Privacy notice

GIGI Privacy Policy

This policy explains how GIGI processes personal data of users of the app, the web version and connected websites.

Last updated: June 6, 2026

Data controller: Giulio Gentile, individual located in Italy

Project name: G2DEV / GIGI

Contact: contact@g2dev.it

1. Controller and scope

The data controller is Giulio Gentile, an individual located in Italy, operating the G2DEV project and the GIGI app. This policy applies when you use GIGI, create an account, use fitness, nutrition, AI analysis, notifications, health integrations, payments or visit pages connected to the service.

2. Data we process

Account and identity data

Fitness, health and nutrition data

Some of this data may be health data or special-category data under GDPR. We process it only where necessary for the service and, where required, with your explicit consent.

Photos, videos, audio and files

Technical and security data

3. Device permissions and health integrations

GIGI may request permissions for camera, photo library, microphone, notifications, motion sensors and health integrations. You can grant or revoke those permissions from device settings or from the app where available.

If you connect Apple HealthKit or Google Health Connect, GIGI may read data such as steps, active calories, workouts, sleep or other authorized data, and may write completed workouts or supported information. We use this data only to show summaries, personalize the experience and synchronize your progress. We do not use HealthKit or Health Connect data for advertising, behavioral marketing or sale to third parties.

4. Purposes and legal bases

5. Artificial intelligence

GIGI uses artificial intelligence systems to generate plans, suggestions, nutrition analysis, form analysis and coaching content. To provide these features, necessary data may be sent to AI providers such as OpenAI, Google Gemini and ElevenLabs, or processed by the GIGI backend. Where possible, we limit the data sent to what is necessary for the specific feature.

6. Providers and recipients

We may share data with providers acting as processors or independent controllers, to the extent necessary for the service:

We do not sell your personal data. We do not use health data, HealthKit data or Health Connect data for advertising or advertising data mining.

7. Transfers outside the EEA

Some providers, including AI services, stores or cloud infrastructure, may process data in countries outside the European Economic Area. When this happens, we use appropriate safeguards such as adequacy decisions, standard contractual clauses or other measures required by applicable law.

8. Retention

9. Security

We use reasonable technical and organizational measures, including HTTPS/TLS, access controls, environment separation, security logging and data minimization. No system is completely risk-free; if you identify a security issue, contact us at contact@g2dev.it.

10. Cookies and web technologies

The static legal pages use only technologies required for display. The TrainWithGigi landing page uses necessary technical technologies and first-party analytics to measure visits, button clicks, page scroll, selected store, client errors and performance. The landing page shows a cookie notice with an "Accept" button and stores that the notice was acknowledged.

The site may generate a technical notice ID: keep it if you want to request deletion or verification of anonymous events connected to that visit. Advertising pixels or behavioral advertising are not planned in the current setup.

11. Minors

GIGI is intended for users who are at least 16 years old. If you are under 18, use the service only with the involvement and consent of a parent or guardian where required by law. We do not knowingly collect data from minors below the allowed threshold.

12. Your rights

Within the limits of applicable law, you may request access, rectification, erasure, restriction, portability, objection and consent withdrawal. You may also request data export or account deletion from the app privacy features, where available, or by writing to contact@g2dev.it. For anonymous landing data, you may provide the notice ID shown by the site; without that ID we may not be able to link a request to events that are not associated with an account.

You may lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it.

13. Changes

We may update this policy to reflect changes to the service, providers or law. For material changes, we may notify you through the app, email or publication of the new version.