Gymlan Privacy Policy

Last updated: 01/27/2026

At Gymlan, we value your privacy and are committed to protecting your personal data. This policy explains how we collect, use, share, and protect your information in compliance with Argentine and international data protection legislation.

1. Data Controller

Gymlan Argentina S.A.S., located in Buenos Aires, Argentina, is the controller of your personal data. We comply with Argentina's Personal Data Protection Law 25.326 and the General Data Protection Regulation (GDPR) for European users.

1.1. GDPR Regulations for European Users

If you are a user from the European Union, you have additional rights under the GDPR. For detailed information about your specific rights, data deletion processes, response times, and how to exercise your rights under European regulations, consult our Detailed GDPR/CCPA Information.

1.2. Limited Use Disclosure (Health Connect)

The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements. Gymlan does not use Health Connect data for advertising, nor does it transfer it to data brokers or resellers.

2. Information We Collect

We collect different types of information to provide you with the best service:

  • Registration data: name, age, gender, email, phone number.
  • Profile information: profile pictures, personal description, workout preferences. Permissions Use: We request access to the CAMERA and GALLERY only when you decide to upload or change your profile picture. We do not access your camera roll or camera without your direct action.
  • Health and Fitness Data (Health Connect): Specifically, we collect data you voluntarily provide, such as: Body weight, Height, Personal Records (PRs) for exercises (e.g., Bench Press, Squat), body fat percentage (if applicable), and fitness goals (e.g., 'Gain muscle mass'). This data is used SOLELY to personalize your experience, calculate your approximate level, and suggest compatible workout partners.
  • Professional and Verification Data (Trainers): Certificates, license, and CV. For the KYC (Know Your Customer) process, we collect: ID/Passport images (encrypted at rest) and a real-time Selfie. IMPORTANT NOTE: The selfie is used SOLELY for visual identity matching against the presented document and is not added to massive facial recognition databases.
  • Location data: APPROXIMATE location (City/Neighborhood) to show nearby users or gyms. We DO NOT share your precise real-time location with other users for safety reasons.
  • Usage information: app interactions, matches, messages, usage time.
  • Technical data: IP address, device type, operating system, unique identifiers (like Android Advertising ID).
  • Payment information: Purchase history for subscriptions or tokens (securely processed by Google Play Billing).

3. Legal Basis and Purposes of Processing

We process your data under the following legal bases and purposes:

  • Consent: to create your profile and process photos and sensitive health/fitness data.
  • Contractual performance: to provide the matching service, chat, and trainer hiring.
  • Legitimate interest: to improve the service, prevent fraud, show relevant advertising, and guarantee security.
  • Legal obligation: to comply with fiscal requirements (billing for trainers) and legal obligations.
  • Automated Decisions (Art. 22 GDPR): We use automated technology to detect fraud and verify documents. If an automated decision (e.g., profile rejection) significantly affects you, you have the right to request human intervention, express your point of view, and contest the decision by contacting support.

4. How We Use Your Information

We use your data for the following purposes:

  • Create and manage your account and public profile.
  • Matching Algorithm: We use your fitness data (Goals, Level) to suggest compatible partners (Gym Partners).
  • Professional Connection and Verification: Facilitate hiring certified trainers and verify their identity and credentials for everyone's safety.
  • Enable secure communication among users (Chat and Groups).
  • Advertising and Marketing: Show relevant ads via Google AdMob based on general interests (without sharing your real identity).
  • Improve our services through usage analysis (Firebase Analytics) and feedback.
  • Detect and prevent fraud, spam, fake profiles, and malicious activities.

5. Information Sharing and Disclosure

We share your information in the following circumstances:

  • With other users: Your public profile (Name, Photo, Bio, Gym Stats, City) is visible to other users in the 'Explore' section.
  • Service providers: Google Firebase (hosting and database), Google AdMob (advertising).
  • Payment processors: Google Play Billing processes all transactions; Gymlan does not store full credit card numbers.
  • Legal authorities: when required by law or to protect rights and public safety.

6. International Transfers

Your data may be transferred and processed on servers located in the US (Google Cloud/Firebase). Gymlan ensures adequate levels of protection by adopting Standard Contractual Clauses (SCC) approved by the European Commission and recognized by the Argentine AAIP, ensuring your data travels safely.

7. Your Rights and Portability

You have the right to Access, Rectify, Cancel, and Oppose the processing of your data. Additionally, we guarantee your right to PORTABILITY: you can request a copy of your personal data in a structured, machine-readable format (JSON/CSV) by contacting our support.

8. Security, IDs, and KYC Providers

We implement SSL/TLS encryption. Identity documents are stored securely in Google Cloud with restricted access (Compliance). We may use third-party Identity Verification (KYC) service providers under strict confidentiality agreements to authenticate document validity. If you revoke your consent for this verification, your Trainer account will be suspended immediately due to an inability to meet our security standards.

9. Data Retention and Account Deletion

Upon an account deletion request, your personal data will be deactivated immediately and will remain inactive in our secure systems for a retention period of 90 days for legal and fraud prevention purposes. During this time, the information will not be publicly visible. After 90 days, the data will be permanently and automatically deleted.

10. Cookies, Advertising, and Tracking

We use anonymous identifiers and similar technologies:

  • Google AdMob: We use your device's Advertising ID to show personalized ads. You can limit this from your phone's settings.
  • Firebase Analytics: We collect anonymous usage data to understand how to improve the app (most used screens, errors, etc.).
  • Session cookies: Necessary to keep your user logged in securely.
  • MercadoPago/Payments (in applicable regions): If you make direct purchases, your financial data is securely processed/encrypted. Gymlan does not store full card numbers.

11. Minors

Gymlan is intended exclusively for individuals over 18 years of age. We do not intentionally collect data from minors. If you discover that a minor has provided personal information, please contact us immediately to remove such data. Parents or guardians can contact us to verify, modify, or delete a minor's information.

12. Marketing and Communications

We may send you marketing communications about our services. You can always:

  • Opt-out of promotional emails using the unsubscribe link
  • Disable push notifications from your device settings
  • Manage communication preferences from your in-app profile
  • Contact our support to update your marketing preferences

13. Device Permissions Explained

We request specific permissions for key functionalities:

  • Location (GPS): To suggest nearby gym partners (Proximity-based Matching).
  • Camera/Gallery: So you can set your profile picture and verify your identity.
  • Notifications: To notify you of new messages or matches.
  • Physical Activity: To sync steps and calories via Health Connect.

14. Automated Decisions and AI

We use algorithms and Artificial Intelligence technologies to:

  • Suggest compatible matches based on preferences (Algorithmic Matching).
  • Automatically detect inappropriate content or spam (Content Moderation).
  • We do not make automated decisions that produce significant legal effects without human intervention.

15. Changes to the Privacy Policy

We may update this policy occasionally to reflect changes in our practices or due to legal requirements. We will notify you of significant changes at least 30 days in advance via the app, email, or a notification on our website. We recommend reviewing this policy periodically.

16. Terms and Conditions

This privacy policy should be read alongside our Terms and Conditions, which establish the rules for using Gymlan and complement this privacy policy.

17. Contact and Data Deletion

To exercise your rights or request the COMPLETE DELETION of your account and data, you can:

  • Delete your account directly from the app in 'Settings > Delete Account'.
  • Request remote deletion by emailing: privacy@gymlan.com
  • Visiting our Contact Center.
  • Physical mail: Gymlan Argentina S.A.S., Buenos Aires, Argentina
Gymlan Mascot