Privacy Policy – GymBone Trainee

Effective Date: December 2024

This Privacy Policy describes how Bone Studio ("we," "our," or "us") collects, uses, and protects your information when you use the GymBone Trainee mobile application ("App"). This policy applies specifically to trainees and gym members using our fitness platform.

By using our App, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Personal Information:

• Account Information: Email address, full name, password (encrypted)
• Profile Data: Age, gender, profile photo, fitness goals
• Contact Information: Phone number (optional), emergency contact details
• Health Information: Height, weight, fitness level, medical conditions (optional)
• Preferences: Workout preferences, dietary restrictions, training goals

1.2 Device & Technical Information:

• Device Information: Device model, operating system, unique device identifiers
• Authentication Data: Firebase authentication tokens, session tokens
• Push Notification Tokens: FCM tokens for sending workout reminders and updates
• App Usage Data: Login timestamps, feature usage, session duration
• Performance Data: App crashes, errors, loading times through Firebase Analytics
• Camera Access: QR code scanning for gym check-ins (with permission)

1.3 Fitness & Activity Data:

• Workout History: Completed exercises, sets, reps, weights, duration
• Training Schedules: Assigned workout plans, upcoming sessions
• Progress Tracking: Body measurements, weight changes, performance improvements
• Attendance Records: Gym check-in/check-out times via QR code scanning
• Achievement Data: Completed goals, milestones, badges earned

1.4 Communication Data:

• Messages: In-app communication with assigned trainers
• Notifications: Workout reminders, progress updates, motivational messages
• Feedback: Workout ratings, trainer evaluations, app feedback

1.5 Subscription & Payment Data:

• Membership Information: Subscription type, status, renewal dates
• Payment History: Transaction records, payment methods (processed by third parties)
• Billing Information: Managed by Google Play Store or Apple App Store

1.6 Third-Party Services Data:

We integrate with the following services that may collect additional data:

• Google Firebase: Authentication, real-time database, cloud storage, analytics, crash reporting, cloud messaging
• Google Play Services: App distribution, in-app purchases, security scanning
• QR Code Processing: Camera access for gym check-in functionality
• Image Processing Services: Profile photo optimization and storage

2. How We Use Your Information

2.1 Core App Functionality:

• Account Management: User authentication, profile management, password recovery
• Workout Management: Display training schedules, track progress, record completed exercises
• Trainer Communication: Enable messaging with assigned trainers, receive guidance
• Gym Access: QR code check-in/check-out functionality, attendance tracking
• Progress Monitoring: Track fitness goals, body measurements, performance improvements

2.2 Personalization & Recommendations:

• Customized Workouts: Tailor exercise plans based on fitness level and goals
• Progress Insights: Provide analytics and insights on your fitness journey
• Motivational Content: Send personalized encouragement and achievement notifications

2.3 Service Improvement:

• Analytics: Understand app usage patterns to improve user experience
• Performance Monitoring: Identify and fix technical issues, crashes, and bugs
• Feature Development: Develop new features based on usage data and feedback

2.4 Legal Basis for Processing (GDPR):

• Contract Performance: Processing necessary to provide our fitness services
• Legitimate Interest: App improvement, security, and fraud prevention
• Consent: Health data processing, marketing communications, optional features
• Legal Obligation: Compliance with applicable laws and regulations

3. Information Sharing and Disclosure

3.1 Within the App Ecosystem:

• Assigned Trainers: Can view your workout data, progress, and communication history
• Gym Administrators: May access attendance records and subscription status
• Other Trainees: No access to your personal data unless you choose to share

3.2 Third-Party Service Providers:

• Google/Firebase: Cloud hosting, authentication, analytics, and push notifications
• Payment Processors: Google Play Store/Apple App Store for subscription management
• Analytics Services: Aggregated, anonymized usage statistics only

3.3 Legal Requirements:

• We may disclose information when required by law, court order, or government request
• To protect our rights, property, or safety, or that of our users
• In connection with a merger, acquisition, or sale of assets (with user notification)

4. Data Security

• Encryption: All data transmitted and stored is encrypted using industry-standard protocols
• Access Controls: Your data is only accessible to authorized personnel and your assigned trainer
• Secure Infrastructure: Google Firebase provides enterprise-grade security
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Minimization: We collect only necessary information for app functionality
• Health Data Protection: Special safeguards for sensitive health and fitness information

5. Data Retention

• Active Accounts: Data retained while your account remains active
• Inactive Accounts: Account data deleted after 2 years of inactivity
• Workout History: Fitness data kept for 5 years for long-term progress tracking
• Communication Logs: Deleted after 1 year unless required for dispute resolution
• Health Information: Deleted immediately upon account deletion or user request
• Analytics Data: Aggregated data retained indefinitely for service improvement

6. Your Privacy Rights

6.1 Access and Control:

• Data Access: Request a copy of your personal data
• Data Correction: Update or correct inaccurate information in your profile
• Data Deletion: Request deletion of your account and associated data
• Data Portability: Export your workout data in a machine-readable format
• Consent Withdrawal: Withdraw consent for optional data processing

6.2 Communication Preferences:

• Push Notifications: Disable workout reminders in app settings or device settings
• Marketing Communications: Opt-out via email unsubscribe or contact us
• Trainer Messages: Control notification frequency for trainer communications

6.3 Camera and Location Permissions:

• Camera Access: Required only for QR code scanning, can be revoked in device settings
• Location Services: Optional for finding nearby gyms, can be disabled
• Permission Management: All permissions can be managed through your device settings

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Google's compliance with international data protection frameworks.

8. Children's Privacy

Our App is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly. Users between 13-18 years old must have parental consent to use the App.

9. Health Data Disclaimer

The fitness and health information provided through our App is for informational purposes only and should not replace professional medical advice. Always consult with a healthcare provider before starting any fitness program. We are not responsible for any health issues that may arise from using our App.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the app and updating the "Effective Date" at the top of this policy. Your continued use of the App after such modifications constitutes acceptance of the updated Privacy Policy.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: