Privacy Policy

Effective Date: March 1, 2026

This Privacy Policy describes how BroGym (“we”, “us”, or “our”) collects, uses, and protects your personal information when you use our fitness tracking application and related services.

1. Information We Collect

1.1 Account Information

When you create a BroGym account, we collect:

• Username
• Email address (via OAuth authentication)
• Profile information you choose to provide

1.2 Fitness Data

We collect and store the following fitness-related information:

• Workout sessions (exercises, sets, repetitions, weights)
• Exercise history and progress
• Personal records and achievements
• Training programs and routines

1.3 Technical Information

We automatically collect:

• Device information and operating system
• IP address
• Authentication tokens (securely hashed)
• Sync timestamps and session data

2. How We Use Your Information

We use your personal information to:

• Provide and maintain the BroGym service
• Sync your workout data across your devices
• Track your fitness progress over time
• Authenticate your account and ensure security
• Improve our application and user experience
• Respond to your support requests

3. Data Storage and Security

3.1 Where We Store Your Data

Your data is stored on secure servers located in the European Union. We use industry-standard security measures including:

• HTTPS encryption for all data transmission
• Secure password hashing
• Protected database storage
• Regular security updates

3.2 How Long We Keep Your Data

We retain your personal data for as long as your account is active. If you delete your account, we will permanently delete your personal information within 30 days, except where we are required by law to retain certain information.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We only share your data with:

• Infrastructure providers: Our VPS hosting provider processes data on our behalf under a Data Processing Agreement
• Authentication service: We use Casdoor for secure OAuth authentication

We may disclose your information if required by law or to protect our rights and safety.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

5.1 Right to Access

You can request a copy of all personal data we hold about you.

5.2 Right to Rectification

You can update or correct your personal information through the app settings.

5.3 Right to Erasure (Right to be Forgotten)

You can request complete deletion of your account and all associated data.

5.4 Right to Data Portability

You can request an export of your data in a machine-readable format.

5.5 Right to Withdraw Consent

You can withdraw your consent for data processing at any time by deleting your account.

5.6 Right to Object

You can object to the processing of your personal data.

To exercise any of these rights, please contact us at the email address provided below.

6. Cookies and Tracking

BroGym uses minimal cookies necessary for:

• Maintaining your authenticated session
• Remembering your preferences
• Ensuring proper functionality of the application

We do not use third-party tracking or advertising cookies.

7. Children’s Privacy

BroGym is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

8. International Data Transfers

Your data is stored within the European Union. If you access BroGym from outside the EU, your information may be transferred to our EU servers, where GDPR protections apply.

9. Third-Party Services

9.1 Authentication

We use Casdoor (self-hosted) for OAuth authentication. Casdoor is hosted on our own infrastructure and subject to the same privacy protections as the rest of the BroGym service.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Effective Date” at the top of this policy. Continued use of BroGym after changes constitutes acceptance of the updated policy.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours as required by GDPR.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: brogym.app@gmail.com Data Controller: Wadzim Wysocki

For data protection inquiries specifically, please include “GDPR Request” in your email subject line.

13. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contractual necessity: Processing is necessary to provide the BroGym service you have requested
• Legitimate interests: To improve our service and ensure security