Privacy Policy

1. Introduction

Gymbrada ("we", "our", "the Company") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use gymbrada.com and related services. This policy complies with the European Union General Data Protection Regulation (GDPR) and the Israeli Privacy Protection Law, 5741-1981.

2. Data Controller

3. Data We Collect

3.1 Personal Information

• Full name, email address, phone number
• Shipping address
• Date of birth and gender

3.2 Fitness Questionnaire Data

• Height, weight, body measurements
• Current fitness level and training goals
• Relevant medical history (allergies, limitations)
• Dietary preferences and nutrition habits

3.3 Payment Information

• Payment details processed through PayPorto — we do not store full credit card numbers
• Transaction history and billing details

3.4 Usage Data

• IP address, browser type, and operating system
• Pages viewed, time spent, and navigation patterns
• Device identifiers and general location data

4. How We Use Your Data

• Service Delivery: Creating personalized training and nutrition plans, processing orders and shipments.
• AI Recommendations: Using questionnaire data to generate personalized plans via Anthropic (Claude) AI services.
• Communications: Sending order updates, account notifications, and marketing communications (with your consent).
• Service Improvement: Analyzing usage patterns to improve the platform.
• Legal Compliance: Fulfilling legal and regulatory obligations.

5. Legal Basis for Processing

• Consent: For marketing communications, non-essential cookies, and processing health-related data.
• Contract Performance: To deliver the services you have subscribed to, including order processing and plan generation.
• Legitimate Interest: For service improvement, security, and fraud prevention.
• Legal Obligation: To comply with legal and regulatory requirements.

6. Data Sharing

We share your information only with the following parties:

• PayPorto (Payment Processing): Your payment details are securely transmitted for transaction processing. PayPorto is PCI DSS compliant.
• Anthropic / Claude (AI Services): Your fitness questionnaire data (without directly identifying information) is transmitted to generate personalized training and nutrition plans.
• Dropshipping Suppliers: Your shipping address and order details are shared for product fulfillment.
• Law Enforcement: When required by legal process or court order.

We do not sell your personal information to third parties for marketing purposes.

7. Data Retention

We retain your personal data according to the following principles:

• Account Data: For as long as your account is active, and up to 3 years after closure.
• Transaction Data: 7 years as required by Israeli tax law.
• Questionnaire Data: For as long as your subscription is active, deleted within 30 days of account cancellation.
• Usage Data: Up to 24 months.

8. Your Rights

Under the GDPR and Israeli Privacy Protection Law, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Portability: Receive your data in a structured, common format.
• Right to Object: Object to processing of your data for certain purposes.
• Right to Restrict Processing: Request restriction of data processing.
• Right to Withdraw Consent: Withdraw your consent at any time.

To exercise your rights, contact us at info@gymbrada.com. We will respond to your request within 30 days.

9. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for site operation (authentication, language settings, shopping cart).
• Performance Cookies: Help us understand how users navigate the site.
• Functional Cookies: Remember your preferences (language, theme).

You can manage your cookie preferences through our consent banner or your browser settings.

10. International Data Transfers

Your data may be transferred to and processed in countries outside Israel, including the United States (for Anthropic AI services) and other countries (for dropshipping suppliers). We ensure such transfers are carried out with appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy determinations as required.

11. Data Security

We implement appropriate technical and organizational security measures to protect your information, including SSL/TLS encryption, secure storage, access controls, and regular security assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our Services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on the website and communicated via email. The last updated date appears at the top of this document. Continued use of the Services after changes are posted constitutes acceptance of the updated policy.

14. Contact — Data Protection Officer

For questions, requests, or complaints regarding this Privacy Policy or the processing of your data, contact our Data Protection Officer:

If you are unsatisfied with our response, you have the right to lodge a complaint with the Israeli Law, Information and Technology Authority (ILITA) or a GDPR supervisory authority.