations in your profile

Contact us to exercise rights. Verification required for requests.

Third-Party Services

Analytics

Firebase (Google Inc.)

AI and Machine Learning Services

  • We utilize third-party AI service providers to power our chatbot functionality
  • These providers may process conversation data solely for service delivery
  • All third-party AI providers are bound by strict data processing agreements
  • Third parties are contractually prohibited from using your data for their own AI training
  • Data shared with AI providers includes only information necessary for chatbot responses
  • We maintain oversight of all AI provider data handling practices

Payments

PCI-DSS compliant processors handle all payment data.

Contact Information for AI Privacy Matters

AI and Data Protection Inquiries:

  • For questions about AI data processing: privacy@askgympal.co.uk
  • To exercise AI-specific rights: datarights@askgympal.co.uk
  • To report AI safety concerns: aisafety@askgympal.co.uk
  • For AI conversation deletion requests: deletedata@askgympal.co.uk

Response Timeframes:

  • General privacy inquiries: 30 days
  • Data deletion requests: 30 days
  • AI safety concerns: 5 business days
  • Urgent data protection matters: 72 hours

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Learn more.