Privacy notice
GIGI Privacy Policy
This policy explains how GIGI processes personal data of users of the app, the web version and connected websites.
1. Controller and scope
The data controller is Giulio Gentile, an individual located in Italy, operating the G2DEV project and the GIGI app. This policy applies when you use GIGI, create an account, use fitness, nutrition, AI analysis, notifications, health integrations, payments or visit pages connected to the service.
2. Data we process
Account and identity data
- Name, surname or display name, if provided.
- Email address, account identifier and authentication data.
- Data from Apple or Google sign-in, according to permissions granted.
Fitness, health and nutrition data
- Age or age range, sex, height, weight, goals, preferences and training level.
- Workout history, exercises, sets, reps, loads, timing, progress and body measurements.
- Information about injuries, limitations, recovery, sleep, habits and data used to personalize plans.
- Nutrition data, meals, calorie goals, macros, ingredients, food preferences and uploaded diets.
Some of this data may be health data or special-category data under GDPR. We process it only where necessary for the service and, where required, with your explicit consent.
Photos, videos, audio and files
- Meal photos for nutrition analysis.
- Progress photos and images selected by the user.
- Exercise videos for form and technique analysis.
- Audio included in videos or needed for voice features.
- PDFs or files uploaded for nutrition or workout-import features.
Technical and security data
- IP address, device type, operating system, language, app version and technical identifiers.
- Application logs, errors, security events and data needed to prevent abuse.
- Privacy preferences, notification settings, language, consents and user settings.
- For the web landing page, pseudonymous identifiers such as anonymous ID, session ID and notice ID, used to measure visits and interactions.
3. Device permissions and health integrations
GIGI may request permissions for camera, photo library, microphone, notifications, motion sensors and health integrations. You can grant or revoke those permissions from device settings or from the app where available.
If you connect Apple HealthKit or Google Health Connect, GIGI may read data such as steps, active calories, workouts, sleep or other authorized data, and may write completed workouts or supported information. We use this data only to show summaries, personalize the experience and synchronize your progress. We do not use HealthKit or Health Connect data for advertising, behavioral marketing or sale to third parties.
4. Purposes and legal bases
- Service delivery: account, workout plans, nutrition, progress, coaching, synchronization and support. Legal basis: contract or pre-contractual steps.
- Health data and sensitive content: fitness/nutrition personalization, HealthKit/Health Connect, photo/video analysis. Legal basis: explicit consent and necessity for the requested service.
- Payments and subscriptions: purchases, entitlements and support. Legal basis: contract and legal obligations.
- Security and abuse prevention: account protection, debugging, logging and service integrity. Legal basis: legitimate interest.
- Notifications: reminders and operational messages, if enabled. Legal basis: consent or user-requested setting.
- Landing and product analytics: statistics about visits, clicks, stores, funnels and stability. For the web landing page we use first-party analytics to measure page effectiveness and show a cookie notice with an acceptance button. Legal basis indicated by the controller: consent/legitimate interest according to configuration.
- Email marketing: only if you gave separate consent. Legal basis: consent.
5. Artificial intelligence
GIGI uses artificial intelligence systems to generate plans, suggestions, nutrition analysis, form analysis and coaching content. To provide these features, necessary data may be sent to AI providers such as OpenAI, Google Gemini and ElevenLabs, or processed by the GIGI backend. Where possible, we limit the data sent to what is necessary for the specific feature.
6. Providers and recipients
We may share data with providers acting as processors or independent controllers, to the extent necessary for the service:
- Apple and Google, for app distribution, sign-in, stores, payments and platform services.
- RevenueCat, for subscriptions, entitlements and receipts.
- Firebase/Google, for push notifications, technical infrastructure and connected services configured in the app.
- OpenAI, Google Gemini and ElevenLabs, for AI, vision, text or voice features.
- Backend servers, databases and storage managed on controlled infrastructure in the EU.
- Email, security, support, logging or monitoring providers, where necessary.
We do not sell your personal data. We do not use health data, HealthKit data or Health Connect data for advertising or advertising data mining.
7. Transfers outside the EEA
Some providers, including AI services, stores or cloud infrastructure, may process data in countries outside the European Economic Area. When this happens, we use appropriate safeguards such as adequacy decisions, standard contractual clauses or other measures required by applicable law.
8. Retention
- Account data: for the duration of the account and then as needed for legal obligations, security and legal claims.
- Workouts, nutrition, progress and preferences: while the account is active or while needed for requested features.
- Photos, videos, audio and files: while needed for the feature, the user-selected history or until account/content deletion.
- Technical and security logs: normally up to 12 months, unless needed for investigations, abuse prevention or legal obligations.
- Landing analytics events and related anonymous consent records: normally up to 13 months, then automatic deletion or non-identifiable aggregation.
- Backups: deletion or overwrite normally within 90 days according to technical backup cycles.
9. Security
We use reasonable technical and organizational measures, including HTTPS/TLS, access controls, environment separation, security logging and data minimization. No system is completely risk-free; if you identify a security issue, contact us at contact@g2dev.it.
10. Cookies and web technologies
The static legal pages use only technologies required for display. The TrainWithGigi landing page uses necessary technical technologies and first-party analytics to measure visits, button clicks, page scroll, selected store, client errors and performance. The landing page shows a cookie notice with an "Accept" button and stores that the notice was acknowledged.
The site may generate a technical notice ID: keep it if you want to request deletion or verification of anonymous events connected to that visit. Advertising pixels or behavioral advertising are not planned in the current setup.
11. Minors
GIGI is intended for users who are at least 16 years old. If you are under 18, use the service only with the involvement and consent of a parent or guardian where required by law. We do not knowingly collect data from minors below the allowed threshold.
12. Your rights
Within the limits of applicable law, you may request access, rectification, erasure, restriction, portability, objection and consent withdrawal. You may also request data export or account deletion from the app privacy features, where available, or by writing to contact@g2dev.it. For anonymous landing data, you may provide the notice ID shown by the site; without that ID we may not be able to link a request to events that are not associated with an account.
You may lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it.
13. Changes
We may update this policy to reflect changes to the service, providers or law. For material changes, we may notify you through the app, email or publication of the new version.