Privacy Policy

This Privacy Policy explains how Webita Agency OÜ (Järvevana tee 9, Tallinn, 11314, Estonia; contact: info@traingen.eu) processes personal data through traingen.eu and the TrainGen app (app.traingen.eu). It includes health data processing where users explicitly authorize integrations (for example Apple Health/HealthKit and Google Health Connect).

Data Controller

Webita Agency OÜ, Järvevana tee 9, Tallinn, 11314, Estonia. VAT ID: EE102810237. Contact: info@traingen.eu

Data accessed/collected and how it is used

Depending on the features used, we may access/collect:

• Account/profile data: email, user identifiers, display name, trainer bio, profile photo.
• Fitness data manually provided by users: goals, level, availability, workout preferences.
• Health data (when authorized): for example steps, activities/workouts, entered/related calories, and related metrics from Apple Health/HealthKit and Google Health Connect.
• Operational data: chat/messages, technical metadata, security logs, service usage data.
• Payment data: processed by external providers (for example Stripe); we do not store full card details.

We use this data to deliver app features, personalize plans/workouts, show progress, manage subscriptions/payments, keep the service secure, prevent abuse, and provide support.

Health data: specific disclosure

Health data is processed only to provide requested fitness and coaching features (activity monitoring, progress analysis, and workout personalization). We do not sell health data and do not use it for personalized advertising. Access depends on device permissions and can be revoked at any time in system/app settings.

Cookies

The landing uses only technical/necessary cookies. No analytics or profiling cookies are used. Future tools may be introduced; we will update this notice and, where required, show a consent banner.

Purposes and legal bases

Contract performance for requested services (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c)), legitimate interest for service security and abuse prevention (Art. 6(1)(f)), and where required, user consent for specific integrations and health data (Art. 6(1)(a), Art. 9(2)(a)).

Data retention

We retain data only as long as needed for the purposes above:

• Account/profile data: until account deletion or valid deletion request.
• Fitness/health operational data: while the account is active, unless deleted earlier upon request.
• Chat/technical data: for the time needed to provide and secure the service.
• Security logs: generally up to 12 months unless legal/security requirements apply.
• Payment-related admin/fiscal data: retained according to applicable legal obligations.

How users can delete data/account

Users can request deletion of data and/or account by:

• Using the in-app Settings/Account deletion flow (when available).
• Emailing info@traingen.eu with account details to be deleted.

After identity/account verification, we delete or anonymize data not subject to legal retention. Data required by law (for example fiscal/accounting records) is retained only for the legally required period.

Third parties

We rely on hosting/CDN providers and security tooling acting as processors under contractual terms aligned with GDPR. Payments are handled by external providers such as Stripe.

Transfers outside the EEA

Where non-EEA countries are involved, we apply appropriate safeguards (standard contractual clauses or equivalent instruments) in compliance with GDPR Chapter V.

Data subject rights

You may exercise rights under Arts. 15–22 GDPR (access, rectification, erasure, restriction, portability, objection) by writing to info@traingen.eu. You have the right to lodge a complaint with the competent supervisory authority.

Security

We adopt appropriate technical and organizational measures to protect the integrity and confidentiality of processed data.

Updates

We may update this notice to reflect regulatory or technical changes. Last update: 10/06/2026.