Gymbro Logo
✨ Sign In
© 2025 GymBro. All rights reserved.

Privacy

Privacy Policy

Last updated: December 2025

Contact: contact@gymbroapp.eu — Raphaël Laupies (France)

Summary

Minimum age

16+

Hosting

Firebase (EU, europe-west)

Ads

AdMob (no cross-app tracking without consent)

Your rights (GDPR)

Access, rectification, deletion, export

Deletion

Account and content deleted immediately

Security

TLS in transit; Firebase security rules

1) Minimum Age

Gymbro is intended for users 16 years and older. By creating an account, you confirm that you meet this requirement.

2) Information We Collect

All data is stored on Google Firebase (Europe-West region). We only collect what's necessary for the app to function:

  • Account: email, username, password, profile picture.
  • Social: friends/followers, reactions, comments, blocks, reports.
  • Content: photos, videos, posts, timestamps.
  • Training data: sets, reps, weights, records, volumes, durations.
  • Device & diagnostics: Firebase installation ID, crash logs, IP region.

3) How We Use Your Data

  • Account creation and secure authentication.
  • Syncing workouts and posts across your devices (cloud).
  • Displaying your content and social interactions.
  • Content moderation to ensure community safety.
  • Improving stability and fixing bugs (Crashlytics).

4) Data Retention & Deletion

  • You can delete your posts, media or account at any time in the app.
  • When you delete your account, personal data and media are permanently erased.

5) Your Rights (GDPR)

As a European user, you can exercise the following rights:

  • âś” Access your data
  • âś” Rectify/update your data
  • âś” Delete your data (or account)
  • âś” Request a portable export

Contact us at contact@gymbroapp.eu. We aim to respond within 30 days.

6) Third-Party Services & Data Sharing

Gymbro uses the following third-party services to operate the app:

Google Firebase (Authentication, Firestore, Storage)

  • Data processed: email, username, profile picture, workouts, social interactions
  • Legal basis: performance of contract (Art. 6(1)(b) GDPR)

Firebase Crashlytics & Analytics

  • Data processed: crashes, diagnostics, device information
  • Purpose: app stability, performance measurement
  • Legal basis: legitimate interest (Art. 6(1)(f) GDPR)

Google Mobile Ads (AdMob)

  • Data processed: Advertising ID, device information, usage signals
  • Purpose: displaying third-party ads inside the app
  • No sensitive personal data is used for ads
  • Legal basis: consent (GDPR Art. 6(1)(a)) where required
  • Cross-app tracking is disabled unless user opts-in (App Tracking Transparency on iOS)

Stripe (Payments / Coaching Services)

  • Gymbro does not store payment details
  • Stripe processes payment information securely (PCI-DSS compliant)
  • Purpose: processing coaching payments
  • Legal basis: performance of contract (Art. 6(1)(b) GDPR)

7) Advertising & Tracking

Gymbro displays third-party advertisements using Google AdMob.

  • We do not sell personal data.
  • We do not perform cross-app tracking unless you explicitly consent (iOS ATT).
  • Advertisers may receive anonymized usage signals (e.g., ad performance).
  • Users may reset their Advertising ID at any time from device settings.

If you refuse consent on iOS or Android, ads remain non-personalized.

8) Data Shared With Third Parties

We may share limited technical data with service providers strictly for the following purposes:

With Google (Firebase / AdMob):

  • Crash reporting & diagnostics
  • Displaying ads
  • Device Advertising ID (for ads frequency capping & fraud prevention)

With Stripe (for payments):

  • Name, email, purchase metadata

No other third-party receives personal data. We never share health data, workout metrics, photos, or private messages with advertisers.

9) Storage Location & International Transfers

Your data is stored in Google Cloud (Firebase) — europe-west region (EU).

Some third-party services (Google, Stripe) may process data outside the EU. When this occurs, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

10) Consent Management (ATT & Android Ads)

  • iOS users are asked for permission before enabling personalized ads (App Tracking Transparency).
  • Android users may opt out of personalized ads via system settings ("Reset Advertising ID" / "Opt out of Ads Personalization").

Gymbro continues to work even if you decline.

11) Data Security

  • All data transmitted is encrypted using TLS 1.2+
  • Access to data is restricted through Firebase Security Rules
  • Passwords are hashed and never stored in plain text
  • Only authorized staff may access backend logs in case of abuse reports
© 2025 Gymbro. All rights reserved.
Politique de Confidentialité - Gymbro | Gymbro