(version: 11 October 2023)
This is the privacy statement of the GAINSBYBRAINS B.V. (GAINSBYBRAINS). In this
privacy statement we explain, why we collect and use your personal data when you use our
app. We also explain what your rights are and how to contact us.
Who we are
GAINSBYBRAINS is a limited liability company based in Amsterdam, the Netherlands
If you have any questions about this privacy statement or about GAINSBYBRAINS's use of
your personal data, please do not hesitate to contact us at: We
are happy to help.
Corporate address:
GAINBYBRAINS B.V. Zekeringstraat 17 A, 1014BM Amsterdam, the Netherlands
Dutch Chamber of Commerce number: 76549348
Why do we process personal data?
To use our app it is necessary to process personal data. For instance to verify if you have a
subscription, what your language preference is and what workouts you prefer. In doing so,
we process personal data only as necessary.
What personal data do we collect and use?
Hereafter we provide an overview of personal data we process and the legal basis for doing
so. The legal basis is explained further down in this privacy statement.
E-Mail necessary to communicate with
Art. 6(1) (b) GDPR
Name (pseudonym allowed) necessary to properly address
Art. 6(1) (b) GDPR
security measure
Art. 6(1) (f) GDPR
Preferred language ISO
necessary to properly inform
Art. 6(1) (b) GDPR
Password** to secure your account Art. 6(1) (b) GDPR
List of the preferred
workouts days within a week
necessary tot perform the
services of the app
Art. 6(1) (b) GDPR
Preferred workout intensity
necessary to perform the
services of the app
Art. 6(1) (b) GDPR
List of content IDs that the
user has liked in the app
necessary to perform the
services of the app; and
analyse general content
preferences of user
Art. 6(1) (b) GDPR /
Art. 6(1) (f) GDPR
fitness plan
necessary to perform the
services of the app. This is the
result of the chosen workout
days and intensity.
Art. 6(1) (b) GDPR
· workouts
· exercises
· recipes
· state of finishing
subscription data from Apple
AppStore servers
To check for a valid subscription
Art. 6(1) (b) GDPR
For avoidance of doubt, we note that we do not process any health data or monitor your
health via your mobile device, sensory equipment or the app. In case we extend the app – in
the future - to allow users to track their health – user’s informed consent will always be
requested prior to processing any such personal data.
May we process your personal data?
We may only use personal data for a reason (so called ‘legal basis’) stated in the privacy
laws. Under the General Data Protection Regulation (GDPR) the legal basis is listed in
Article 6 GDPR.
The main legal basis on which we process personal data is because it is necessary for the
performance licensed use of the app. That way we can provide the services you are
expecting from our app; or verify that you have a valid subscription; or properly address any
complaints (legal basis: Art. 6(1)(b) GDPR).
In addition we store the IP-address of app-users to secure the app and try to prevent
illegitimate use of the app or your account (legal basis: Art. 6(1)(f) GDPR).
We also analyse content that is liked by our user in order to improve the app and its content
(legal basis: art. 6(1)(f) GDPR). The interests or fundamental rights and freedoms of our
users is not harmed in any way.
In case consent is the legal basis for the processing of your personal data, we will inform you
in advance why we use the information. Please note that you can withdraw your consent at
any time. From that moment we will no longer process your personal data, unless there is
(also) another legal basis for processing your personal data (legal basis: art. 6(1)(a) GDPR).
In some cases we might be obligated by law to process/archive personal data (legal basis:
art. 6(1)(c) GDPR).
How do we secure your data?
The privacy of our users is important to us. In developing our app, we have tried to keep the
applicable privacy principles in mind as much as possible.
In addition, we take both technical and organizational measures to secure the personal data
we process.
Technical measures:
A few examples of the technical measures taken are:
- Physical security of data centres
- Logical access control
- Secure connections for data transfer
- Hashing of passwords
- Encryption of data
- IP-address-logging
Organisational measures taken:
A few examples of the organizational measures taken are:
- Only authorized persons have access to data and are bound to confidentiality
- Data Processing Agreements are concluded with and companies that process
personal data on behalf of GAINSBYBRAINS
- Personal data is only stored in the European Union
- Security incident management
How long do we keep your data?
We do not keep your personal data for longer than necessary for the purpose for which we
process your data.
Upon deletion of your account, or any request to remove your data, the data will be no
longer retained than 14 days, unless there is another legal basis for the processing.
Do we share your data with third parties?
In order to perform our services it is necessary to share data with other parties (third parties).
For instance a hosting company to store the data. This may be within the Netherlands as
well as within the European Union (EU). If we share your data outside the EU, we will inform
you separately.
What are your rights?
You have several privacy rights. For example, you can ask us what personal data we
process about you. And if the data is incorrect, you can request to correct it. Also, in some
cases you can ask us to delete, transfer or restrict the processing of your data. Please note
that restricting the processing of your personal data, can affect or prevent the performance
of the app.
Finally, you can object to the processing of your data. If you disagree with how we process
your data, you can file a privacy complaint with the local privacy authority.
Any request, questions or complaints regarding your privacy can be send to
Note: This privacy statement is valid as of 11 October 2023 and may be revised from time to
time. Applicable at all times is the most recent version of the privacy statement. If a revision
could significantly affect our users we will do our best to inform those affected of said