← Back to HomePrzeczytaj po polsku →

Privacy Policy

Last updated: 28 January 2026

§ 1 General provisions

This Privacy Policy explains how we process personal data and how information is stored or accessed on your devices. It applies to the website https://gymnote.fit/ and the GymNote mobile application.

The data controller is Pawel Gol. Contact: gymnotepl@gmail.com.

This Policy covers processing in connection with browsing the website, using the mobile app, and their features.

§ 2 Purposes and legal bases

We process data for:

  • creating and managing your user account,
  • providing the workout tracking service,
  • processing subscriptions and payments,
  • sending newsletters (if you subscribe),
  • marketing activities including social media ads,
  • statistical and analytical purposes regarding product and site usage.

Legal bases:

  • GDPR Art. 6(1)(b) – performance of a contract to which you are party (creating and managing your account, providing the service, processing payments),
  • GDPR Art. 6(1)(a) – your consent for newsletter, marketing, analytics and marketing cookies,
  • GDPR Art. 6(1)(c) – compliance with legal obligations (tax and accounting records),
  • GDPR Art. 6(1)(f) – our legitimate interests to ensure security and reliability of the service.
§ 3 Data recipients

Your data may be shared with:

  • Apple Inc. – in-app purchase processing and App Store distribution. Privacy Policy
  • RevenueCat, Inc. – subscription management and payment processing (iOS app). Privacy Policy
  • Supabase, Inc. – database and authentication services. Privacy Policy
  • Functional Software, Inc. (Sentry) – error tracking and performance monitoring in the mobile app. Privacy Policy
  • Netlify, Inc. – website hosting and delivery. Privacy Policy
  • MailerLite Limited – newsletter service. Privacy Policy
  • Umami – product and website analytics. Privacy Policy
  • Instagram / Meta Platforms – social media presence and ads. Privacy Policy
  • Cloudflare (if used) – security and performance. Privacy Policy
§ 4 International transfers

Some recipients may process data in countries outside the EEA. In such cases, appropriate safeguards are used, in particular EU Standard Contractual Clauses. Transfers occur only to the extent necessary to deliver the services.

§ 5 Data retention

We retain your data for the following periods:

  • Account data (email, workout history): until you delete your account, plus 30 days for backup removal.
  • Payment and invoice records: 5 years from the end of the fiscal year (Polish tax law requirement).
  • Analytics data: up to 26 months.
  • Newsletter consent: until you unsubscribe, plus up to 90 days for technical processing.
  • Marketing consent: until you withdraw consent, plus up to 90 days for technical processing.
§ 6 Your rights

Under GDPR, you have the right to:

  • access your data,
  • rectify inaccurate data,
  • erase your data (“right to be forgotten”),
  • restrict processing,
  • data portability (receive your data in a structured, commonly used format),
  • object to processing based on legitimate interests,
  • withdraw consent at any time (without affecting the lawfulness of prior processing),
  • lodge a complaint with the supervisory authority.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (PUODO): ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl.

To exercise your rights, contact us at gymnotepl@gmail.com.

Providing data is voluntary. Without an email address you cannot create an account or subscribe to the newsletter.

§ 7 Age restriction

The GymNote service is intended for users aged 16 or older. We do not knowingly collect personal data from children under 16 years of age. If you believe we have collected data from a child under 16, please contact us at gymnotepl@gmail.com so we can delete the data.

§ 8 Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

§ 9 Cookies and similar technologies

The website and app use cookies for:

  • necessary purposes – to run the site and app securely,
  • analytics – measuring and understanding usage,
  • marketing – ad personalization and performance.

Cookies may be session or persistent. You can manage cookies in your browser. Disabling some cookies may affect functionality.

Helpful links:

Services using cookies:

  • Netlify – technical and performance,
  • Umami – analytics,
  • MailerLite – newsletter related,
  • Instagram pixel (if implemented) – marketing.
§ 10 Social media

The controller of the Instagram profile @gymnotepl is Pawel Gol. Data is processed for profile management, interactions, targeted ads and community building. Following the profile implies consent to process your public data. You can withdraw consent by unfollowing or managing privacy settings on Instagram.

§ 11 Final provisions

This Policy takes effect upon publication and may be updated when laws or services change. We will inform about material changes on the website or in the app.

In case of discrepancy between the English and Polish language versions of this Privacy Policy, the Polish version shall prevail for users in Poland.