Privacy Policy
Last updated: June 10, 2026
FitnessSwipe is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable European data protection law.
1. Data Controller
The data controller responsible for your personal data is:
Sylwester Kamys
Operating as: FitnessSwipe
Email: support.fitnessswipe@gmail.com
Website: fitnessswipe.app
2. What Data We Collect
We collect the following categories of personal data:
- Account data: email address, password (encrypted)
- Profile data: name, age, gender, country, city, bio, profile photos
- Fitness data: training goals, fitness level, experience, preferred exercises, training schedule
- Location data: approximate GPS coordinates (used to find nearby partners)
- Usage data: swipes, matches, messages, app activity
- Verification data: verification photo (stored securely, not public)
- Device data: push notification token, device type
3. How We Use Your Data
We use your personal data for the following purposes:
- To create and manage your account (legal basis: contract performance)
- To show you relevant training partner suggestions nearby (legal basis: contract performance)
- To enable messaging between matched users (legal basis: contract performance)
- To verify your identity and ensure platform safety (legal basis: legitimate interest)
- To send push notifications about matches and messages (legal basis: consent)
- To improve the app and fix technical issues (legal basis: legitimate interest)
- To comply with legal obligations (legal basis: legal obligation)
4. Data Sharing
We do not sell your personal data. We share data only with:
- Supabase (supabase.com) — our database provider, servers in EU (Frankfurt). Data Processing Agreement in place.
- OpenAI (openai.com) — for AI bio generation and profile verification. Only the data you explicitly submit for these features is shared.
- Expo (expo.dev) — for push notifications delivery.
- Apple / Google — for app distribution via App Store and Google Play.
All third-party processors are bound by data processing agreements and comply with GDPR.
5. Data Storage and Security
Your data is stored on Supabase servers located in Frankfurt, Germany (EU). We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted passwords (never stored in plain text)
- Encrypted data transmission (HTTPS/TLS)
- Row-level security in our database
- Regular security reviews
6. Data Retention
We retain your personal data for as long as your account is active. When you delete your account:
- Your profile, photos, and messages are permanently deleted within 30 days
- Your location data is deleted immediately
- Anonymized usage statistics may be retained for analytics
7. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — delete your account and all associated data
- Right to restriction — limit how we process your data
- Right to data portability — export your data in a structured format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent for push notifications at any time
To exercise any of these rights, contact us at support.fitnessswipe@gmail.com. We will respond within 30 days.
8. Location Data
We request access to your device location to show you training partners nearby. Location is:
- Only collected when you grant permission
- Stored as approximate coordinates (not exact address)
- Updated when you open the app
- Never shared with other users in precise form (only approximate distance is shown)
- Deleted when you delete your account
9. Photos and Verification
Profile photos are stored securely and displayed to other users as part of your profile. Verification photos are stored separately and are never visible to other users — they are used only for identity verification purposes.
AI-powered verification is processed by OpenAI. The verification photo is sent to OpenAI's API solely for verification and is not used for training AI models (we use the API with data opt-out enabled).
10. Children's Privacy
FitnessSwipe is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately at support.fitnessswipe@gmail.com.
11. Cookies
The FitnessSwipe mobile app does not use cookies. Our website (fitnessswipe.app) may use essential cookies for functionality only.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email. Continued use of the app after changes constitutes acceptance of the updated policy.
13. Complaints
If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national data protection authority. In the Netherlands: Autoriteit Persoonsgegevens. In Poland: UODO.
14. Contact
For any privacy-related questions or to exercise your rights:
Email: support.fitnessswipe@gmail.com
We aim to respond within 5 business days.