← Back to home

Privacy Policy

Last updated: February 18, 2026

1. Controller (Verantwortlicher)

The controller within the meaning of Art. 4(7) GDPR is:

Exercisable GmbH
Leharstraße 12
70195 Stuttgart, Germany
Managing Director: Jonas Wallmann
Amtsgericht Stuttgart HRB 800487
Email: info@exercisable.com

2. Data Protection Contact

For any questions regarding data protection, please contact us at: privacy@exercisable.com

3. Overview of Processing Activities and Legal Bases

We process personal data only in accordance with applicable data protection law. Below is an overview of the data we process, the purposes, and the legal basis under Art. 6(1) and, where applicable, Art. 9(2) GDPR:

3.1 Account Registration and Authentication

Data: Email address, password (hashed), display name.
Purpose: To create and manage your user account and authenticate you when using the Service.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

3.2 Personalized Fitness Programs

Data: Gender, age, height, weight, lifestyle information, fitness training experience and goals, available workout equipment, and available workout schedule.
Purpose: To create personalized fitness programs tailored to your individual profile.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR). This data is necessary to deliver the core functionality of the Service (personalized fitness programs) and is provided by you voluntarily as part of using the Service.

3.3 Workout Tracking and Video Recordings

Data: Workout logs, exercise performance data, self-recorded videos.
Purpose: To allow you to track your fitness progress and review your exercise form.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
Video recordings are stored for your personal use only and are not shared with third parties.

3.4 Payment Processing

Data: Payment information (processed by Stripe and/or RevenueCat; we do not store your full payment details).
Purpose: To process subscription payments for premium features.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

3.5 Analytics and App Improvement

Data: Usage data, device information, interaction patterns (collected via Firebase Analytics and Mixpanel).
Purpose: To understand how the app is used and to improve its functionality and user experience.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). Our legitimate interest is to continuously improve our Service and ensure its technical stability. You may object to this processing at any time (see Section 9).

3.6 Crash Reporting and Log Data

Data: IP address, device name, operating system version, app configuration, time and date of use, crash logs, and error diagnostics.
Purpose: To identify and fix errors and ensure the stability of the Service.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). Our legitimate interest is to maintain a stable and functional application.

3.7 Apple Health Integration (iOS only)

Data: Completed workout data (duration, calories, exercise type).
Purpose: To sync your finished workouts with the Apple Health app on your device, if you choose to enable this feature.
Legal basis: Consent (Art. 6(1)(a) GDPR). You can enable or disable this integration at any time in the app settings. Data is shared directly between the app and Apple Health on your device.

3.8 Search Functionality

Data: Search queries, IP address.
Purpose: To provide search functionality for exercises and content within the app.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

4. Third-Party Service Providers (Processors)

We use the following third-party service providers to operate our Service. We have entered into data processing agreements (Auftragsverarbeitungsverträge, Art. 28 GDPR) with each provider:

5. Data Transfers to Third Countries

Some of the third-party service providers listed in Section 4 are based in the United States or may process data outside the European Economic Area (EEA). Where such transfers occur, they are safeguarded by the respective provider's compliance with the EU–U.S. Data Privacy Framework, Standard Contractual Clauses (Art. 46(2)(c) GDPR), or other legally recognized mechanisms. For details, please refer to the privacy policies linked in Section 4.

6. Cookies and Tracking Technologies

Our mobile app does not use cookies. Our website may use technically necessary cookies required for basic operation (e.g., session management). These do not require consent under Section 25 TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz). You can manage cookies at any time through your browser settings.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Art. 32 GDPR. These measures include encrypted data transmission (TLS), secure authentication mechanisms, and access controls. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at privacy@exercisable.com.

10. Account and Data Deletion

You may request the deletion of your personal data at any time by deleting your account. Upon account deletion, all personal data associated with your account will be permanently deleted, except where we are legally required to retain certain data (e.g., payment records for tax purposes).

11. Automated Decision-Making

Our app uses algorithms to generate personalized fitness programs based on the information you provide (such as fitness level, goals, and available equipment). This constitutes automated processing but does not constitute automated individual decision-making with legal or similarly significant effects within the meaning of Art. 22 GDPR. The generated programs serve as suggestions that you may freely modify, ignore, or override at any time.

12. Children's Privacy

Our Service is not directed at persons under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that a child under 16 has provided us with personal data without parental consent, we will take steps to delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@exercisable.com.

13. Links to Other Sites

This Service may contain links to third-party websites. If you click on such a link, you will be directed to that site. These external sites are not operated by us, and we have no control over their content or privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a prominent notice within the app prior to the changes taking effect. We encourage you to review this page periodically. The date of the most recent revision is indicated at the top of this policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data processing practices, please contact us at:

Exercisable GmbH
Leharstraße 12, 70195 Stuttgart, Germany
Email: privacy@exercisable.com

© 2026 Exercisable. All rights reserved.