Privacy Policy

Last updated: 09.12.2025

This Privacy Policy explains how personal data is collected, processed, and used when using the mobile application “RingsX” , in accordance with the EU General Data Protection Regulation (GDPR).

1. Controller (Data Protection Authority)

The controller within the meaning of Article 4(7) GDPR is:

Tobias Huemer
Sole Proprietor (Einzelunternehmen), Austria
Tachlau 2
4655 Vorchdorf
Austria
Email: info.ringsx@gmail.com

2. Scope of This Privacy Policy

This Privacy Policy applies exclusively to the use of the RingsX mobile application. It does not apply to external websites or third-party services that may be linked within the App.

3. Types of Data Processed

3.1 Account & Authentication Data

RingsX allows the following login methods:

Email and password
Sign in with Apple
Google Sign-In
Anonymous accounts

Processed data:

Email address (if provided)
Pseudonymous user ID
Authentication tokens
Account creation timestamp and last login time

Passwords are processed exclusively by Firebase Authentication and are never stored in plain text by us.

Purpose:
User identification, account management, security, and access to personalized features.

Legal basis:
Article 6(1)(b) GDPR (performance of a contract).

3.2 User Profile Data (Synced to Cloud)

The following profile and fitness-related data may be entered by the user and is stored locally and synchronized with Firebase Firestore when the user is authenticated:

Gender
Age
Weight
Height
Fitness goals
Skills
Equipment
Training preferences
MyHex fitness statistics:
- Pull strength
- Push strength
- Core control
- Straight-arm strength
- Mobility score
Premium subscription status (isPremium)

These data are stored under:

userProfile.data
premiumStatus

Purpose:
Personalization of training plans, progress analysis, cross-device synchronization, and subscription management.

Legal basis:
Article 6(1)(b) GDPR.

3.3 Training & Workout Data

RingsX stores various training-related data, including:

Completed workouts, exercise logs, and workout history
Personal records and performance progression
Custom workouts and training plans created by you
Custom training splits
Favorite muscle workouts and training preferences
Progress within your active training split (e.g. current day, completed sessions, loops)

Synced to Firebase Firestore:
Certain configuration and planning data are synchronized to the cloud under your user account, specifically:

Your user profile and fitness assessment data (gender, age, height, weight, goals, equipment, MyHex stats, etc.)
Custom workouts and training plans
Custom training splits
Favorite muscle workouts and training preferences
Progress and state of your active training split
Your premium subscription status

This allows you to restore your plans and preferences, and to use them across devices.

Local-only data:
Completed workout sessions, detailed workout history, personal records, and your profile image are stored only on your device and are not synchronized to Firebase Firestore.

Purpose:
Providing core app functionality, personalized training plans, cross-device synchronization and a consistent user experience.

Legal basis:
Article 6(1)(b) GDPR (performance of a contract).

3.4 Subscriptions & Payments (StoreKit)

Premium features are billed via Apple In-App Purchases (StoreKit).

We process only:

Current premium status (active/inactive)
Product identifier

All payment processing and billing data are handled exclusively by Apple. We never receive or store any credit card or banking information.

Legal basis:
Article 6(1)(b) GDPR.

3.5 Photos (Profile Picture)

If you upload a profile picture, the app accesses your photo library only for selecting that image.

Stored locally on the device
Used only as a profile image
Not used for analytics or advertising

Legal basis:
Article 6(1)(b) GDPR and user consent via the iOS system dialog.

3.6 Device & Technical Data

When using the App, the following technical data may be processed by Apple, Firebase and Google automatically:

IP address
Device model
Operating system
App version
Language
Time zone
Diagnostic and log data

Purpose:
Security, fraud prevention, system stability, and technical operations.

Legal basis:
Article 6(1)(f) GDPR (legitimate interest in secure app operation).

4. Third-Party Services

4.1 Firebase (Google)

RingsX uses services provided by:

Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland
(Processing may also occur in the USA by Google LLC)

Used services:

Firebase Authentication
Firebase Firestore
Firebase Analytics (with consent)

Google acts as a data processor under GDPR. Standard Contractual Clauses (SCCs) are in place for third-country transfers.

4.2 Firebase Analytics & Google Signals (With Consent)

If you explicitly consent to analytics and personalized advertising, Firebase Analytics with Google Signals is activated.

Processing includes:

App usage data
Interaction behavior
Pseudonymous device identifiers
Campaign attribution
Demographic and interest-based reports (where available)

Purpose:

Measuring app usage
Improving RingsX
Measuring and optimizing marketing campaigns
Creating remarketing audiences (e.g., users who installed but did not subscribe)

Legal basis:
Article 6(1)(a) GDPR (consent).

International transfer:
Data may be transferred to the USA. Google relies on SCCs and additional safeguards.

4.3 Apple Sign-In

Used for secure authentication. Apple may process:

Apple user ID
Optional name and email (or relay email)

Legal basis:
Article 6(1)(b) GDPR.

4.4 Google Sign-In

Used for authentication. Google may provide:

Google email address
Name
Google user ID

Legal basis:
Article 6(1)(b) GDPR.

5. Consent, Tracking & App Tracking Transparency (ATT)

When first starting RingsX, you can choose whether to allow:

Analytics & personalized advertising, or
Use the app without tracking

If you consent, Apple’s App Tracking Transparency (ATT) system dialog will appear. Tracking is enabled only if both:

You consent inside RingsX, and
You allow tracking in the iOS ATT dialog

You can change your choice at any time:

In the app under Settings → Data & Privacy
Or in iOS under Settings → Privacy & Security → Tracking

You may withdraw your consent at any time with effect for the future.

6. Data Retention

User account & cloud data:
Stored until deletion by the user or after prolonged inactivity (typically up to 24 months).
Analytics data:
Automatically deleted after 14 months.
Local data:
Remains stored on the device until manually deleted, app reinstallation, or account deletion.

7. Your Rights Under GDPR

You have the right to:

Access your data (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (“Right to be forgotten”) (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Withdrawal of consent (Art. 7(3) GDPR)

Requests can be sent to:
[Your Contact Email]

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).

8. Data Export & Account Deletion

RingsX provides built-in functions to:

Export your personal data in machine-readable format
Delete your account completely, which removes:
- Your Firebase Authentication account
- All synchronized Firestore data
- All local app data

9. Data Security

Appropriate technical and organizational safeguards are used, including:

Encrypted connections
Access control
Secure Firebase infrastructure
Regular software updates

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy if legal or technical conditions change. The most current version is always available in the RingsX app.

11. Contact

For any privacy-related questions or requests:

Tobias Huemer
Austria
Email: info.ringsx@gmail.com