AboutContactFAQ

Privacy Policy

Learn how Gymti protects your personal information and data privacy

Version: 1.0

Effective Date: September 1, 2025

Gymti ("we", "us", or "our") is a free, AI-based workout plan platform based in the Netherlands and used internationally. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data, and outlines your rights under relevant privacy laws (including the EU General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA)). By creating an account or using Gymti, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our platform.

Personal Data We Collect

We collect personal data that you provide to us directly, as well as information generated through your use of Gymti. This includes:

  • Account Information: When you create an account, we collect your name, email address, username, and password. This information is necessary to register you and manage your account.
  • Profile & Fitness Data: During onboarding and profile setup, we ask for information about your fitness goals, body metrics (e.g. age, height, weight, etc.), any health or injury information you choose to provide, available workout equipment, and your weekly schedule or workout preferences. This data helps us personalize your workout plans. (Some of this information, such as health-related data, may be considered sensitive personal data under privacy laws. We only collect and use it with your consent for the purpose of providing the personalized workout service.)
  • Usage Data: We collect information about how you use our platform. This includes your workout plans and history, progress tracking, log-in and log-out times, features you use, and other activities within Gymti. We also gather technical data like your IP address, device type, operating system, browser type, and language, as well as information about interactions (e.g. pages or screens viewed, links clicked). This helps us understand engagement and improve our services.
  • Cookies and Tracking Information: Like most online platforms, we use cookies and similar tracking technologies to remember your preferences and collect analytics data. Cookies are small text files stored on your device. For example, we use cookies to keep you logged in, and third-party analytics tools (like Google Analytics) to understand how users navigate our site. These tools may collect information such as your IP address, browser, and usage patterns. (See Cookies and Analytics below for details.)
  • Communication Data: If you contact us through our website (for example, via the Contact Us form) or communicate with us for support or feedback, we will collect the information you provide in those communications (such as your name, email, and the content of your message). We use this data to respond to you and resolve any issues.
  • Children's Data: Gymti is not intended for children under 13, and we do not knowingly collect personal data from anyone under 13 years old. We also require that users under 18 only use Gymti with the involvement of a parent or guardian. (See Children's Privacy below for more information.)

You may choose not to provide certain personal data. However, some data (like account and profile information) is necessary for us to provide the core workout planning service. If you decline to provide required information, you may not be able to create an account or use certain features.

How We Use Your Personal Data (Purposes and Legal Bases)

We use your personal data to operate, provide, and improve the Gymti platform. In each case, we process personal data only when we have a valid legal basis to do so under applicable laws, such as your consent, the necessity to perform our contract with you, our legitimate business interests, or compliance with legal obligations. The specific purposes for which we process data (and their legal bases) include:

  • To Provide and Personalize Our Service: We use the information you give us (especially your fitness profile data) to generate customized workout plans and recommendations tailored to you. We also use your data to display your workout history, track your progress, and otherwise deliver the services you request. Legal basis: This processing is necessary to perform our contract with you (i.e. to provide the Gymti services you signed up for). In the case of any health-related data you provide, we rely on your explicit consent to use that data for the purpose of creating your personalized plans.
  • Account Management and User Authentication: We process your account information to create and maintain your account, allow you to log in, and verify your identity as a registered user. Legal basis: Performance of contract (we need to do this to provide you with an account and secure access).
  • Service Communications: We use your contact information (such as email) to send you important communications about the service. This includes sending confirmations (e.g. account activation), updates about your workout plan, changes to our platform or policies, and other transactional or administrative messages. Legal basis: Performance of contract (we must send these communications to provide our services and keep you informed of key information).
  • Marketing Communications (With Consent): If you explicitly opt-in, we may use your email to send newsletters, fitness tips, promotional offers, or other marketing communications about Gymti. You have the choice to receive these, and you can opt out at any time. Legal basis: Your consent. If you do not consent or if you withdraw consent, we will not send you marketing emails. (Transactional/service-related emails are not considered marketing and are sent as described above.)
  • Analytics and Improvement of Our Platform: We analyze user behavior and feedback (including aggregate usage data and analytics information) to understand how Gymti is used and to improve our content, features, and user experience. This helps us optimize our AI algorithms and develop new features that better serve our users. We use third-party analytics tools (like Google Analytics) which use cookies and similar technologies to help us in this analysis. Legal basis: Our legitimate interests in analyzing and improving our services. We take measures to protect your privacy, such as using aggregated or pseudonymized data for analytics wherever possible. In jurisdictions where analytics cookies are not strictly necessary (e.g. in the EU), we will obtain your consent for their use via a cookie notice.
  • AI-Generated Workout Plans: A core feature of Gymti is using artificial intelligence (OpenAI's technology) to generate your personalized workout plans. When you input your goals and profile data, our system sends that information (as a prompt) to OpenAI's AI engine which returns a tailored workout plan. We use the AI outputs to present you with workout routines and suggestions. Legal basis: Performance of contract (the AI processing is necessary to deliver the service you requested). By using this feature, you consent to the processing of your data by the AI for content generation. (More details on our use of AI are provided in AI and Automated Decision-Making below.)
  • Security and Fraud Prevention: We process certain data (like IP addresses, device info, and usage logs) to monitor for suspicious activities, enforce our Terms of Service, prevent misuse of our platform, and protect the security of our users, Gymti, and others. Legal basis: Legitimate interests in protecting our business and users (and in some cases, compliance with legal obligations).
  • Compliance with Legal Obligations: Where necessary, we will process and retain your information to comply with applicable laws, regulations, legal processes or enforceable governmental requests. For example, we may need to retain certain data for tax, audit, or regulatory purposes, or respond to valid legal requests. Legal basis: Compliance with a legal obligation.

Note for EU/EEA Users: Under the GDPR, the main legal bases we rely on are: (a) Consent – for example, we seek your consent to process special categories of data like health metrics, and to send marketing emails or place non-essential cookies; (b) Contract – much of our data processing (like generating your workout plan and managing your account) is to fulfill the service contract between you and Gymti; (c) Legitimate Interests – we may process your data for our legitimate interests such as improving our platform, ensuring IT security, and marketing to you (only where those interests are not overridden by your rights and interests); and (d) Legal Obligation – when we have to comply with laws. Where we rely on consent, you have the right to withdraw that consent at any time (for example, you can opt out of marketing or stop using the service if you withdraw consent for necessary health data processing), without affecting the lawfulness of processing before withdrawal.

AI and Automated Decision-Making

Automated Content Generation: Gymti uses artificial intelligence to automatically generate your workout plans and recommendations. Specifically, we integrate with OpenAI's AI platform to create content based on the personal information you provide. This means that when you use Gymti's plan generator, the relevant details you've given (such as your fitness goals, experience level, and other profile data) are sent securely to OpenAI's system, which then returns a custom workout plan. This process is automated, but it is entirely focused on providing personalized content and not used to make any legally significant decisions about you. In other words, the AI is used to tailor advice and content, not to make decisions that would affect your rights or status in a legal or similarly significant way.

Data Handling by OpenAI: We want to be transparent that when your data is processed by OpenAI's service, it may be stored by OpenAI and used to improve their AI models. OpenAI, as our processor for content generation, might use the prompts and outputs from interactions (which could include your provided fitness information and the generated workout plan) as part of their machine learning model training and refinement. This usage helps OpenAI's models get better over time. Important: We have taken steps to protect your data in this process. OpenAI is under a contractual obligation to handle any personal data in accordance with privacy laws (including GDPR), and we have appropriate Data Processing Agreements in place with them. We also utilize approved safeguards (such as Standard Contractual Clauses for data transfers – see International Data Transfers below) to ensure your information remains protected when transmitted to OpenAI's systems, which may be located in the United States.

While OpenAI may use data from your interactions for its own improvement purposes, Gymti does not use the AI outputs to make any decisions about you beyond providing you the workout content. If you have concerns about automated processing or profiling, you have the right to object or opt out (see Your Privacy Rights below). However, please note that opting out of the AI processing would mean we cannot provide the core personalized workout service, as it relies on AI generation.

Cookies and Analytics

We use cookies and similar tracking technologies on our website to ensure it functions properly, to enhance your experience, and to collect analytics information:

  • Functional Cookies: Some cookies are necessary for the site to operate. For example, when you log in, we use cookies to keep you logged in as you navigate through different pages. We also use cookies to remember your preferences (such as language or other settings) so that you have a smoother experience. These cookies are generally required for the service, and by using our site you accept them.
  • Analytics Cookies: We utilize third-party analytics services, notably Google Analytics, to collect information about how users use Gymti. Google Analytics sets cookies in your browser to gather data such as your device information, IP address (which we anonymize if feasible), pages visited, time spent, and interactions on the site. We use this information to analyze user engagement and improve our platform's performance, features, and content. The analytics cookies help us understand what parts of Gymti are most popular or need improvement.
  • Cookie Choices: When you first visit our site (and periodically as required), you may see a notice about cookies. In jurisdictions where consent is required for non-essential cookies (like in the EU), we will request your permission before setting analytics cookies. You can always choose to disable or clear cookies through your browser settings. However, please note that if you disable certain functional cookies, parts of Gymti might not work properly (for example, you may not stay logged in or some preferences may not be saved).
  • Do-Not-Track Signals: Some browsers offer a "Do Not Track" (DNT) setting. Currently, our site does not respond to DNT signals in a uniform way, because there is not an established industry standard for compliance. We continue to monitor developments around DNT and may update our practices as standards emerge.

For more details on our use of cookies and to manage your preferences, please refer to our Cookie Policy (if available) or reach out via the Contact Us page with any questions. By using our site with your browser settings adjusted to accept cookies, you consent to our use of cookies as described here.

How We Share Your Personal Data

We do not sell your personal information to third parties. However, we do share certain personal data with trusted third parties and service providers who help us run Gymti, as well as in a few other circumstances described below. Whenever we share data, we ensure that the recipients are bound to protect your personal information and to use it only for the purposes we specify. The main instances of data sharing include:

  • Service Providers: We use third-party companies to support our operations and services. These providers act on our behalf (as "processors" under GDPR or "service providers" under California law) and are contractually obligated to only use personal data as needed to provide their services to us. Our key service providers are:
    • OpenAI (AI Content Provider): As described, we send your prompt information to OpenAI to generate workout plans. OpenAI will process that data and may store it for model training. We have a data processing agreement with OpenAI to safeguard your data.
    • Brevo (Email Delivery Service): We use Brevo (formerly known as Sendinblue) to handle our email communications. Brevo stores your email address (and name, if provided) in order to send out verification emails, password resets, service updates, and any newsletters or announcements you subscribed to. Brevo acts as our email processor – it uses your data only to send emails on our instructions.
    • Google Analytics (Analytics Provider): Google Analytics collects usage data (via cookies or similar) as explained in the Cookies section. Google may process this data on servers in multiple countries (including the USA). We have configured Google Analytics to minimize data (for example, by anonymizing IP addresses to the extent possible) and we treat the data as per Google's Data Processing Agreement, including Standard Contractual Clauses for any EU data transferred. Google Analytics gives us aggregated insights and does not reveal individual user identities. Google is not permitted to use the data we collect through Analytics for their own purposes beyond providing us these analytics services.
    • Other Vendors: We may use additional vendors for services such as website hosting, cloud storage, user support tools, or payment processing (if we introduce paid features in the future). These providers will also have access to data as needed for their function (for example, a hosting provider stores data on their servers, a support tool might manage user queries, etc.). We will ensure any such providers are carefully vetted for security and privacy commitments.
  • Legal Compliance and Protection: We may disclose personal data outside of our company if we believe in good faith that such disclosure is necessary to (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Gymti, our users, or the public. For example, if required by a court order or subpoena, we might need to provide data to authorities. We will attempt to notify you of such requests when permissible.
  • Business Transfers: Since Gymti is a growing platform, there is a possibility that in the future we may form a formal company, or go through business transactions such as mergers, acquisitions, or asset sales. In such events, user data generally is one of the transferred assets (so that the service can continue under the new entity). If Gymti (or substantially all of its assets) is acquired or involved in a merger, or if we establish a formal company structure, your personal data may be transferred to the new owner or entity. If any such transfer occurs, we will ensure the new owner is bound to respect your personal data in a manner consistent with this Privacy Policy, and we will notify you (for example, via email or a prominent notice on our site) of any change in data ownership or new privacy policy.
  • With Your Consent: In cases where we want to share your information for any other purpose not covered above, we will ask for your consent. For instance, if an opportunity arises to partner with a fitness researcher or another app to offer you a new feature, we would only share identifiable information with them if you agree to such sharing.

No Selling of Personal Information: We do not sell personal data to third parties for monetary consideration. We also do not share your information for targeted advertising in a way that would be considered a "sale" or "sharing" under the CPRA. If this ever changes, we will update this policy and provide required opt-out mechanisms. (California residents can rest assured that, as of the Effective Date of this policy, there is no need to submit a "Do Not Sell or Share My Info" request because we do not engage in selling or sharing personal info in that manner.)

International Data Transfers

Gymti is based in the Netherlands, but we operate a service that can be accessed worldwide. The personal data we collect from you may be transferred to, stored at, or processed in countries outside of your country of residence. In particular, some of our primary service providers are located outside the European Economic Area (EEA):

  • United States: OpenAI and Google (Analytics) are U.S.-based companies. When we send your data to OpenAI to generate a workout plan, or when analytics data is transmitted to Google, that involves a transfer of personal data to the United States. Similarly, if we use any cloud hosting or other providers in the U.S. or other countries, your data might be processed there.

If you are in the EEA or the UK, these countries may not have the same level of data protection laws as your home country. However, we take appropriate safeguards to ensure your personal data remains protected according to GDPR standards when it is transferred internationally. These safeguards may include:

  • Standard Contractual Clauses (SCCs): We have entered into the European Commission's approved Standard Contractual Clauses with non-EEA service providers (like OpenAI and Google) to contractually require that your personal information receives an adequate level of protection. These SCCs impose data protection obligations on the recipient and give you rights to enforce those protections.
  • Additional Technical and Organizational Measures: In addition to contractual protections, we work with our providers to implement measures such as encryption in transit, access controls, and minimization of data sent where feasible. For example, communications between our system and OpenAI are encrypted, and we only send the minimum necessary information for generating your plan.
  • Data Privacy Framework or Adequacy (if applicable): We monitor developments in international data transfer regulations. If a service provider is certified under any approved framework (such as the EU-U.S. Data Privacy Framework, if applicable) or if the destination country is recognized by the European Commission as providing an adequate level of data protection, we may rely on that as well. (For instance, Brevo, our email service, is based in the EU/France, so data stored there remains within Europe. If any provider is outside, we ensure adequacy or SCCs as noted.)

You can contact us (via the Contact Us page) if you have questions about our international data transfer practices or want to obtain a copy of the relevant contractual safeguards in place.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, and no longer than permitted by law. This means:

  • Active Account: For as long as you maintain an account with Gymti, we will keep the personal information associated with your account. This allows us to provide you with ongoing access to your workout history, preferences, and other services.
  • Inactive Accounts: If you stop using Gymti or your account becomes inactive, we may retain your data for a reasonable period in case you return, to facilitate easier reactivation and in accordance with our legitimate interests in maintaining our service records. We periodically review accounts and may anonymize or delete data from accounts that have been inactive for an extended period (for example, 12 months), unless we are required to keep it longer.
  • Account Deletion: If you choose to delete your account or request that we delete your personal data, we will permanently delete or anonymize your personal data within 30 days of confirming your request, unless a longer retention period is required or permitted by law. In such cases, we will retain only the minimum necessary information and will protect it from any further processing for non-legal purposes.
  • AI Prompt Data: Any personal data sent to OpenAI's system for generating workout plans is not stored on our systems beyond the immediate generation need. However, OpenAI may retain that data on their end as per their policies. We have instructed OpenAI to only use the data for model improvement and not to retain it longer than necessary. (OpenAI's current retention for API data is subject to their terms; we understand they may retain it for a limited time for abuse monitoring or indefinitely if used for training, unless otherwise arranged. We will update our practices if OpenAI offers opt-outs for data retention.)
  • Analytics Data: Data collected via Google Analytics and cookies may be retained up to the durations set by Google (for instance, Google Analytics can retain user-level data for a set period such as 14 months, subject to our configuration). We have configured our analytics settings to retain data only as long as needed for trends and analysis. Aggregate analytics reports (which do not identify individuals) may be kept longer.
  • Legal Retention Requirements: Even after you delete your account, we might retain certain information if necessary to comply with law or legitimate business interests. For example, we may keep transaction records, communications with you (for support or legal matters), and other data as required for legal compliance or evidence. When we retain data, we will continue to protect it in accordance with this Privacy Policy.

In all cases, when your personal data is no longer needed for the purposes for which it was collected, or upon your valid request to delete (and no legal exception applies), we will ensure it is either securely destroyed, erased from our systems, or anonymized so that it can no longer be linked to you.

Data Security

We take the security of your personal information very seriously. Gymti implements a variety of technical and organizational security measures designed to protect your data from unauthorized access, use, alteration, or destruction. These measures include:

  • Encryption: We use encryption to protect data in transit and in storage. For example, our website is served over HTTPS (which encrypts data between your device and our servers), and sensitive information (like passwords) is stored in encrypted form.
  • Access Controls: We limit access to personal data to only those team members and service providers who need it to perform their duties. All such persons are subject to confidentiality obligations. Administrative access to systems containing personal data is protected with strong authentication (such as multi-factor authentication) and regularly reviewed.
  • Secure Infrastructure: Our platform is built on reputable and secure infrastructure. We keep our systems updated and follow best practices for secure software development. We also segment and firewall our production environment to prevent unauthorized network access.
  • Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. Regular security assessments, such as penetration testing or vulnerability scans, are conducted to identify and address weaknesses. We also maintain logs and audit trails of key activities on our systems.
  • Employee Training and Policies: We train our team about the importance of data privacy and security. Internal policies are in place to guide the proper handling of user data and to respond appropriately to any security incidents.

Despite our efforts, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law (for instance, GDPR mandates that we report certain breaches to the supervisory authority within 72 hours and inform affected users without undue delay).

You also have an important role in keeping your data secure. We encourage you to use a strong, unique password for your Gymti account and to keep it confidential. If you suspect any unauthorized access to your account or any security vulnerabilities, please contact us immediately via the Contact Us page.

Your Privacy Rights

You have rights regarding your personal data, and Gymti is committed to honoring them. Depending on where you live and the laws that apply to you, these rights may vary. In particular, individuals in the European Union (or EEA) have certain rights under the GDPR, and California residents have specific rights under the California Consumer Privacy Act (as amended by the CPRA). We extend many of these core rights to all users where feasible. Below, we outline key privacy rights and how you can exercise them:

Rights of Individuals in the European Union (GDPR Rights)

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to obtain a copy of the personal data we hold about you, along with supplemental information about how we use and share it.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also correct and update some of your information directly in your Gymti account settings.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data. We will honor such requests and delete your information, provided we do not have a valid legal reason to retain it (for example, if retention is required for compliance with a legal obligation or in defense of legal claims). If you delete your account, we will remove your profile data and personal information as described in Data Retention above.
  • Right to Restrict Processing: You can ask us to restrict or "pause" the processing of your personal data in certain circumstances. This could apply if you contest the accuracy of your data (for a period enabling us to verify it), or if you object to processing based on our legitimate interests, or if processing is unlawful and you prefer restriction over deletion, or if we no longer need the data but you need it for legal claims. When processing is restricted, we will still store your data but not use it until the issue is resolved.
  • Right to Data Portability: You have the right to obtain your personal data that you have provided to us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another service provider. Where technically feasible, you can also request that we send it directly to the other provider, if our systems allow such direct transfer. (This right applies to data processed by us by automated means, based on your consent or in performance of a contract.)
  • Right to Object: You have the right to object to our processing of your personal data when such processing is based on our legitimate interests. If you object, we will evaluate whether our legitimate grounds for processing override your privacy rights, and if not, we will cease the processing. Importantly, you have an unconditional right to object to the processing of your personal data for direct marketing purposes. This means if we ever send you marketing emails, you can opt out at any time and we will stop. You can also object to any profiling we carry out for direct marketing.
  • Right Not to Be Subject to Automated Decision-Making: In cases where a decision is based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, you have the right to not be subject to such a decision without human intervention. (Currently, Gymti does not make any decisions about users that have legal or significant effects without human review. The AI-generated plans are provided for your benefit and you are free to use or disregard them; they do not limit your access to services or otherwise affect your rights.)
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can withdraw your consent to receive marketing messages by unsubscribing, or withdraw consent for us to use sensitive health data by removing such data from your profile (though doing so might affect our ability to provide certain personalized features). Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights or processed your data unlawfully, you have the right to file a complaint with a supervisory authority in the EU. You can contact the data protection authority in the Netherlands (Autoriteit Persoonsgegevens) or the authority in the country where you live or work. We encourage you to contact us first, so we can address your concerns directly.

Exercising EU Rights: You can exercise these rights at any time by contacting us through our Contact Us page. Please clearly describe your request - for example, if you want a copy of your data, or if you object to certain processing. We may need to verify your identity before fulfilling certain requests (to ensure we don't disclose or modify data for the wrong person). We will respond to your request within one month, or inform you if we need more time. Generally, we will not charge a fee for processing your request, unless the requests are excessive or unfounded (in which case we may charge a reasonable fee or refuse the request as permitted by law, but we will provide an explanation).

Rights of California Residents (CPRA/CCPA Rights)

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and share about you. This includes the categories of personal information we have collected, the categories of sources of that information, the business or commercial purposes for collection, the categories of third parties with whom we share personal info, and the specific pieces of personal information we hold about you. Essentially, you can ask, "What information do you have about me and how have you handled it?" and we will provide the relevant details for the 12-month period prior to your request (or beyond that if required by law).
  • Right to Delete: You have the right to request deletion of personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable deletion request, we will delete (and instruct our service providers to delete) your personal information from our records, except where retention is permitted or required by law. For example, we may retain data needed to complete a transaction you initiated, to detect security incidents or protect against illegal activity, to exercise free speech or other legal rights, to comply with legal obligations, or for internal uses that are compatible with the context in which you provided it. We will inform you of any such exceptions that apply.
  • Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you. Upon receipt of a verifiable request, we will use commercially reasonable efforts to correct the information as you direct. You can also log into your account and update certain profile details directly.
  • Right to Opt-Out of Sale or Sharing of Personal Information: California law gives you the right to opt out of the "sale" or "sharing" of your personal information. "Sale" is broadly defined to include selling, renting, releasing, disclosing, disseminating, making available, or transferring personal information to a third party for monetary or other valuable consideration. "Sharing" specifically refers to sharing information for cross-context behavioral advertising (targeted advertising across different services). As noted above, Gymti does not sell personal information, and we do not share your personal information for cross-context behavioral advertising. Therefore, we do not provide a "Do Not Sell or Share My Personal Information" link at this time. If our practices change, we will update this policy and provide a clear way to exercise this right.
  • Right to Limit Use of Sensitive Personal Information: The CPRA gives you the right to limit how a business uses or discloses "Sensitive Personal Information" (SPI) if it's used for purposes beyond what is necessary to provide the services. Sensitive Personal Information under CPRA includes data like precise geolocation, account login credentials, racial or ethnic origin, health information, etc. Gymti's collection of SPI is limited (for instance, health-related fitness data you provide is considered sensitive). We use such sensitive data only to provide you with the service you requested (i.e. to create your personalized plans) and for no incompatible purposes. We do not use or disclose sensitive data for inferring characteristics about you or for any secondary purposes that would trigger the right to limit under CPRA. Therefore, we currently do not offer a "Limit Use of My Sensitive Info" mechanism because our use of sensitive data is already limited to what is necessary for the core service. If you have any concerns or wish to ensure further limitations, you can contact us to discuss or adjust the data you provide.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you our services, charge you a different price, or provide a lesser quality of service just because you exercised your rights under CCPA/CPRA. (However, please note that if the deletion of certain data makes it impossible for us to continue providing you with the service, we may need to close your account. For example, if you request deletion of all your profile and fitness data, we cannot generate plans for you. But we will inform you if any requested action would affect your use of the service, and you can decide if you wish to proceed.)
  • Shine the Light (California Civil Code § 1798.83): Separate from CCPA, California's "Shine the Light" law allows users of our platform who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes. Gymti does not share personal information with third parties for direct marketing without your consent. Thus, unless you have given consent, we do not disclose your information in a way that triggers this law. You can contact us for any questions about this.

Exercising California Rights: To exercise your California rights to know, delete, or correct, please submit a request through our Contact Us page with the specifics of your request. We will need to verify your identity before fulfilling certain requests (for instance, by confirming information associated with your account). For access or deletion requests, we may ask for additional confirmation given the sensitivity of that data. If you have an authorized agent (someone acting on your behalf), you may provide evidence of that agency (such as a signed permission), and we will work with them once we verify their authority. We aim to respond to consumer requests within 45 days as required by the CCPA/CPRA. If we need more time (up to an additional 45 days), we will inform you of the reason and extension in writing. Our response will cover the 12-month period preceding your request, or inform you if we are including any information beyond that timeframe.

Children's Privacy

Gymti is not directed to children under the age of 13. We do not knowingly solicit or collect personal information from children under 13 years old. If you are under 13, please do not attempt to register for Gymti or send any personal information about yourself to us.

For minors between 13 and 17 years old, Gymti may be used only with the involvement and consent of a parent or legal guardian. If you are a parent or guardian, you should supervise your teenager's use of our platform, especially when providing personal information or engaging in workout activities.

If we learn that we have inadvertently collected personal data from a child under 13 without proper parental consent, we will take prompt steps to delete that information from our records. If you believe that a child under 13 may have provided us with personal information, please contact us through our Contact Us page so that we can investigate and delete the information as necessary.

We recognize the importance of protecting children's privacy. Parents or guardians with questions about our privacy practices for children can reach out to us, and we will be happy to address them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the "Effective Date" at the top of this policy. If changes are significant, we may provide a more prominent notice or reach out to you via email or through the Gymti platform. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of Gymti after any updates to this Privacy Policy constitutes your acceptance of the changes. If you do not agree with any updated terms, you should discontinue using the platform and may delete your account.

Contact Us

Gymti values your privacy and welcomes your questions or requests regarding this Privacy Policy or your personal data. For any privacy-related inquiries or to exercise your rights, please contact us through our website's Contact Us page. This is our dedicated channel for privacy communications. Once we receive your inquiry, our team will review it and respond as soon as possible (generally within 30 days for rights requests, or sooner for general questions).

Since Gymti is based in the EU (Netherlands), we do not currently list a specific Data Protection Officer or address, but we actively monitor and comply with applicable privacy regulations. If you need to contact our team by alternate means or require assistance due to a disability (for example, if you need this policy provided in an alternate format), please indicate that in your message on the Contact Us page and we will accommodate you.

Any Questions?

For questions about this Privacy Policy, please contact us.

Contact Us