GROW Fitness App – Privacy Policy
Effective Date: May 8, 2025
Thank you for choosing GROW ("GROW", "we", "our", or "us"). Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the GROW iOS and watchOS applications, related services, and any other software or tools we provide (collectively, the "App").
1. Who We Are
Controller: GROW Fitness, sole proprietor (trading as "GROW"), Vienna, Austria
Contact Email: privacy@growfitness.org
We are not required to appoint a Data Protection Officer because, as a micro‑entity, we do not process health data on a large scale. Should this change, we will update this Policy accordingly.
2. Scope of This Policy
This Policy applies to all users of the App worldwide. Because we are established in the European Union, the EU General Data Protection Regulation (GDPR) governs our processing of personal data. Users outside the EU may have additional rights under local laws.
3. Information We Collect
| Category | Examples | Source | Legal Basis (GDPR) |
|---|---|---|---|
| Account Information | Email address, optional name/username, authentication tokens | You | Contract (Art. 6 (1)(b)) |
| Health & Fitness Data | Exercises, sets, reps, weights, workout history, PRs, templates, plans | You / Apple HealthKit (with consent) | Explicit consent (Art. 9 (2)(a)) |
| Technical Data | Device model, OS version, anonymised usage events, crash logs | Automated | Legitimate interest (Art. 6 (1)(f)) |
| Purchase Data | In‑app purchase receipts (Superwall SDK) | Apple | Contract / Legitimate interest |
| Feedback | Feature requests, support queries | You | Legitimate interest |
3.1 HealthKit and Apple Watch
Health and fitness data obtained via Apple HealthKit or Apple Watch is processed only after you grant explicit permission and is never used for advertising or shared with data brokers.
4. How We Use Your Information
- Provide Core Services – create and track workouts, sync progress across devices, and generate statistics and personalised plans.
- Account Management – authenticate you, maintain sessions, and manage in‑app purchases.
- Analytics & Improvement – monitor crashes, measure feature adoption, and improve user experience.
- Customer Support – respond to inquiries and feedback.
- Legal Compliance – comply with tax, accounting, and regulatory obligations.
5. Sharing & Disclosure
We do not sell your personal information. We share data only when necessary:
| Category of Recipient | Purpose | Safeguards |
|---|---|---|
| Cloud Hosting & Database Provider (EU‑based) | Store and sync workout data, authentication | GDPR‑compliant hosting; SCCs where needed |
| Health Data Sync (Apple HealthKit) | Read/write health data (with consent) | HealthKit guidelines compliance |
| Crash & Performance Analytics (EU/US) | Crash reporting, performance metrics | Data‑processing agreements; pseudonymisation |
| Professional Service Providers | IT support, legal, accounting | Confidentiality agreements |
| Authorities & Courts | Respond to lawful requests or protect rights | Disclosed only when legally required |
| Business Transfers | In case of a merger, acquisition, or asset sale | Notice to users; continued protection |
6. International Transfers
Whenever we transfer personal data outside the EU/EEA, we rely on Standard Contractual Clauses or other lawful safeguards under GDPR Art. 46.
7. Data Retention
- Workout & Health Data: Retained until you delete it or close your account.
- Account Data: Deleted within 30 days after confirmed account deletion.
- Local Data: Removed when you uninstall the App.
- Legal/Tax Records: Retained for the statutory period (typically seven years in Austria).
8. Your Rights
You have the right to:
- Access and receive a copy of your data
- Rectify inaccurate data
- Erase your data (right to be forgotten)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time (without affecting prior processing)
- Lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, Barichgasse 40‑42, 1030 Vienna, Austria) or your local authority
To exercise any rights, email us at privacy@growfitness.org.
9. Security Measures
We implement technical and organisational measures, including:
- On‑device encryption (SwiftData, Keychain)
- TLS encryption in transit
- Access controls and strong authentication
- Regular code audits and dependency checks
10. Children's Privacy
The App is not intended for children under 13 (or the minimum legal age in your jurisdiction). We do not knowingly process data from minors. Parents who believe their child has provided data may contact us for deletion.
11. In‑App Purchases & Subscriptions
Premium features are offered via Apple's in‑app purchase system. Payment data is processed by Apple; we receive only anonymised transaction identifiers and entitlement status.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced via in‑app notice or email. The "Effective Date" will always reflect the latest revision.
13. Contact
If you have questions or concerns about this Privacy Policy, contact us at:
GROW Fitness (sole proprietor)
Vienna, Austria
Email: privacy@growfitness.org
Thank you for trusting GROW with your fitness journey.