Privacy Policy (GAINSBYBRAINS App)

(version: 11 October 2023)

This is the privacy statement of the GAINSBYBRAINS B.V. (GAINSBYBRAINS). In this privacy statement we explain, why we collect and use your personal data when you use our app. We also explain what your rights are and how to contact us.

Who we are

GAINSBYBRAINS is a limited liability company based in Amsterdam, the Netherlands.

If you have any questions about this privacy statement or about GAINSBYBRAINS's use of your personal data, please do not hesitate to contact us at: We are happy to help.

Corporate address:
GAINBYBRAINS B.V. Zekeringstraat 17 A, 1014BM Amsterdam, the Netherlands
Dutch Chamber of Commerce number: 76549348

Why do we process personal data?

To use our app it is necessary to process personal data. For instance to verify if you have a subscription, what your language preference is and what workouts you prefer. In doing so, we process personal data only as necessary.

What personal data do we collect and use?

Hereafter we provide an overview of personal data we process and the legal basis for doing so. The legal basis is explained further down in this privacy statement.



Legal basis


necessary to communicate with you

Art. 6(1) (b) GDPR

Name (pseudonym allowed)

necessary to properly address you

Art. 6(1) (b) GDPR

IP Address(es)

security measures

Art. 6(1) (f) GDPR

Preferred language ISO Code

necessary to properly inform you

Art. 6(1) (b) GDPR


to secure your account

Art. 6(1) (b) GDPR

List of the preferred workouts days within a week

necessary tot perform the services of the app

Art. 6(1) (b) GDPR

Preferred workout intensity level

necessary to perform the services of the app

Art. 6(1) (b) GDPR

List of content IDs that the user has liked in the app

necessary to perform the services of the app; and analyse general content preferences of user

Art. 6(1) (b) GDPR / Art. 6(1) (f) GDPR

fitness plan 


·     startDate

·     workouts

·     exercises

·     recipes

·           state of finishing

necessary to perform the services of the app. This is the result of the chosen workout days and intensity.

Art. 6(1) (b) GDPR

subscription data from Apple AppStore servers

To check for a valid subscription

Art. 6(1) (b) GDPR


For avoidance of doubt, we note that we do not process any health data or monitor your health via your mobile device, sensory equipment or the app. In case we extend the app – in the future - to allow users to track their health – user’s informed consent will always be requested prior to processing any such personal data.

May we process your personal data?

We may only use personal data for a reason (so called ‘legal basis’) stated in the privacy laws. Under the General Data Protection Regulation (GDPR) the legal basis is listed in Article 6 GDPR.

The main legal basis on which we process personal data is because it is necessary for the performance licensed use of the app. That way we can provide the services you are expecting from our app; or verify that you have a valid subscription; or properly address any complaints (legal basis: Art. 6(1)(b) GDPR).

In addition we store the IP-address of app-users to secure the app and try to prevent illegitimate use of the app or your account (legal basis: Art. 6(1)(f) GDPR).

We also analyse content that is liked by our user in order to improve the app and its content (legal basis: art. 6(1)(f) GDPR). The interests or fundamental rights and freedoms of our users is not harmed in any way.

In case consent is the legal basis for the processing of your personal data, we will inform you in advance why we use the information. Please note that you can withdraw your consent at any time. From that moment we will no longer process your personal data, unless there is (also) another legal basis for processing your personal data (legal basis: art. 6(1)(a) GDPR).

In some cases we might be obligated by law to process/archive personal data (legal basis: art. 6(1)(c) GDPR).

How do we secure your data?

The privacy of our users is important to us. In developing our app, we have tried to keep the applicable privacy principles in mind as much as possible.

In addition, we take both technical and organizational measures to secure the personal data we process.

Technical measures:

A few examples of the technical measures taken are:

  • Physical security of data centres
  • Logical access control
  • Secure connections for data transfer
  • Hashing of passwords
  • Encryption of data
  • IP-address-logging

Organisational measures taken:

A few examples of  the organizational measures taken are:

  • Only authorized persons have access to data and are bound to confidentiality
  • Data Processing Agreements are concluded with and companies that process personal data on behalf of GAINSBYBRAINS
  • Personal data is only stored in the European Union
  • Security incident management

How long do we keep your data?

We do not keep your personal data for longer than necessary for the purpose for which we process your data.

Upon deletion of your account, or any request to remove your data, the data will be no longer retained than 14 days, unless there is another legal basis for the processing.

Do we share your data with third parties?

In order to perform our services it is necessary to share data with other parties (third parties). For instance a hosting company to store the data. This may be within the Netherlands as well as within the European Union (EU). If we share your data outside the EU, we will inform you separately.

What are your rights?

You have several privacy rights. For example, you can ask us what personal data we process about you. And if the data is incorrect, you can request to correct it. Also, in some cases you can ask us to delete, transfer or restrict the processing of your data. Please note that restricting the processing of your personal data, can affect or prevent the performance of the app.

Finally, you can object to the processing of your data. If you disagree with how we process your data, you can file a privacy complaint with the local privacy authority.

Any request, questions or complaints regarding your privacy can be send to

Note: This privacy statement is valid as of 11 October 2023 and may be revised from time to time. Applicable at all times is the most recent version of the privacy statement. If a revision could significantly affect our users we will do our best to inform those affected of said revisions.