Privacy Policy

1. Introduction

Gymbrada ("we", "our", "the Company") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use gymbrada.com and related services. This policy complies with the European Union General Data Protection Regulation (GDPR) and the Israeli Privacy Protection Law, 5741-1981.

2. Data Controller

3. Data We Collect

3.1 Personal Information

• Full name, email address, phone number
• Date of birth and gender

3.2 Fitness Questionnaire & In-App Data

• Height, weight, body measurements
• Current fitness level and training goals
• Relevant medical history (allergies, limitations)
• Dietary preferences and nutrition habits
• Workouts, meals, and metrics you log in the app

3.3 Payment Information

• Payment details processed through PayPorto — we do not store full credit card numbers
• Transaction history and billing details

3.4 Usage Data

• IP address, browser type, and operating system
• Pages viewed, time spent, and navigation patterns
• Device identifiers and general location data

4. How We Use Your Data

• Service Delivery: Creating personalized daily recommendations, training plans, and nutrition plans.
• AI Recommendations: Using your questionnaire and in-app data to generate personalized recommendations via Anthropic (Claude) AI services.
• Coach Support (selected plans): On plans that include a human coach, relevant data is shared with your assigned coach for review and communication.
• Communications: Sending account notifications, service updates, and marketing communications (with your consent).
• Service Improvement: Analyzing usage patterns to improve the platform.
• Legal Compliance: Fulfilling legal and regulatory obligations.

5. Legal Basis for Processing

• Consent: For marketing communications, non-essential cookies, and processing health-related data.
• Contract Performance: To deliver the services you have subscribed to, including generating recommendations and personalized plans.
• Legitimate Interest: For service improvement, security, and fraud prevention.
• Legal Obligation: To comply with legal and regulatory requirements.

6. Data Sharing

We share your information only with the following parties:

• PayPorto (Payment Processing): Your payment details are securely transmitted for transaction processing. PayPorto is PCI DSS compliant.
• Anthropic / Claude (AI Services): Your fitness questionnaire and in-app data (without directly identifying information) is transmitted to generate personalized recommendations, training plans, and nutrition plans.
• Professional Coaches (selected plans): On plans that include a human coach, your assigned coach is given access to your data for review and plan adjustment. Our coaches are bound by confidentiality and data-use restrictions.
• Infrastructure Providers: Cloud hosting, monitoring, and security providers operating on our behalf and bound by data processing agreements.
• Law Enforcement: When required by legal process or court order.

We do not sell your personal information to third parties for marketing purposes.

7. Data Retention

We retain your personal data according to the following principles:

• Account Data: For as long as your account is active, and up to 3 years after closure.
• Transaction Data: 7 years as required by Israeli tax law.
• Questionnaire & In-App Data: For as long as your subscription is active, deleted within 30 days of account cancellation.
• Technical Usage Data: Up to 24 months.

8. Your Rights

Under the GDPR and Israeli Privacy Protection Law, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Portability: Receive your data in a structured, common format.
• Right to Object: Object to processing of your data for certain purposes.
• Right to Restrict Processing: Request restriction of data processing.
• Right to Withdraw Consent: Withdraw your consent at any time.

To exercise your rights, contact us at info@gymbrada.com. We will respond to your request within 30 days.

9. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for site operation (authentication, language settings).
• Performance Cookies: Help us understand how users navigate the site.
• Functional Cookies: Remember your preferences (language, theme).

You can manage your cookie preferences through our consent banner or your browser settings.

10. International Data Transfers

Your data may be transferred to and processed in countries outside Israel, including the United States (for Anthropic AI services) and other countries where our infrastructure providers operate. We ensure such transfers are carried out with appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy determinations as required.

11. Data Security

We implement appropriate technical and organizational security measures to protect your information, including SSL/TLS encryption, secure storage, access controls, and regular security assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our Services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on the website and communicated via email. The last updated date appears at the top of this document. Continued use of the Services after changes are posted constitutes acceptance of the updated policy.

14. Contact — Data Protection Officer

For questions, requests, or complaints regarding this Privacy Policy or the processing of your data, contact our Data Protection Officer:

If you are unsatisfied with our response, you have the right to lodge a complaint with the Israeli Law, Information and Technology Authority (ILITA) or a GDPR supervisory authority.