GainMate Privacy Policy
Last updated: July 6, 2026
1. Data Controller
The controller of your personal data is:
Michał Semeniuk
ul. Jurowiecka 113, 16-010 Wasilków, Poland
NIP: 9662223175
REGON: 545054241
Email: semeniukstudio@gmail.com
(hereinafter: “we”, “Controller”)
This Privacy Policy applies to the GainMate mobile application (the “App”) and the gainmate.app website (the “Site”).
2. What data we collect
2.1 Account data
- email address (required for registration and login),
- username,
- password (stored only in encrypted form — we do not have access to its contents).
2.2 Profile data (provided voluntarily)
- gender and visibility/search preferences (the gender of people you want to see and be visible to),
- profile description (bio) — may contain data you choose to provide, e.g. your first name,
- training experience level,
- strength records (bench press, squat, deadlift),
- links to social media profiles (Instagram, TikTok, YouTube),
- profile photo (avatar),
- for trainers: city, specializations, pricing, contact method, approximate location of coaching activity.
2.3 Location data
- The App uses your device's GPS location to center the map and show gyms in your area. Location is read after you grant permission in your operating system.
- We do not store your exact GPS coordinates on our servers.
- We may store approximate location information at the country level to properly tailor content (e.g. trainers available in your region).
2.4 App activity data
- gym membership (gyms you have joined in the App) and check-in status at the gym,
- trainer verification status at a given gym,
- messages exchanged with other users (chats) — stored on our servers to provide the chat service,
- in-app achievements.
2.5 Training data
- Training plans created in the App are saved only locally on your device and are not transmitted to our servers.
- Workout share cards (graphics with your records) are generated on your device; sharing them is entirely up to you.
2.6 Payment data
- Payments are processed by third-party providers: Stripe (payments on the Site), Apple App Store / Google Play, and RevenueCat (in-app subscriptions).
- We do not have access to your payment card numbers. We only receive subscription status information (active/inactive, plan type) necessary to provide the services.
2.7 Technical data
- basic technical data necessary for the service to function (e.g. account identifier, timestamps, error diagnostic data),
- on the Site: analytics data (Google Analytics 4) — only after you give consent (see the Cookies section).
3. Purposes and legal bases for processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Account creation and management, provision of App services (map, profiles, chats, gym sign-ups) | Art. 6(1)(b) — performance of a contract |
| Subscription and payment handling | Art. 6(1)(b) — performance of a contract |
| Matching profile visibility based on gender preferences and location (country) | Art. 6(1)(b) — performance of a contract |
| Sending transactional messages (confirmations, password resets) | Art. 6(1)(b) — performance of a contract |
| Accounting, bookkeeping, tax documentation | Art. 6(1)(c) — legal obligation |
| Security, abuse prevention, handling reports and user blocks | Art. 6(1)(f) — legitimate interest |
| Site analytics (GA4) | Art. 6(1)(a) — consent |
| Marketing communications (if we launch them) | Art. 6(1)(a) — consent |
4. Visibility of your profile to other users
GainMate is a social fitness app. Please remember that:
- your profile (username, avatar, bio, level, records, social links) may be visible to other App users — especially when you join a gym with check-in enabled or start a chat,
- your gender preferences limit profile visibility (you see and are visible to others according to your settings),
- if you are not signed up to any gym and do not have any active chats, your profile remains practically invisible to other users,
- trainer profiles offering online services are visible in the trainer directory.
Do not share data in your bio or chats that you do not want to disclose to others.
5. Who we share data with (recipients)
We use trusted processors that process data on our behalf:
- Supabase — database hosting and authentication (servers in the EU),
- Stripe — payment processing on the Site,
- RevenueCat — in-app subscription management,
- Apple / Google — App distribution and in-app payment processing,
- Resend — transactional email delivery,
- Google (Google Analytics 4) — Site analytics (only with consent),
- Site hosting providers.
Some of these providers may process data outside the European Economic Area. In such cases, transfers are carried out using GDPR-compliant mechanisms (including standard contractual clauses, adequacy decisions, including the EU-US Data Privacy Framework).
We do not sell your personal data.
6. How long we retain data
- Free account data: up to 30 days after account deletion (time to remove backup copies), after which it is permanently deleted.
- Data related to paid subscriptions (premium, trainer, gym accounts): billing data is retained for the period required by tax and accounting law — generally 5 years from the end of the year in which the settlement was made.
- Messages (chats): deleted when the account is deleted.
- Site analytics data: according to GA4 retention settings.
7. Your rights
You have the right to:
- access your data and receive a copy,
- rectification (correction) of data,
- erasure of data (“right to be forgotten”),
- restriction of processing,
- data portability,
- object to processing based on legitimate interest,
- withdraw consent at any time (without affecting the lawfulness of processing before withdrawal),
- lodge a complaint with a supervisory authority — in Poland: the President of the Personal Data Protection Office (uodo.gov.pl).
To exercise these rights, write to: semeniukstudio@gmail.com.
8. Account deletion
You can delete your account yourself in the App: Settings → Danger zone → Delete account. Deleting your account permanently removes your profile, chats, gym sign-ups, and other data associated with the account (subject to billing data — section 6).
You can also request account deletion by email: semeniukstudio@gmail.com.
9. User age
The App is intended for people aged 16 and over. We do not knowingly collect data from anyone under this age. If you suspect that someone under 16 is using the App, please contact us.
10. Data security
We apply appropriate technical and organizational measures to protect your data, including: transmission encryption (TLS), password encryption, database access control (Row Level Security mechanisms), and limiting data access to the minimum necessary scope.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will inform you and the relevant supervisory authority in accordance with applicable law.
11. Cookies and analytics on the Site
The gainmate.app Site uses:
- essential cookies — for the Site to function properly (no consent required),
- analytics cookies (Google Analytics 4) — only after you give consent in the cookie banner. You can withdraw consent at any time.
The mobile App does not use cookies.
12. Changes to this Privacy Policy
This Policy may be updated, including in connection with App development or changes in law. We will inform you of material changes in the App or by email. The current version is always available at: gainmate.app/privacy.
13. Contact
For matters relating to personal data: semeniukstudio@gmail.com
