Interpretation and Definitions
Definitions
- Application: The software program Grindlock provided by the Company.
- Company: Abenteuergeist, Widenmayerstraße 11, 80538 München, Germany.
- Country: Germany.
- Device: Any device that can access the Service such as a mobile phone or tablet.
- Service: The Application and all related services provided by the Company.
- You: The individual accessing or using the Service.
Information We Collect
Account Information via Apple Sign-In
When you sign in to Grindlock using Apple Sign-In, we receive your name and your email address (or an Apple-generated relay email address if you choose that option). This information is used solely to create and maintain your account.
Workout Data
Grindlock collects data about your workouts including:
- Rep counts for each exercise
- Exercise type and variations
- Session duration and timestamps
- All workout history and progress tracking
Profile Data
Your profile data includes your XP points, current level, workout streak and complete session history. This information is used to provide your personalized experience and track your progress.
Device Information
We collect information about your device type, operating system version and anonymous identifiers for crash reporting purposes only. No other device identifiers or tracking data is collected.
Camera & Exercise Detection
Grindlock uses your device’s camera to detect exercises and count repetitions. It’s critical to understand how this works:
- On-Device Processing Only: All camera analysis uses machine learning models bundled with the app. Processing happens entirely on your device.
- No Recording: Your device does not record, store or transmit any camera frames or video.
- Real-Time Analysis & Immediate Discard: Camera frames are analyzed in real time and immediately discarded. No visual data leaves your device.
- No Data Transmission: Camera data is never sent to Abenteuergeist’s servers or any third party.
The camera is used only during active exercise detection. You control when the camera is active.
Workout & Account Data — Supabase
Your workout data and account information are stored on Supabase, our backend infrastructure provider. This data is:
- Stored securely with row-level security (RLS) policies
- Only accessible to you and your account
- Never sold, shared or used for advertising purposes
- Protected by industry-standard encryption
Crash Reporting — Sentry
When Grindlock crashes, we collect anonymous crash reports through Sentry to identify and fix bugs:
- No Personal Information: Crash reports contain no PII or user data.
- Technical Data Only: Device type, OS version and stack traces for debugging.
- Anonymous: Crash reports cannot be linked back to your account.
For more information, see Sentry’s Privacy Policy.
Subscription Data — RevenueCat
App Store subscriptions are managed through RevenueCat:
- No Payment Information: We never handle credit card or payment details.
- App User ID Only: RevenueCat receives only an anonymous app user ID.
- Subscription Status: We only access whether your subscription is active.
- Apple Handles Payments: All payment processing is done by Apple App Store.
For more information, see RevenueCat’s Privacy Policy.
Notifications
Grindlock may send you local notifications on your device for:
- Screen time expiry reminders
- App re-lock notifications
- Workout streak reminders
These are local notifications stored only on your device. No notification data is sent to our servers or any third party. You can disable notifications in your device settings.
Legal Basis for Processing Personal Data Under GDPR
We process your personal data on the following legal bases under GDPR:
- Article 6(1)(b): To perform our contract with you (provide the Service).
- Article 6(1)(f): Legitimate interests in crash reporting and service improvement.
- Article 6(1)(c): To comply with legal obligations.
- Article 6(1)(a): With your consent for optional features.
How We Use Your Information
We use the information we collect for the following purposes:
- Provide and Maintain the Service: Creating accounts, storing workouts, tracking progress.
- Track Exercise Progress: Displaying stats, streaks, levels and XP.
- Fix Bugs: Using crash reports to identify and resolve technical issues.
- Manage Subscriptions: Processing and maintaining your App Store subscription.
- Comply with Law: Responding to legal requests when required.
Data Retention
We retain your data as long as your account is active. If you delete your account, your data is removed within 30 days, except where we’re required by law to retain it. Crash reports are retained for 90 days for debugging purposes.
Data Transfers
Your data is processed and stored in the European Economic Area (EEA) or Germany where possible. For any data transfers outside the EEA, we use Standard Contractual Clauses as approved by the European Commission.
Your GDPR Rights
If you are a resident of the EU, you have the following rights regarding your personal data:
- Right of access (Article 15 GDPR): You can request a copy of your personal data.
- Right to rectification (Article 16 GDPR): You can correct inaccurate data.
- Right to erasure (Article 17 GDPR): You can request deletion of your data.
- Right to restrict processing (Article 18 GDPR): You can limit how we process your data.
- Right to data portability (Article 20 GDPR): You can export your data in a standard format.
- Right to object (Article 21 GDPR): You can object to certain processing.
- Right to withdraw consent: You can withdraw any consent you have given.
- Right to lodge a complaint: with the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
Data Deletion
You can delete your account and all associated data directly in the Grindlock app. Alternatively, contact us at info@abenteuergeist.com to request deletion. Your data will be permanently removed within 30 days.
Disclosure of Information
Your information may be shared with:
- Supabase: Our database provider (your workout data).
- Sentry: Our crash reporting service (anonymous crash reports only).
- RevenueCat: Our subscription management service (subscription status only).
- Apple: App Store (via Apple Sign-In for authentication).
- Law enforcement: When legally required.
Security Measures
We take the security of your data seriously:
- Row-Level Security: Database policies ensure only you can access your data.
- TLS Encryption: All data in transit is encrypted.
- Minimal Data Collection: We only collect data necessary for the Service.
- On-Device Processing: Camera data never leaves your device.
Children’s Privacy
Grindlock is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.
Third-Party Links
Grindlock may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before using their services.
Changes to This Privacy Policy
We may update this Privacy Policy at any time. Changes will be effective when posted. We will notify you of significant changes by updating the “Last updated” date.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
Abenteuergeist
Widenmayerstraße 11
80538 München
Germany
info@abenteuergeist.com