Privacy Policy

Last updated: April 11, 2026

1. Introduction

Athlo ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

2. Information We Collect

We collect the following types of information:

• Account Information: Name, email address, and encrypted password when you create an account.
• Profile Data: Fitness goals, training preferences, and progress data you provide.
• Usage Data: Information about how you interact with our app, including features used and session duration.
• Device Information: Device type, operating system, and unique device identifiers for app functionality.
• Communication Data: Messages sent through in-app messaging features.
• Health & Fitness Data (with your permission): If you choose to connect Apple Health (iOS) or Health Connect (Android), we read: daily step count, active calories burned, heart rate samples and zone breakdown, walking/running distance, and workout sessions (type, duration, pace). We may also write workout summaries back to your device health store so your activity appears in Apple Health or Health Connect.

3. Health Data — Apple HealthKit & Google Health Connect

Athlo integrates with Apple HealthKit (iOS) and Google Health Connect (Android) to provide fitness tracking, XP rewards, and progress insights. By connecting these services you grant Athlo permission to read and, where applicable, write the health data types listed above.

How we use health data: Health data is used exclusively to calculate daily fitness XP, display progress rings, track streaks, and populate leaderboards within the app. A summary of daily health metrics (step count, calories, heart rate zone minutes, distance, workout minutes) is stored on our servers so your XP awards persist across devices.

Health data will not be used for advertising, marketing, or data mining. We do not use health data to serve advertisements, build advertising profiles, or share it with ad networks. Health data is never sold to or shared with third parties for any purpose other than providing the core fitness tracking service described above.

Health data will not be shared with third parties except your assigned trainer or gym (who can see your XP totals and leaderboard position as part of the coaching service), and our infrastructure provider (Supabase) which stores encrypted data on your behalf.

You can disconnect Apple Health or Health Connect at any time in your device Settings. Disconnecting stops all future data reads. Previously synced XP awards remain on your account but no new health data will be accessed.

4. How We Use Your Information

We use collected information to: provide and maintain our service, personalize your experience, process transactions, send important notifications, improve our app, and comply with legal obligations.

5. Data Storage & Security

Your data is stored securely on Supabase infrastructure with enterprise-grade encryption at rest and in transit (AES-256, TLS 1.3). We implement strict access controls and regular security audits.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Data may be shared with: your assigned trainer/gym (as part of the service), infrastructure providers (Supabase, hosting), and law enforcement when legally required.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy. Upon account deletion, personal data is permanently removed within 30 days.

8. Your Rights

You have the right to: access your personal data, correct inaccurate data, request deletion of your data, restrict processing, data portability, and withdraw consent at any time.

9. Children's Privacy

Our service is not directed to individuals under 16. We do not knowingly collect personal information from children.

10. Contact

For privacy inquiries, contact us at: support@athloapp.eu