Privacy Policy (App)
Privacy Policy – TRAININGG
Quick note: This Privacy Policy explains how Nico Ettlinger – Digital Solutions (“we”, “us”, or “Service Provider”) collects, uses, and protects personal data when you use the TRAININGG mobile application (“App”).
The App is offered as a Freemium Software-as-a-Service (SaaS) product distributed through the Apple App Store and Google Play Store.
It is intended for use as is and requires no separate web registration flow.
- Privacy Policy – TRAININGG
Controller: Nico Ettlinger – Digital Solutions (sole proprietorship)
Address: Am Seeacker 19, 93326 Abensberg, Germany
Email: [email protected]
Effective Date: 1 November 2025
1. Data We Collect
1.1 Automatically collected data
When you install or use the App, certain technical information is automatically collected:
- Device model, OS version, language, and time zone
- App version, screens visited, session duration
- Crash logs and performance metrics via Firebase Crashlytics
- IP address (short-term, for security and diagnostics)
- Approximate device location (country-level only, no GPS tracking)
This information is pseudonymized or aggregated and cannot directly identify you.
1.2 Authentication data (Firebase Authentication)
If you sign in using Sign in with Apple or Sign in with Google, Firebase Authentication creates a pseudonymous user account.
Collected data includes:
- Firebase User ID
- Apple or Google identity token (secure and non-reversible)
- Authentication timestamps (registration, last login)
We do not store passwords, direct emails from Apple/Google (Apple private relay), or any billing information.
1.3 Training and app data (Firebase Realtime Database)
The App stores certain user-entered or app-generated data in the Firebase Realtime Database (RTDB), such as:
- Workout plans
- Logged workouts and exercise history
- Performance metrics (e.g., estimated rep-max values)
- Body measurements (e.g., weight, height, body fat, age)
- App settings and preferences
These entries are linked exclusively to your Firebase User ID.
Note: Body measurements and training metrics may constitute health data under GDPR when used for assessing fitness, training progress, or physical condition.
1.4 Third-party SDKs
| Provider | Purpose | Policy |
|---|---|---|
| Firebase Analytics | Anonymous usage analytics | https://firebase.google.com/support/privacy |
| Firebase Crashlytics | App stability & crash diagnostics | https://firebase.google.com/support/privacy |
| Firebase Authentication | Apple/Google sign-in | https://firebase.google.com/support/privacy |
| Firebase Realtime Database | Training & app data storage | https://firebase.google.com/support/privacy |
| Expo Services | App build & OTA updates | https://expo.dev/privacy |
| RevenueCat | Subscription verification & entitlement handling | https://www.revenuecat.com/privacy |
All providers act as data processors under GDPR-compliant agreements.
2. Purpose and Legal Bases (GDPR / UK DPA)
| Purpose | Legal Basis | Details |
|---|---|---|
| App functionality & training data storage | Art. 6(1)(b) GDPR – performance of a contract | Required to provide the core functionality of the App. |
| Processing of health-related measurements | Art. 9(2)(a) GDPR – explicit consent | Necessary for training plans, performance metrics, and progress tracking. |
| Analytics & crash diagnostics | Art. 6(1)(f) GDPR – legitimate interest | Improve stability, usability, and technical performance. |
| Security & fraud prevention | Art. 6(1)(f) GDPR | Detect misuse and protect backend services. |
| Legal obligations | Art. 6(1)(c) GDPR | Compliance with tax, consumer protection, or regulatory requirements. |
3. Children’s Privacy
The App is not intended for children under 16 in the EU (or under 13 in the U.S.).
We do not knowingly collect data from minors.
If you believe your child has submitted data, contact [email protected] and we will delete it promptly.
4. Data Sharing
We share data only in the following cases:
- With processors listed in § 1.4
- With authorities, where required by law
- As part of corporate restructuring (merger, acquisition), ensuring equivalent privacy safeguards
We do not sell or rent personal data.
5. International Transfers
Firebase, Expo, and RevenueCat may process data in countries outside the EU/EEA (e.g., the U.S.).
Transfers occur under EU Standard Contractual Clauses (SCCs) or equivalent safeguards.
6. Retention Periods
| Data Type | Retention |
|---|---|
| Firebase RTDB training data | Until user account deletion |
| Firebase Authentication account | Until user account deletion |
| Crash & analytics logs | Up to 14 months |
| Subscription validation data | Subscription duration + up to 90 days |
| Support requests | Up to 12 months after resolution |
After retention, data is deleted or anonymized.
7. User Rights (GDPR / UK / LGPD)
You have the right to:
- Access (Art. 15 GDPR)
- Rectify (Art. 16)
- Erase (Art. 17)
- Restrict or object to processing (Art. 18–21)
- Data portability (Art. 20)
- File a complaint with a supervisory authority
Brazilian users have equivalent rights under LGPD Arts. 17–22.
Requests may be submitted to [email protected]; we respond within 30 days.
8. California Privacy (CCPA / CPRA)
For California residents:
- We do not sell personal information.
- You may request access or deletion of information about your device or activity.
- We do not discriminate against users for exercising their rights.
Submit requests to [email protected] with subject “CCPA Request”.
9. Data Security
We implement industry-standard security measures:
- HTTPS/TLS encrypted communication
- Strict Firebase security rules
- Authentication safeguards
- Limited internal access to pseudonymized data
- Regular updates of SDKs and infrastructure
No system can guarantee absolute security.
If a data breach occurs, we will notify affected users and authorities as required.
10. Data Deletion & Account Deletion
You may:
- Uninstall the App to stop all future data collection, and
- Request deletion of your Firebase account and all associated training data.
Account & data deletion can be requested at:
https://www.trainin.gg/app/account-deletion
We delete personal and training-related data within 30 days, unless a longer period is legally required.
11. Updates to this Policy
The latest version is always available at:
https://www.trainin.gg/app/privacy
Material changes will be announced in-app before becoming effective.
Last updated: 17 November 2025
12. Contact
For questions or concerns regarding privacy:
Nico Ettlinger – Digital Solutions
Am Seeacker 19
93326 Abensberg
Germany
Email: [email protected]