Simplified Summary
This is a simplified summary of our Privacy Policy to help you understand the key points:

• We collect personal information to provide and improve our fitness app with AI trainer functionality
• We collect account information, profile data, training data, and device information
• Your health-related data (weight, height, fitness metrics, heart rate, calories) requires your explicit consent
• We collect heart rate and calorie data from Apple Watch through HealthKit with your permission
• Our AI trainer uses your data to provide personalized workout recommendations
• We share data with service providers who help us operate our services
• We never share your HealthKit data with third parties or use it for advertising
• You have rights to access, correct, delete, and export your data
• We use appropriate security measures to protect your information
• Our app is available globally and complies with international data protection standards

This summary is not a substitute for the full Privacy Policy below.

1. INTRODUCTION

Welcome to Gloox ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our fitness application with AI trainer functionality ("App") and our website ("Website").
This Privacy Policy explains our practices regarding the collection, use, and disclosure of your information through your use of our App and Website, and sets forth your privacy rights. We recognize the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws, including the UK Data Protection Act, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable international privacy laws.
Our App is available globally, and we are committed to complying with local privacy laws in the countries where our users are located. Where there is a conflict between this Privacy Policy and local laws, the local laws will prevail to the extent required.
By downloading, accessing, or using our App or Website, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our App or Website.

2. INFORMATION WE COLLECT

Data Minimization Statement: We only collect and process personal data that is strictly necessary to provide and improve our services. We regularly review our data collection practices to ensure compliance with the principle of data minimization.

We collect the following categories of information:

2.1 Information You Provide to Us

• Account Information: When you register for an account, we collect your name and email address. Legal basis: Contract performance
• Profile Information: Information you provide in your user profile, including your height, age, and weight. Legal basis: Explicit consent
• Training Data: Information about your workouts, exercise routines, fitness goals, and progress. Legal basis: Explicit consent
• Communications: Information you provide when you contact us for support or communicate with us. Legal basis: Legitimate interests
• Payment Information: If you subscribe to our premium services, we collect payment information, though payment card details are processed by our payment service providers. Legal basis: Contract performance

2.2 Information We Collect Automatically

• Device Information: Information about the device you use to access our App or Website, including device type, operating system, and unique device identifiers. Legal basis: Legitimate interests
• Usage Information: Information about how you use our App or Website, including the features you use, time spent on the App or Website, and other usage statistics. Legal basis: Legitimate interests
• Location Information: With your consent, we may collect precise location information from your device. Legal basis: Consent
• Log Information: Information that is automatically recorded by our servers when you access our App or Website, including your IP address, browser type, referring/exit pages, and timestamps. Legal basis: Legitimate interests
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities on our Website and, where applicable, in our mobile app. For more information, please see Section 12 (Cookies Policy) below. Legal basis: Consent for non-essential cookies, Legitimate interests for essential cookies

2.3 Information from Third Parties

• Analytics Providers: We use Google Analytics and Firebase to collect information about how you use our App and Website. Legal basis: Legitimate interests
• Social Media Platforms: If you choose to connect your social media accounts, we may receive information from those platforms. Legal basis: Consent

2.4 Apple Watch and HealthKit Data
If you use our App with an Apple Watch, we collect the following health-related data with your explicit consent:

• Heart Rate Data: We collect heart rate information during workouts to provide real-time feedback and optimize your training. Legal basis: Explicit consent
• Calorie Data: We collect information about calories burned during workouts to track your progress. Legal basis: Explicit consent

This data is collected through Apple's HealthKit framework. In accordance with Apple's requirements:

• We only access this data with your explicit permission, which you can revoke at any time through your device settings
• We never sell your HealthKit data to advertising platforms, data brokers, or information resellers
• We never use your HealthKit data for advertising, marketing, or other use-based data mining purposes
• We never disclose your HealthKit data to third parties without your explicit consent

You can control which health data our App can access by adjusting your privacy settings in the Health app on your iOS device.
Special Notice on Health Data: Some of the information we collect, such as your weight, height, heart rate, calories, and training data, may be considered health-related data under certain data protection laws. We process this data only with your explicit consent, which you can withdraw at any time.

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 To Provide and Maintain Our Services

• Set up and manage your account Legal basis: Contract performance
• Provide the AI trainer functionality Legal basis: Contract performance and Explicit consent for health data
• Track your fitness progress Legal basis: Contract performance and Explicit consent for health data
• Process transactions and send related information Legal basis: Contract performance
• Respond to your comments, questions, and requests Legal basis: Legitimate interests

3.2 To Improve and Develop Our Services

• Understand how users interact with our App and Website Legal basis: Legitimate interests
• Identify usage trends and determine the effectiveness of our promotional campaigns Legal basis: Legitimate interests
• Develop new features, products, and services Legal basis: Legitimate interests
• Debug to identify and repair errors Legal basis: Legitimate interests

3.3 To Personalize Your Experience

• Provide personalized content, such as workout recommendations Legal basis: Contract performance and Explicit consent for health data
• Remember your preferences and settings Legal basis: Legitimate interests
• Deliver targeted advertisements (with your consent where required by law) Legal basis: Consent

3.4 To Communicate with You

• Send administrative messages about our services Legal basis: Contract performance
• Provide customer support Legal basis: Contract performance
• Send marketing communications (with your consent where required by law) Legal basis: Consent
• Respond to your inquiries Legal basis: Legitimate interests

3.5 To Ensure Security and Compliance

• Detect, investigate, and prevent fraudulent transactions and other illegal activities Legal basis: Legal obligation and Legitimate interests
• Protect the rights, property, or safety of you, us, or others Legal basis: Legal obligation and Legitimate interests
• Comply with legal obligations Legal basis: Legal obligation

3.6 Profiling and Automated Decision-Making
Our App uses AI technology to analyze your training data, physical parameters, and fitness goals to create personalized workout plans. This process involves profiling and automated decision-making. The AI considers factors such as:

• Your previous workout history and performance
• Your physical parameters (height, weight, age)
• Your stated fitness goals
• Your reported limitations or injuries
• Your heart rate and calorie data from Apple Watch (if you use this feature)

AI Decision Logging and Transparency: All automated decisions made by our AI trainer are logged for audit and transparency purposes. Users may request a summary of AI-driven decisions affecting their workout plans and may contact us to request human review of any automated recommendation.
You have the right to obtain human intervention, express your point of view, and contest any decision made by our automated systems. To exercise these rights, please contact us using the information in Section 14.

4. HOW WE SHARE YOUR INFORMATION

We may share your information with the following categories of third parties:

4.1 Service Providers

We share information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as:

• Cloud Storage Providers: Amazon Web Services (AWS) - stores user data and application infrastructure
• Payment Processors: Stripe, Apple Pay, and Google Pay - process subscription payments
• Analytics Providers: Google Analytics and Firebase - analyze app usage and performance
• Customer Support Services: Zendesk - manages customer support tickets and communications

These service providers are contractually obligated to use your information only as directed by us and in a manner consistent with this Privacy Policy.
Important Note on HealthKit Data: We do not share any data collected through Apple's HealthKit framework with any service providers or third parties, in accordance with Apple's guidelines.

4.2 Business Partners
With your consent, we may share information with business partners who offer joint promotions or products. These partners include fitness equipment manufacturers, nutrition supplement companies, and athletic apparel brands that may provide special offers to our users.
We never share your HealthKit data (heart rate, calories) with any business partners under any circumstances.

4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.4 Business Transfers
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.5 With Your Consent
We may share your information with third parties when you have given us your consent to do so.

5. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Information: Retained for the duration of your account and for 30 days after account deletion
• Profile Information: Retained for the duration of your account and for 30 days after account deletion
• Training Data: Retained for 3 years from the date of creation
• Payment Information: Retained for 7 years as required by tax regulations
• Communications: Retained for 2 years from the date of communication
• Device and Usage Information: Retained for 13 months
• Log Information: Retained for 90 days
• Apple Watch Health Data (heart rate, calories): Retained for 1 year from the date of collection, unless you request earlier deletion

Data Backup and Deletion Policy: We regularly create encrypted backups of user data to ensure service reliability and disaster recovery. Backups are stored securely and are subject to the same security measures as primary data. When you delete your account, your personal data is removed from active systems within 30 days and from all backups within 90 days, unless a longer retention period is required by law.

Clarification on Data Retention in Backups: Personal data deleted by users will be removed from all backup systems within 90 days. During this period, backup data is inaccessible for normal processing and is only restored in the event of a disaster recovery scenario.
When determining how long to retain information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

6. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of your location, though the specific legal framework may vary.

6.1 Rights Under GDPR (EU and UK Users)
If you are located in the European Union or the United Kingdom, you have the following rights:

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.
• Right to Erasure: You have the right to request that we delete your personal information in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You have the right to request that we transfer your personal information to another service provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal information in certain circumstances, including processing for direct marketing or profiling.
• Right to Withdraw Consent: You have the right to withdraw your consent at any time where we rely on consent to process your personal information.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information violates applicable law.

6.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights:

• Right to Know: You have the right to request information about the personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. However, we do not sell your personal information.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your privacy rights.

6.3 Rights Under Other Privacy Laws
Users in other jurisdictions may have similar rights under their local laws, such as:

• Brazil (LGPD): Similar rights to those under GDPR
• Canada (PIPEDA): Rights to access, correction, and withdrawal of consent
• Australia (Privacy Act): Rights to access and correction
• Japan (APPI): Rights to disclosure, correction, and cessation of use

We are committed to honoring these rights in accordance with applicable local laws.

6.4 How to Exercise Your Rights
To exercise your privacy rights, please contact us using the contact information provided in Section 14. We will respond to your request within the timeframe required by applicable law (30 days for GDPR requests, 45 days for CCPA requests, and similar timeframes for other jurisdictions).
You can also control your HealthKit data permissions directly through your iOS device settings. To manage which health data our App can access:

1. Open the "Health" app on your iOS device
2. Tap on your profile picture in the top right corner
3. Tap on "Privacy & Settings" then "Apps"
4. Select our App from the list
5. Toggle on/off the specific health data categories you want to allow or restrict

We may need to verify your identity before processing your request. We will only use the information you provide in your request to verify your identity and process your request.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption: We use AES-256 encryption for data at rest and TLS 1.2+ for data in transit
• Access Controls: We implement strict access controls and authentication mechanisms, including multi-factor authentication for our staff
• Regular Security Audits: We conduct regular security assessments and penetration testing
• Employee Training: We provide regular data protection and security training to our employees
• Incident Response Plan: We maintain a comprehensive incident response plan to address any potential data breaches
• Enhanced Protection for Health Data: We implement additional security measures for health-related data, including heart rate and calorie data from Apple Watch

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. DATA BREACH NOTIFICATION

Data Breach Notification: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities without undue delay, and in any case within 72 hours of becoming aware of the breach, in accordance with applicable law.

9. INTERNATIONAL DATA TRANSFERS

As a global application, your personal information may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, our servers are located in the United States, Ireland, and Singapore, and our third-party service providers and partners operate globally.
We have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Policy when transferred internationally. These safeguards include:

• Implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and with our third-party service providers and partners
• Ensuring that recipients of your personal information are bound by data protection terms in our contracts with them
• Conducting regular assessments of data protection laws in the countries where we transfer data
• Implementing additional safeguards as required by local laws in different jurisdictions

You can request a copy of our Standard Contractual Clauses by contacting us using the information in Section 14.

10. CHILDREN'S PRIVACY

Our App and Website are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. We implement the following measures to prevent the collection of data from children:

• Age verification during the registration process
• Prompt deletion of any account and associated data if we discover the user is under 16
• Parental consent verification for users between 16 and 18 years old

If you believe that we might have any information from or about a child under 16, please contact us immediately using the information in Section 14, and we will take steps to delete such information as soon as possible.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App, Website, or by other means, such as email, at least 30 days before the changes take effect. The notification will include a summary of the changes and information on how to access the previous version of the Privacy Policy.
Your continued use of our App or Website after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Privacy Policy, you must stop using our App and Website.
We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

12. THIRD-PARTY SERVICES

Our App and Website may contain links to third-party websites or services. This Privacy Policy does not apply to such third-party services, and we are not responsible for the content or privacy practices of those websites or services.
When you connect our App with third-party services (such as Apple Health, Google Fit, or social media platforms), we may exchange data with those services. The data shared depends on the specific integration and your settings in both our App and the third-party service.
We encourage you to review the privacy policies of any third-party services you access or connect with our App.

13. COOKIES POLICY

13.1 What Are Cookies
Cookies are small text files that are placed on your device when you visit our Website. They are widely used to make websites work more efficiently and provide information to the website owners.

13.2 How We Use Cookies
We use cookies and similar technologies on our Website for the following purposes:

• Essential Cookies: These cookies are necessary for the Website to function properly and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. Duration: Session to 1 year
• Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us to know which pages are the most and least popular and see how visitors move around the Website. Duration: 90 days to 2 years
• Functionality Cookies: These cookies enable the Website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. Duration: 30 days to 1 year
• Targeting Cookies: These cookies may be set through our Website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. Duration: 30 days to 2 years

Mobile App Cookies and Tracking Policy: Our mobile app may use device identifiers and similar technologies (such as analytics SDKs) to collect usage data and improve app performance. These are used solely for app functionality, analytics, and security. You can manage analytics and tracking preferences in the app settings.

13.3 Managing Cookies
You can control cookies through our cookie consent tool when you first visit our Website. You can also change your cookie preferences at any time by clicking on the "Cookie Settings" link in the footer of our Website.
Most web browsers allow you to control cookies through their settings preferences. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
Please note that if you choose to reject certain cookies, you may not be able to use all the features of our Website.

14. AI FUNCTIONALITY AND DATA PROCESSING

Our App includes AI trainer functionality that provides personalized workout recommendations and fitness guidance. Here's how we process your data for this functionality:
14.1 Data Used by Our AI Trainer
Our AI trainer uses the following data to generate personalized recommendations:

• Your profile information (height, weight, age)
• Your fitness goals and preferences
• Your workout history and performance
• Your reported limitations or injuries
• Your heart rate and calorie data from Apple Watch (if you use this feature)

14.2 How Our AI Works
Our AI trainer uses machine learning algorithms to analyze your data and generate personalized workout plans. The system:

• Analyzes patterns in your workout history to identify effective exercises for your goals
• Adjusts workout intensity based on your performance and feedback
• Considers your physical parameters to ensure appropriate exercise selection
• Adapts recommendations based on your progress over time
• Uses heart rate data to optimize workout intensity and recovery periods
• Tracks calorie expenditure to help you meet your fitness and weight management goals

14.3 AI Training and Improvement
To improve our AI trainer, we may use anonymized and aggregated user data for training our algorithms. This process involves:

• Removing all personally identifiable information
• Aggregating data across multiple users
• Using technical safeguards to prevent re-identification

You can opt out of having your anonymized data used for AI training by contacting us using the information in Section 15.
In accordance with Apple's guidelines, we never use HealthKit data (heart rate, calories) for AI training purposes without your explicit consent, and we never use this data for advertising or marketing purposes.

14.4 Important Limitations
Please note the following important information about our AI functionality:

• Not Medical Advice: The AI trainer functionality is designed to provide general fitness recommendations and is not intended to provide medical advice, diagnosis, or treatment.
• Inherent Limitations: While we strive to provide accurate and helpful guidance, our AI technology has inherent limitations and may occasionally make errors or provide recommendations that are not optimal for your specific circumstances.
• Use Your Judgment: Always use your own judgment when following AI-generated recommendations and stop any activity that causes pain or discomfort.
• Consult Healthcare Providers: Consult with healthcare providers before starting any new fitness program, especially if you have pre-existing health conditions.

15. CONTACT US

15.1 Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Email: support@gloox.app
Postal Address:
Stoney Works
8 Stoney Lane
London, England
SE19 3BD

15.3 EU Representative
Our representative in the European Union for data protection matters can be contacted at support@gloox.app.
If you are located in the European Union or the United Kingdom and have concerns about our processing of your personal information that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside.

15.4 Mobile App Permissions and Push Notification Policy
Our mobile app may request the following permissions on your device:

• Camera: Used for scanning QR codes and taking progress photos
• Location: Used for tracking outdoor workouts and finding nearby fitness facilities
• Storage: Used for saving workout data and progress photos locally
• Microphone: Used for voice commands and audio feedback during workouts
• Motion Sensors: Used for tracking movement during exercises
• Notifications: Used for workout reminders and updates.
• Push Notification Policy: We use push notifications to send you workout reminders, motivational messages, and important service updates. You can opt out of non-essential notifications at any time via your device settings or within the app's notification preferences.
• HealthKit: Used to access heart rate and calorie data from Apple Watch

You can manage these permissions through your device settings at any time.
15.5 Apple HealthKit Specific Controls
Our App integrates with Apple's HealthKit framework to access heart rate and calorie data from your Apple Watch. You have complete control over this integration:

• You can enable or disable our App's access to specific types of health data in the Health app on your iOS device
• You can view all health data our App has accessed in the Health app
• You can revoke our App's access to your health data at any time

We are committed to respecting your privacy choices regarding your health data and will only access the data you explicitly authorize.