Legal Document

Privacy Policy

Last updated: 2 May 2026

Controller: Digital Okonma Technologies Ltd. ("DOT", "we", "us") · RC 9345217 · Lagos, Nigeria.
Contact: privacy@Gymtedd.com

This Privacy Policy explains how Gymtedd collects, uses, stores, and protects your personal data when you use our mobile application and website. By using Gymtedd you agree to this Policy. If you do not agree, please stop using the app.

1. Who We Are

Gymtedd is owned and operated by Digital Okonma Technologies Ltd., a company registered in Nigeria under Registration Number 9345217, with its principal office in Lagos, Nigeria. We are committed to protecting your privacy in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and any successor legislation.

2. Data We Collect

2.1 Data you provide directly

  • Account data: name, email address, password (hashed).
  • Profile data: age, weight, height, fitness goals, gender.
  • Body photos: images you upload for AI body analysis and equipment detection.
  • Meal photos: images you upload for nutrition scanning.
  • Payment data: billing information (processed by Paystack or PayPro Global — we do not store card numbers).

2.2 Data collected automatically

  • Health & activity data: step counts, active calories, and workout minutes — read from Apple HealthKit (iOS) or Google Fit (Android) only with your explicit permission.
  • Usage data: screens viewed, workouts completed, features used, session duration.
  • Device data: device model, operating system version, app version, timezone.
  • Log data: IP address, error logs (anonymised after 30 days).

3. How We Use Your Data

  • Generate personalised AI workout plans and body analyses.
  • Power nutrition photo scanning and macro breakdowns.
  • Display step counts and health trends on your profile.
  • Process payments and manage your subscription tier (FREE / PRO / ELITE).
  • Send transactional notifications (workout reminders, plan updates).
  • Operate the gamification and leaderboard system.
  • Monitor platform performance and fix bugs.
  • Comply with legal obligations.

We do not sell your data. We do not use your body photos to train AI models belonging to third parties.

4. Legal Basis for Processing

  • Contract performance: processing necessary to deliver the Gymtedd service you signed up for.
  • Consent: health/activity data from HealthKit/Google Fit, marketing communications.
  • Legitimate interests: platform security, fraud prevention, analytics to improve the product.
  • Legal obligation: tax records, regulatory compliance.

5. Data Sharing

We share your data only with:

  • AI providers (Anthropic/Claude, Replicate, OpenAI/DALL-E) — for workout plan generation and media creation. Inputs are not retained beyond the API call per their data policies.
  • Payment processors (Paystack, PayPro Global) — to process subscription payments securely.
  • Cloud infrastructure (MongoDB Atlas, cloud hosting) — for data storage under Data Processing Agreements.
  • Analytics tools — aggregated, anonymised usage data only.
  • Law enforcement — where required by valid legal process.

6. Data Retention

  • Account data: retained while your account is active, plus 90 days after deletion request.
  • Body & meal photos: deleted 12 months after upload, or immediately on account deletion.
  • Health data: not stored server-side — read in real time from HealthKit/Google Fit.
  • Payment records: retained for 7 years (Nigerian tax law requirement).
  • Anonymised analytics: retained indefinitely.

7. Your Rights

Under the NDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict processing.
  • Withdraw consent at any time (this does not affect prior lawful processing).
  • Data portability — receive your data in a machine-readable format.
  • Lodge a complaint with the Nigeria Data Protection Bureau (NDPB).

To exercise any right, email privacy@Gymtedd.com. We respond within 30 days.

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Body photos are stored in private, access-controlled buckets. We conduct periodic security reviews and maintain an internal incident-response process. In the event of a breach affecting your data, we will notify you within 72 hours as required by the NDPR.

9. Children

Gymtedd is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal data, contact us at privacy@Gymtedd.com and we will delete it promptly.

10. Third-Party Links

The Gymtedd app and website may contain links to third-party services. We are not responsible for the privacy practices of those services. Review their policies before sharing any data.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via in-app push notification and email at least 14 days before taking effect. Continued use of Gymtedd after the effective date constitutes acceptance of the updated Policy.

12. Contact Us

Digital Okonma Technologies Ltd.
RC 9345217 · Lagos, Nigeria
Privacy queries: privacy@Gymtedd.com
General support: support@Gymtedd.com
© 2026 Gymtedd · Digital Okonma Technologies Ltd. · RC 9345217 · Lagos, Nigeria
Privacy PolicyTerms of ServiceCookie PolicyRefund Policy