Privacy Policy

1. Who We Are

Myconiq ("we", "us", "our") is a fitness and workout platform operated by Sonami Holding BV, a company registered in the Netherlands. We act as the data controller for personal data processed through the Myconiq app and website, in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

Data Protection Contact: privacy@myconiq.com

General Support: support@myconiq.com

2. What Information We Collect

Account Information

• Registration Data: Name, email address, password (encrypted).
• Profile Information: Display name, profile photo (optional), fitness goals, experience level.

Fitness & Health Data

• Workout Data: Completed workouts, exercises performed, duration, and progress.
• Health Metrics: If you choose to connect Apple Health or Google Health Connect, we may access steps, calories burned, and heart rate data.
• Body Metrics: Weight, height (if provided for calorie calculations).

Subscription & Payment Data

• Subscription Status: Plan type, subscription dates, payment status.
• Transaction Records: Purchase history through App Store or Google Play. We do not store payment card details.

Technical Data

• Device type, operating system, app version.
• IP address (for security and fraud prevention).
• Session cookies and authentication tokens.

3. How We Use Your Information

• Provide the Service: Deliver workouts, track your progress, and personalize recommendations.
• Account Management: Create and manage your account, process subscriptions.
• Communication: Send workout reminders, achievement notifications, and important service updates.
• Improvement: Analyze usage patterns to improve the app experience.
• Security: Detect and prevent fraud, abuse, and security threats.
• Legal Compliance: Comply with applicable laws and regulations.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our fitness services to you.
• Consent (Art. 6(1)(a)): For optional features like health data integration, marketing emails, and analytics.
• Legitimate Interests (Art. 6(1)(f)): For security, fraud prevention, and service improvement.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations.

For health-related data, we rely on your explicit consent under Article 9(2)(a) GDPR.

5. Health Data

Myconiq may process health-related data (workout metrics, heart rate, calories) if you choose to enable health integrations. This data is considered "special category data" under GDPR.

• Health data integration is entirely optional and requires your explicit consent.
• You can disconnect health integrations at any time in the app settings.
• Health data is used solely to enhance your fitness experience and track progress.
• We do not sell or share your health data with third parties for marketing purposes.

6. Data Sharing

We may share your data with:

• Service Providers: Cloud hosting (Hetzner), email services (Resend), analytics providers—all with appropriate data processing agreements.
• Payment Processors: Apple App Store and Google Play handle subscription payments. We receive transaction confirmations but not payment card details.
• Legal Requirements: When required by law, court order, or to protect our rights.

We do not sell your personal data to third parties.

7. International Data Transfers

Your data is primarily stored in the European Union. When we use service providers outside the EU/EEA, we ensure appropriate safeguards:

• EU adequacy decisions for the receiving country.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules where applicable.

8. Data Retention

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Workout History: Retained while your account is active for progress tracking.
• Transaction Records: Retained for 7 years for tax and legal compliance.
• Technical Logs: Retained for up to 90 days for security purposes.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the right to:

• Access (Art. 15): Request a copy of your personal data.
• Rectification (Art. 16): Request correction of inaccurate data.
• Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Portability (Art. 20): Receive your data in a portable format.
• Objection (Art. 21): Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time for consent-based processing.

To exercise these rights, contact us at privacy@myconiq.com.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For the Netherlands:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

Website: autoriteitpersoonsgegevens.nl

10. Security Measures

We implement appropriate technical and organizational measures:

• All data transmitted via HTTPS/TLS encryption.
• Passwords encrypted using industry-standard hashing (bcrypt).
• Data stored in secure European data centers.
• Regular security assessments and updates.
• Access controls and employee training.

11. Cookies

We use essential cookies for:

• Authentication and session management.
• Security (CSRF protection).
• Preferences (theme settings).

We do not use tracking cookies for advertising purposes.

12. Children's Privacy

Myconiq is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us to have it removed.

13. Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or in-app notification. Your continued use of Myconiq after such updates constitutes acceptance of the revised policy.