No Fuss Gym - Mobile App | Last updated: June 2026
At No Fuss Gym, your privacy is a priority. This policy explains clearly what data we collect, why we collect it, how we protect it, and what your rights are.
Our approach is built on four principles: full transparency (no hidden collection, no fine print); minimization (we only collect what's necessary); respect (your data is never sold or used for advertising); control (you can delete everything at any time).
When you create an account, we collect:
Alternative sign-in methods: Sign in with Google (OAuth) — we retrieve your email and name only, no access to contacts or Gmail; Sign in with Apple (OAuth) — we retrieve your email (or Apple's masked email) and your name.
No financial data is collected by No Fuss Gym. Payments are handled exclusively by the Apple App Store and Google Play Store.
Workout data: sessions logged (date, time, duration), exercises performed (name, sets, reps, weight, tempo), custom programs, full history, personal records (PRs), session notes and comments.
Body measurements: weight, waist, hips, chest, etc., tracked over time.
Calculated health metrics (sensitive data, GDPR Article 9): BMI, estimated body fat percentage, Waist-to-Hip Ratio (WHR), Waist-to-Height Ratio (WHtR), Adonis Ratio. These metrics are calculated locally on your device using standardized mathematical formulas. They do not constitute a medical diagnosis in any way.
Progress photos (Photobook): photos taken via the app or imported from your gallery, along with their EXIF metadata (date, time). These photos are stored locally on your device only. They never leave your phone, except for Premium users who manually enable the specific photo cloud sync from Settings › Preferences › Sync Photos.
User preferences: measurement units, interface language, theme, notifications, cloud sync options.
Device information: smartphone model, operating system and version, app version, language and time zone.
Connection data: date and time of login, IP address (for security and abuse detection), connection type.
Crash and error reports (via Sentry): pseudonymized reports, technical error logs for bug fixes. No health, fitness or personally identifying data is included in these reports.
Cookies and trackers: no advertising cookies, no marketing trackers. Only the JWT authentication tokens stored locally (iOS/Android SecureStorage) and local preferences (language, theme, units).
If you enter a referral code at sign-up (this step is optional), we collect:
This data is only collected if you choose to enter a referral code. If you skip that step, none of this data is collected.
We use your data solely for: account management; app functionality (workouts, metrics, statistics); cloud sync (Premium users); transactional communications (password reset, security alerts); app improvement through aggregated and anonymized statistics; the referral program and its associated fraud prevention; security and fraud prevention.
What we never do: sell or rent your data to third parties; use your data for targeted advertising; share your data with commercial partners; analyze your data for marketing profiling; use your photos for anything other than your personal use.
By default, all your data is stored locally on your smartphone via Isar (a database isolated within the app). Advantage: works 100% offline, your data stays on your device. Drawback: data is lost if you switch phones without an active cloud backup.
Provider: Supabase Inc.
Location: EU-West (European Union)
Compliance: GDPR, ISO 27001, SOC 2 Type II
Data synced to the cloud: user profile, full workout history, body measurements, custom programs.
Photobook photos: stored locally only by default, including for Premium users. Photo cloud sync is an option you must enable manually from Settings › Preferences › Sync Photos. Without this, your photos never leave your device.
Security: encryption in transit (HTTPS/TLS), encryption at rest (AES-256), access restricted to your account only, automatic regular backups.
All fitness and account data is stored within the European Union (Supabase EU-West). For Apple and Google: OAuth authentication only transfers your email and name (no fitness data). For Sentry: pseudonymized technical data only, processed on EU servers. No health or fitness data is transferred outside the EU.
Access is strictly limited to the data controller (RoninKa Studio), solely for maintenance and technical support purposes. Your data is never accessed for commercial or marketing purposes.
We never share your data with advertisers, data brokers, commercial partners or social networks. Your data is yours.
We may be required to disclose your data upon request from a judicial authority or to comply with a legal obligation. In such cases, we will limit disclosure to the strict minimum.
As long as you use the app, all your data is retained. No automatic deletion during the active use period.
Account deletion triggers a 30-day "soft delete" period, during which recovery is still possible in case of a mistake. After 30 days: irreversible and complete deletion of all your data. No recovery is possible after that point.
Billing documents provided by Apple and Google may be retained for up to 7 years in accordance with Belgian accounting law. These documents do not contain your fitness or health data.
If you don't log in for 24 consecutive months, a reminder email will be sent 30 days before automatic deletion. Without a response or reconnection, your account and data will be deleted automatically.
In the event of a compromise: notification to the Belgian DPA within 72 hours; individual notification to all affected users; detailed report on the data involved and corrective measures taken. Full transparency: we will communicate without downplaying the incident.
Request a copy of all your data from the app (Settings › My Data › Export) or by email at contact@nofussgym.com. Response time: one month maximum.
Correct your data directly in the app (Settings › Profile or Settings › Account). For data that cannot be edited in-app: contact@nofussgym.com.
Delete your account from Settings › Account › Delete My Account, or by email. Timeline: 30-day soft delete, then permanent deletion.
Export your data in JSON or CSV from Settings › My Data › Export. Portable data includes: user profile, full workout history, body measurements, custom programs.
You also have the right to restriction of processing (Art. 18), the right to object (Art. 21) and the right to withdraw consent (Art. 7). No Fuss Gym does not use any automated decision-making or profiling system.
Email: contact@nofussgym.com
Legal response time: one month maximum (usually within 48 to 72 hours).
Exercising your rights is completely free of charge.
No Fuss Gym is intended for users aged 16 and over. If a user under 16 is found to have created an account, the account will be suspended or deleted immediately.
For users aged 16-18, parental or guardian consent and supervision are strongly recommended, given the injury risks associated with strength training and the importance of adapting programs to a still-developing body.
No Fuss Gym uses no cookies or trackers for advertising or marketing purposes. No Google Analytics, Facebook Pixel, or behavioral analytics tools. Only the technologies strictly necessary to operate the app: JWT tokens (session management) and local preferences (language, theme, units).
If an analytics tool is added in the future, you will be notified with explicit opt-in consent required.
Minor changes (clarifications) will be made silently with an updated date at the top. Significant changes (new processing activities) will trigger an email notification and an in-app notification, with a minimum 7-day notice period. Continued use of the app after notification constitutes acceptance of the updated terms.
If the No Fuss Gym project is sold or transferred, your personal data may be passed to the new owner. You will be notified by email at least 30 days before the transfer and will have the right to delete your account beforehand. The new entity must comply with this Policy or an equivalent GDPR-compliant policy.
Questions about your data:
Email: contact@nofussgym.com
Controller: RoninKa Studio, 6001 Marcinelle, Belgium
Response time: within 48 to 72 business hours.
Supervisory authority (Belgium):
Autorité de Protection des Données (APD)
Rue de la Presse 35, 1000 Brussels
contact@apd-gba.be — autoriteprotectiondonnees.be
Other EU countries: consult the list of supervisory authorities at edpb.europa.eu.
Karim El Harchi
Trade name: RoninKa Studio
VAT number: BE1037715601
Status: Self-employed (complementary activity)
6001 Marcinelle, Belgium
Email: contact@nofussgym.com
No DPO appointed (not required for an organization of this size). All GDPR requests are handled directly at contact@nofussgym.com.
This Policy complies with GDPR (EU 2016/679) and the Belgian law of 30 July 2018 on the protection of personal data.
What we collect: email, nickname, age, sex, height, weight (profile); workouts, measurements, photos if you create them; health metrics calculated locally (indicative only); pseudonymized technical data; device identifier and referral data if you enter a referral code (optional).
What we do NOT collect: phone number, postal address, bank details, contacts, GPS location, browsing data, advertising cookies.
Where your data lives: locally on your phone by default; Supabase EU-West cloud (Premium only, opt-in); never outside the EU for your fitness data.
Who has access: you (full control); RoninKa Studio (technical support only); Supabase, Sentry and Resend (GDPR processors); Apple and Google (OAuth and subscriptions); nobody else.
Your rights: access, rectification, deletion, portability, objection — from the app or by email.
Contact: contact@nofussgym.com — response within 48-72 business hours.