Privacy Policy (GDPR)

Last updated: May 15, 2026

This Privacy Policy explains how Jymden ("we", "us", "our") processes personal data in connection with the Kettlebell Sport Pro mobile application (the "App"). It is written to meet the requirements of the EU/EEA General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is Jymden, Sweden. For privacy inquiries, contact: info@kettlebellsport.pro

2. Quick summary

You can use the App without logging in. Login (Firebase Auth), community uploads/sharing, and subscriptions are optional features.

3. Data we collect

3.1 Account data (optional)

  • When you choose to log in, we collect your email address and a unique user identifier (Firebase UID).
  • Authentication metadata such as sign-in provider and token validity.

3.2 App diagnostics

  • Crashlytics crash reports and diagnostics (device model, OS version, app version, timestamp, stack traces, and limited device identifiers generated by the SDK). No precise location or contact list data is collected via Crashlytics. These identifiers are used only for diagnostics and are not used to identify users personally, for tracking or advertising purposes.

3.3 User content (optional)

  • Workouts you create, upload, and choose to share with the community, including titles, descriptions, metrics, and any media or metadata you add.

3.4 Subscription & payments

  • We use RevenueCat, a third-party service, to manage subscription status and entitlements.
  • We do not process payment card data. Purchases and renewals are processed by Apple App Store or Google Play. We may receive non-sensitive purchase metadata (e.g., product ID, country, renewal status) from the store to manage your Pro access.

3.5 Camera usage

The App may use the device camera to enable automatic repetition counting and exercise tracking. Camera data used for real-time analysis is processed on-device and is not transmitted to our servers.

If you choose to record and save video, such recordings are stored locally on your device and are not uploaded or shared unless you explicitly choose to do so.

3.6 AI Workout Analysis (Optional Premium Feature)

If you choose to use the AI Analysis feature, we process profile data (age, gender, weight) and specific workout metrics (e.g., repetitions, heart rate, pacing, and duration). This data is used solely to generate a personalized performance analysis.

  • Provide core app functionality (e.g., saving workouts, account login when chosen) — Art. 6(1)(b) GDPR: contract or pre-contractual steps.
  • Diagnostics and app stability via Crashlytics — Art. 6(1)(f) GDPR: legitimate interests in maintaining service reliability and security. You can disable analytics/crash reporting in the App settings if we expose such a toggle; otherwise, you may control it at the OS level or via consent dialogs where applicable.
  • Community sharing (publishing your workouts to others) — Art. 6(1)(a) GDPR: consent. You can withdraw by deleting shared content or adjusting visibility.
  • Subscription entitlement managementArt. 6(1)(b) GDPR to deliver paid features and Art. 6(1)(f) to prevent fraud.
  • Compliance with legal obligations (e.g., tax/audit for purchases metadata) — Art. 6(1)(c) GDPR.
  • AI-powered workout insightsArt. 6(1)(a) GDPR (Consent) and Art. 9(2)(a) (Explicit Consent for health data). By clicking the analysis button, you give your explicit consent for us to process your health-related metrics to provide the service. This data is processed in a pseudonymized manner; no direct identifiers, such as your name, email, or user ID, are shared with the AI service.

5. Data storage and retention

  • Account and content data: retained while your account is active and for up to 24 months after last activity, unless you request deletion earlier or law requires longer retention.
  • Crash reports: typically retained by Crashlytics for approximately 90 days; aggregated statistics may be kept longer.
  • Purchase metadata: retained as long as required for entitlement, accounting, and fraud prevention, typically up to 6 years where applicable.

6. Data sharing and processors

We use trusted service providers to operate the App. They process data on our behalf pursuant to data processing agreements:

  • Google Firebase (Firebase Authentication, Crashlytics) — Google LLC/Google Ireland Limited.
  • Apple (App Store purchases) and Google (Google Play billing) — for subscription processing and entitlements.
  • Google Cloud Vertex AI — Used to process workout analysis. The data sent to Vertex AI is used only for generating your specific report and is not used by Google to train their general AI models.
  • Hosting and infrastructure providers that store backend data and media you upload (if applicable to your setup).
  • We do not use your personal data for advertising purposes.

We do not sell your personal data. We only disclose personal data if required by law, to protect rights and safety, or with your consent.

7. International data transfers

When data is transferred outside the EEA/UK (for example, to the United States by Google services), we rely on appropriate safeguards such as the EU Standard Contractual Clauses, adequacy decisions where available, and vendor security measures.

8. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.

9. Children

The App is not directed to children under 13. If you are a parent or guardian and believe your child provided personal data, contact us to request deletion.

10. Your GDPR rights

Subject to conditions and exceptions, you have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data ("right to be forgotten").
  • Restrict processing in certain circumstances.
  • Data portability.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time for processing based on consent (e.g., community sharing).
  • Lodge a complaint with your local data protection authority.
  • You can request deletion of your personal data by contacting info@kettlebellsport.pro, by using our data deletion form: kettlebellsport.pro/delete-account. You can also request deletion directly within the app.

To exercise your rights, contact info@kettlebellsport.pro. We may need to verify your identity.

11. Cookies and SDKs

The App may use device storage and third-party SDKs (e.g., Firebase) to provide authentication, diagnostics, and performance. Where required, consent is obtained before such processing. You can manage permissions via your device settings.

12. Third-party links

The App may contain links to third-party sites. Their privacy practices are governed by their own policies.

13. Contact

Questions or requests: info@kettlebellsport.pro.

14. Changes to this policy

We may update this policy from time to time. We will post the new version with an updated date here. Significant changes may also be communicated in-app.

This policy applies to Kettlebell Sport Pro by Jymden.