Zirv Logo

Last updated: July 2, 2026

Privacy Policy

Introduction

This Privacy Policy describes how Zirv Fitness Tracking ("Zirv", "we", "us", or "our"), as the controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 (the "GDPR"), collects, uses, discloses, and otherwise processes the personal data of users of our fitness tracking application and related services (the "Service").

By accessing or using the Service, you acknowledge that you have read this Privacy Policy and that your personal data will be processed as described herein. If you do not agree with this Privacy Policy, you must discontinue use of the Service.

Information We Collect

Personal Information

We collect personal data that you voluntarily provide when registering for an account or otherwise interacting with the Service, including:

  • Name and email address
  • Username and password
  • Profile information (optional)
  • Fitness goals and preferences

Fitness Data

We collect fitness-related data that you input or that is generated through your use of the application:

  • Workout plans and exercise routines
  • Exercise logs (sets, reps, weight)
  • Personal records and achievements
  • Progress tracking data
  • Custom fields and measurements
  • Cardio and outdoor activity data, including GPS location, route, distance, pace, and elevation, collected only while you actively track a session and only with your device's location permission
  • Health and sensor data such as heart rate, cadence, and energy burned, read from Apple Health (HealthKit), Apple Watch, or a connected Bluetooth heart rate sensor, only with your explicit permission
  • Nutrition data you log, including foods, recipes, portion sizes, calorie and macronutrient intake, and products identified by barcode scanning
  • Body measurements and optional progress photos you choose to add

Fitness, health, and nutrition data can constitute special categories of personal data under Article 9 of the GDPR. We process such data solely to provide the tracking, analytics, and progress features you request, on the basis of your explicit consent, which you can withdraw at any time by disabling the relevant permissions or deleting the data or your account.

Data read from Apple Health (HealthKit) is used only to provide the features you request. It is never used for advertising or other data mining purposes, never sold, and never shared with third parties.

Usage Information

We automatically collect certain information about your device and how you interact with our application:

  • Device information and operating system
  • Browser type and version
  • IP address and location data
  • Usage patterns and preferences
  • Log data and analytics

Cookies and Local Storage

We use cookies and browser local storage to operate and improve the Service:

Authentication tokens:
Essential cookies/local storage used to keep you signed in and secure your session
User preferences:
Local storage of your language, theme, and display preferences
Workout session data:
Temporary local storage of in-progress workout data to prevent data loss

We do not use third-party advertising or cross-site tracking cookies. Strictly necessary cookies are exempt from prior consent under Article 5(3) of Directive 2002/58/EC (the "ePrivacy Directive"). You can manage cookie settings through your browser, but disabling strictly necessary cookies may impair core functionality of the Service.

How We Use Your Information

We use the information we collect for the following purposes:

Provide and maintain our service:
To create and manage your account, store your workout data, and provide personalized fitness tracking features.
Improve user experience:
To understand how users interact with our application and make improvements based on usage patterns and feedback.
Communicate with you:
To send you important updates, notifications about your workouts, and respond to your inquiries.
Security and fraud prevention:
To protect our users and prevent unauthorized access or misuse of the application.
Analytics and research:
To analyze trends and user behavior to improve our services and develop new features.

Analytics, Attribution, and Logs

We measure how the Service is used with privacy-friendly tools we host ourselves. We do not sell your data or share it with advertising networks.

Self-hosted analytics
We run cookieless, self-hosted analytics that record aggregate usage such as page views, the referring website, device and browser type, and an approximate country. Your IP address is processed briefly to tell visitors apart and is not stored in raw form. No data is shared with third parties. The legal basis is our legitimate interest in understanding and improving the Service.
Signup attribution
If you arrive from a marketing link and then create an account, we store the acquisition channel (such as utm parameters and the referring site) with your account. This helps us understand which marketing channels work. On the web this is captured only if you accept all in the consent banner, and it is never collected in the mobile app.
Server access logs
Our servers keep access logs that include IP addresses and basic request details. We use these for security, abuse prevention, and keeping the Service running reliably. Logs are retained for a limited period and then deleted.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may disclose your personal data only in the following circumstances:

With Your Consent
We may share your information when you explicitly authorize us to do so, such as when you connect with friends, share workout plans, or make your profile, posts, or workouts visible to others through the social features. You control this visibility in your settings.
Service Providers
We may disclose personal data to vetted third-party service providers acting as processors on our behalf, who assist us in operating the Service. Such processors are bound by written agreements meeting the requirements of Article 28 of the GDPR and may process your data only on our documented instructions.
Legal Requirements
We may disclose your personal data where required by law, valid legal process, or a binding request from a competent public authority, including for the purposes of national security, law enforcement, or compliance with regulatory obligations.

Third-Party Services

We use the following categories of third-party service providers to operate and improve the Service:

Cloud Hosting and Infrastructure
The Service is hosted on servers operated by Hetzner Online GmbH in data centers located within the European Union. All application data and databases are stored on this infrastructure. Hetzner acts as our processor, is contractually bound to protect your data, and processes it only on our instructions.
Payment Processing
Subscription payments are processed through the Apple App Store. We do not directly store or handle your payment card details. Payment processing is governed by the respective platform's privacy policy.
Email Delivery
We use email service providers to send transactional emails such as account verification, password resets, and notifications you have opted into.
Sign-In Providers
You can optionally sign in with Apple or Google. When you do, we receive basic profile information (such as your name and email address) from the provider you choose. The provider's own privacy policy governs its processing.
Push Notifications
If you enable push notifications in the iOS app, notifications are delivered through the Apple Push Notification service. We store a device token to route notifications to your device. You can change your notification preferences or revoke the permission at any time.

Data Security

We implement appropriate technical and organizational measures within the meaning of Article 32 of the GDPR to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit using HTTPS/TLS
  • Secure password hashing using industry-standard algorithms
  • Access controls and authentication mechanisms
  • Secure database storage and backup procedures

Notwithstanding the foregoing, no method of transmission over the Internet or electronic storage is fully secure. While we apply security measures appropriate to the risk in accordance with Article 32 of the GDPR, we cannot guarantee absolute security and accept no liability for unauthorized access caused by factors beyond our reasonable control.

Your Rights and Choices

You have certain rights in relation to the personal data we hold about you, which may be exercised free of charge as set out below:

Access
You can access and review your personal information at any time through your account settings.
Update
You can update or correct your personal information through your account dashboard.
Delete
You may request the erasure of your account and associated personal data, subject to any retention required by applicable law or for the establishment, exercise, or defense of legal claims.
Export
You can request a copy of your data in a portable format for your records.

European Economic Area (EEA) Rights

Zirv Fitness Tracking is established in Denmark and acts as the controller of your personal data within the meaning of Article 4(7) of the GDPR. If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

Legal Basis for Processing

Contract performance:
Processing necessary to provide the Service you signed up for (account management, workout tracking, data storage)
Legitimate interest:
Processing for service improvement, security, and fraud prevention, balanced against your rights
Consent:
Processing based on your explicit consent (e.g., optional notifications, marketing communications), which you may withdraw at any time
Legal obligation:
Processing required to comply with applicable laws and regulations

Additional GDPR Rights

Right to restrict processing:
You may request that we limit how we use your data in certain circumstances
Right to object:
You may object to processing based on our legitimate interests at any time
Right to data portability:
You may request your data in a structured, commonly used, machine-readable format
Right to lodge a complaint:
You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or with the supervisory authority of the EEA member state of your habitual residence, place of work, or place of the alleged infringement of the GDPR

To exercise any of these rights, please contact us. We will respond to your request within 30 days.

International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). Where personal data is transferred to processors or sub-processors located outside the EEA, we rely on appropriate safeguards under Chapter V of the GDPR, including (a) Standard Contractual Clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR, (b) adequacy decisions issued under Article 45 of the GDPR, or (c) such other safeguards as are recognized under the GDPR. A copy of the relevant safeguards may be obtained by contacting us.

By using the Service, you acknowledge that your personal data may be transferred to and processed in countries other than your country of residence, which may have different data protection rules than those applicable in your jurisdiction.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy, including to provide the Service, comply with our legal, accounting, and reporting obligations, resolve disputes, and enforce our agreements. The criteria used to determine retention periods include the nature and sensitivity of the personal data, the purposes for which we process it, the potential risk of harm from unauthorized use or disclosure, and any applicable legal or regulatory retention requirement (for example, financial records under Danish bookkeeping law). Upon deletion of your account, we will erase or irreversibly anonymize your personal data within thirty (30) days, except where retention is required by applicable law or necessary for the establishment, exercise, or defense of legal claims.

Aggregated or irreversibly anonymized data, which can no longer be associated with an identified or identifiable natural person, may be retained for statistical, analytics, and service improvement purposes without further restriction.

Children's Privacy

The Service is intended for users aged sixteen (16) and over. Where the laws of your country of residence permit a lower digital-consent age under Article 8 of the GDPR, that lower threshold shall apply, but in no event below the age of thirteen (13). For users below the applicable digital-consent age, registration and use of the Service requires the verifiable consent of a parent or legal guardian. We do not knowingly collect personal data from children below this threshold without such consent; if we become aware that we have done so, we will delete the data without undue delay. Parents or legal guardians who believe their child has provided personal data without consent may contact us to request its erasure.

Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in our processing activities or to comply with legal, regulatory, or operational requirements. Material changes will be notified to you by posting the revised Privacy Policy on this page and updating the "Last updated" date and, where required by applicable law, by direct notification (such as email).

We encourage you to review this Privacy Policy periodically. Your continued use of the Service following the entry into force of any amendment constitutes acknowledgment of the revised Privacy Policy. Where consent constitutes the legal basis for the relevant processing, we will obtain renewed consent before relying on the amended terms.

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our processing of your personal data, including the exercise of your rights under applicable data protection law, please visit our contact page.

Zirv Fitness Tracking is committed to processing your personal data lawfully, fairly, and transparently in accordance with the GDPR and applicable national data protection law.

Zirv Logo