Privacy Policy for PWR App
Last Updated: June 11, 2025
1. Introduction
Welcome to PWR App. Your privacy is a top priority for us. This Privacy Policy explains how ASVAL ALPHA TECHNOLOGY S.R.L. ("we," "us," or "our") collects, uses, shares, and protects your information when you use our mobile application ("App"), our website at https://www.thepwrapp.com ("Website"), and all related services (collectively, the "Service").
By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.
2. Who is Responsible for Your Data?
The data controller responsible for your personal information is:
ASVAL ALPHA TECHNOLOGY S.R.L.
A company registered in Romania.
Contact Email for Privacy Inquiries: hello@thepwrapp.com
As we do not have a dedicated Data Protection Officer, all inquiries regarding your data and privacy rights should be directed to the administrator at the email address above.
3. What Information We Collect and How
We collect information in several ways, with a core principle of minimizing data collection and maximizing your control.
a) Information Stored Locally on Your Device (Your Workout Data)
The vast majority of the data you create is stored securely and exclusively on your device. We cannot access, view, or decrypt this data. This includes:
Workout names, notes, and schedules
Exercises, sets, reps, weight, and durations
Tracked body weight and exercise notes
This data is stored in a database encrypted with SQLCipher. This data does not leave your device unless you take one of the following actions:
Future Cloud Backup: If you choose to use our future cloud backup feature, your encrypted data file will be sent to our servers. It will be encrypted with a password that only you know. We cannot decrypt this file, and it is useless to anyone without your password.
Referral Program Participation: To verify the successful completion of referral program requirements, a minimal, non-identifiable confirmation that a workout was completed (e.g., a completion count) may be sent to our servers.
b) Information You Provide to Us Directly
Account Information: When you sign up using Google or Apple Sign-In, we collect your Name, Email Address, a unique user ID specific to our app, and optionally, your profile picture from that service. This is the only personal data we store on our servers to manage your account.
Communications: When you contact us at hello@thepwrapp.com, we collect your email address and any information you provide in your message to assist you.
c) Information We Collect Automatically
Analytics and Performance Data: We collect anonymized or pseudonymized data to understand how our Service is used, to identify and fix issues, and to improve your experience. This includes tracking user behavior (not individual users), crash reports, and UI interactions (like "rage clicks" or "dead clicks"). This data is collected via a random user ID that is not tied to your personal account information.
Device and Connection Information: We may collect information about your device (e.g., device type, operating system) for crash reporting and service optimization.
Cookies and Similar Technologies: Our Website uses cookies for essential functions and analytics. Our App uses minimal tracking technologies for essential functions and to analyze and improve app performance and stability. You will have control over non-essential tracking.
d) Information from Third Parties
Payment and Subscription Data: We use Apple, Google, and RevenueCat to process subscriptions. We do not receive or store your credit card information. We receive information from them to confirm your subscription status, such as a transaction ID and subscription tier.
4. How and Why We Use Your Information (Purpose and Legal Basis)
We only use your data when we have a valid legal reason to do so under GDPR.
5. Who We Share Your Information With
We do not sell your personal data. We only share it with trusted third-party service providers who help us operate our Service:
Authentication Services: Google and Apple, to facilitate secure sign-in.
Payment Processors: Apple, Google, and RevenueCat, to securely handle subscriptions.
Analytics & Performance Providers: Google (Analytics, Play Console), Apple (App Store Console), Microsoft (Clarity).
Cloud Hosting Providers: We use servers from Hetzner located in the EU and the US to store your Account Information and future encrypted backups.
Website Hosting: Squarespace.
6. Data Retention and Deletion
Account Information: When you choose to delete your account via the in-app feature, your account data on our servers is deleted immediately and permanently. You may sign up again with the same email, but your account-level data will be gone.
Local Workout Data: This remains on your device until you uninstall the app or clear its data.
Communications Data: Emails sent to our support address will be deleted after a maximum of 90 days.
7. Security of Your Information
We use administrative, technical, and physical security measures to protect your personal information. This includes:
SSL/TLS encryption for all data transferred between the app and our servers.
Full filesystem encryption on the virtual private servers that host our databases.
Industry-leading encryption (SQLCipher) for all workout data stored locally on your device.
8. Your Data Protection Rights (GDPR)
You have rights concerning your personal data. We are committed to facilitating them. You can exercise most of these rights via a dedicated section within the app's account settings.
The Right to Access: You can request a copy of the personal account information we hold about you.
The Right to Rectification: Your account data (name, email, picture) comes from Google/Apple. To correct it, you must update your information with those services and sign in again.
The Right to Erasure: You have the right to delete your account and associated server data at any time using the in-app feature.
The Right to Data Portability: We cannot provide your workout data in a readable format because we cannot decrypt it. However, you have the right to download your encrypted backup file to move as you see fit. You can request a copy of your basic account information.
The Right to Restrict Processing & The Right to Object: You have the right to object to our processing of your data for our legitimate interests. You will have an option in the app's settings to disable the collection of non-essential analytics data.
The Right to Withdraw Consent: Where we rely on your consent (e.g., for marketing emails), you can withdraw it at any time.
9. International Data Transfers
Your information, specifically your Account Information, may be transferred to — and maintained on — computers located outside of your state, province, or country, including the United States. We use Hetzner servers located in both the EU and the US.
We ensure such transfers are protected by appropriate safeguards, primarily through the use of Standard Contractual Clauses (SCCs) as approved by the European Commission, which contractually bind our service providers to protect your data to EU standards.
10. Policy for Children
Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete their account information immediately.
If you are a parent or guardian of a child using our app (aged 13-16 in the EU), you can contact us at hello@thepwrapp.com to exercise their rights. We will guide you on how to use the in-app deletion process or, if necessary, manually delete the account on your behalf.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We may also provide notice through the App.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: hello@thepwrapp.com.