Privacy Policy for GymSet

Last updated: 2026-02-13

1. Introduction

Welcome to GymSet (the “App”), developed by WPN-98 EOOD (Ltd.) (“we,” “us,” or “our”). This Privacy Policy (“Policy”) explains how we handle information when you use our App.

The App’s core features can be used without creating an account. We provide an optional account feature to help you restore Pro access across devices and to manage purchase entitlements.

2. How We Handle Your Data

Our data handling depends on whether you use the App without an account or choose to create an account.

Workout Data Is Stored Locally: All workout data you enter (e.g., exercises, workouts, logs) is stored on your mobile device. We do not collect, back up, or store your workout data on our servers, regardless of whether you have an account.

Optional Account Creation: You can create an account using Google or Apple sign-in. The purpose of this account is to link your in-app purchases to a stable identity so you can restore access to Pro features if you switch devices. When you sign in, we process:

• A unique user identifier (UID) provided by Firebase Authentication.
• The email address associated with your Google or Apple account.

We do not receive or store your password from Google or Apple.

3. In-App Purchases and Entitlement Management

Pro features are accessible via in-app purchases processed by Apple’s App Store or the Google Play Store. To manage purchase entitlements and restore access, we use RevenueCat and Firebase.

How It Works:

1. When you make a purchase, the receipt from Apple/Google is sent to RevenueCat, Inc. to validate the purchase and track entitlement status.
2. RevenueCat uses a pseudonymous identifier to associate purchases with the device/session. If you create a GymSet account using Firebase Authentication (via Google/Apple sign-in), the purchase record can be associated with your Firebase user ID to support restore across devices.
3. This association allows you to sign in on a new device and restore access to your Pro features.

No Financial Data Received by Us: We do not collect or store payment details such as credit card numbers. Payments are handled by Apple or Google. RevenueCat processes purchase receipts to validate entitlements.

4. Analytics and Diagnostics

Usage Analytics (Firebase Analytics): If you choose to allow analytics, we use Google Analytics for Firebase to understand how the App is used and improve it. This may collect pseudonymous usage information (e.g., app interactions, device/app identifiers, and timestamps). We do not send your workout content to Analytics and we do not intentionally send personally identifying information (PII), such as your email address, to Analytics.

Install Measurement (Google Ads + Firebase): Our Firebase project is linked with Google Ads for conversion measurement so we can measure app installs from campaigns. We do not display third-party ads in the App and we do not use this setup for ad personalization or remarketing.

Your Choice: We ask for your preference in the App (typically after onboarding). You can change your choice at any time in the App’s settings. If you disable analytics, future analytics collection from your device will stop.

Data Retention: If analytics is enabled, we configure Analytics data retention to no more than 14 months (where applicable).

Diagnostics & Crash Reporting

We use Firebase Crashlytics to collect crash reports and diagnostic information (such as device type, operating system version, and error traces) when the App encounters a technical issue.

Crash reports are linked to a randomly generated installation identifier. We do not intentionally include your workout data, account credentials, or other sensitive content in crash reports.

5. Manual Export / Import of Data

The App provides a feature for you to export your workout data and import it back into the App manually. This allows you to back up your training history or transfer it between devices.

Export/import is entirely under your control. We do not collect, process, or transmit exported files. When you import data, it is loaded directly onto your device; we do not receive any copy of that data.

6. Third-Party Services Summary

To provide a functional and secure experience, we rely on the following third-party services:

• Firebase Authentication: Account creation and sign-in with Google and Apple (optional).
• Google Analytics for Firebase: Usage analytics (if you enable it).
• Google Ads (conversion measurement): Install measurement from campaigns (no in-app ads; no personalization).
• Firebase Crashlytics: Crash reporting and diagnostics.
• RevenueCat, Inc.: Purchase receipt validation and entitlement management for Pro features.

We encourage you to review the privacy policies of our service providers:

• Google Privacy Policy
• Firebase Analytics Terms
• Apple Privacy Policy
• RevenueCat Privacy Policy

7. Legal Basis (EEA/UK)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data under the following legal bases:

• Contract (Article 6(1)(b)): to provide the App’s features and, if you create an account, to restore purchases across devices.
• Consent (Article 6(1)(a)): for optional analytics and install/conversion measurement (where required), if you choose to enable it in the App.
• Legitimate Interests (Article 6(1)(f)): to maintain, secure, and improve the App (for example, crash diagnostics and preventing abuse).

8. Data Security

Local Data Security: The security of your workout data depends on the security measures you apply to your device (e.g., passcodes, biometrics).

Account Security: Your account information is protected by Firebase’s security infrastructure and your Google or Apple credentials.

Purchase Data Security: Purchase-related data is handled securely by RevenueCat, as outlined in their privacy policy.

9. Your Rights & Control Over Data

You have control over your data.

Control Over Workout Data: You can modify, delete, or use the export feature for your workout data at any time from within the App. Uninstalling the App permanently deletes all locally stored workout data from your device.

Analytics Preference: You can enable or disable usage analytics at any time in the App’s settings. If disabled, future analytics collection from your device will stop.

Account Deletion: If you created an account, you can delete it at any time by opening the App, logging in, opening the Account tab from the main menu (drawer), and tapping “Delete Account”. This will:

• Delete your Firebase Authentication account (including your email address and UID).
• Sever the association between your Firebase account and purchases managed through RevenueCat (entitlements may still be restorable via store mechanisms, depending on platform).

Please note: analytics and crash diagnostics data that has already been collected may be retained for a limited period in accordance with the retention described above and the service providers’ systems.

Your GDPR rights (EEA/UK): Depending on your location, you may have the right to access, rectify, erase, restrict, object to processing, and data portability. To exercise your rights, contact us using the details below.

10. Children’s Privacy

The App is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

11. International Transfers

Our service providers (such as Google/Firebase and RevenueCat) may process data on servers located outside your country of residence. Where required, these providers rely on appropriate safeguards for international transfers (such as Standard Contractual Clauses).

12. Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will post the revised Policy within the App and update the “Last updated” date at the top of this page.

13. Contact Us

If you have any questions or requests regarding this Policy, contact us at:

Email: contact@gymset.net