Privacy Policy
Last updated: January 18, 2026
This policy describes how Lumos Ignite AB collects and uses your personal data when you use GymLensIQ.
DATA CONTROLLER
The data controller responsible for your personal information is: Lumos Ignite AB Company registration number: 559547-4197 Registered in Malmö, Sweden.
For any privacy-related questions, please contact: hello@lumosignite.com
WHAT DATA DO WE COLLECT?
We may collect and process the following types of data when you use GymLensIQ:
- Basic account information, such as name and email address
- Profile information you enter, such as age, weight, height, gender, experience level, fitness goals, training preferences, and available equipment
- Training data you record, such as exercises, sets, reps, weights, completed sessions, personal records, workout history, and progress statistics
- Generated workout data, such as AI-generated workouts, programs, exercise recommendations, and progression suggestions
- Images you take to analyze gym equipment — deleted immediately after analysis
- Usage statistics to improve the app
- Device information, such as operating system, app version, and technical logs
- Local storage data, such as settings stored using AsyncStorage or similar technologies
- Subscription status, trial status, or premium status
- Support messages and other communication you send to us
Health Data (Apple Health)
If you choose to connect Apple Health or HealthKit, we may read selected health-related data with your permission, such as workouts, steps, body measurements, heart rate, and active energy burned.
We never write data back to Apple Health without your explicit permission.
We never sell health data and never use it for advertising. HealthKit data is never shared with advertising networks, data brokers, or third-party analytics providers.
HOW DO WE USE YOUR DATA?
We use your data to:
- Create and manage your account
- Generate personalized workouts
- Display training history, progress statistics, and personal records
- Improve app functionality and user experience
- Provide customer support and troubleshoot technical issues
- Prevent fraud and unauthorized access
- Comply with legal obligations
We do not sell your personal data and do not use it for third-party advertising.
DATA RETENTION
We retain your personal data only as long as necessary to provide our services or as required by law.
Training images are deleted immediately after analysis.
You can request deletion of your data at any time via app settings or by contacting hello@lumosignite.com.
THIRD-PARTY SERVICE PROVIDERS
We use third-party service providers to deliver and improve GymLensIQ, including Google Firebase / Google Cloud, Google Gemini AI, Apple App Store, Google Play, and RevenueCat.
HealthKit data is never shared with advertising networks, data brokers, or third-party analytics providers.
LEGAL BASIS FOR PROCESSING
We process your personal data based on:
- Contractual necessity — to deliver the app, manage accounts, and provide premium features
- Consent — for optional health integrations and image analysis
- Explicit consent — required for sensitive health data via Apple Health
- Legitimate interest — to improve the app and prevent misuse
- Legal obligation — for accounting, tax, and regulatory requirements
YOUR RIGHTS UNDER GDPR
Under GDPR, you have the right to access your data, correct inaccurate data, request erasure ("right to be forgotten"), restrict processing, request data portability, and object to processing based on legitimate interest.
You also have the right to withdraw consent at any time — withdrawal affects future processing but not previous lawful processing.
To exercise your rights, contact us at: hello@lumosignite.com We strive to respond within 30 days.
DATA SECURITY
We use technical and organizational measures to protect your personal data against unauthorized access, loss, and alteration.
Data is encrypted during transmission. We use secure cloud services via Google Firebase and Google Cloud.
In the event of a personal data breach that poses a risk, we will notify Integritetsskyddsmyndigheten within 72 hours.
INTERNATIONAL DATA TRANSFERS
Some service providers may process data outside the EU/EEA. We rely on appropriate safeguards such as the EU Commission's Standard Contractual Clauses.
CONTACT
General support: support@lumosignite.com
Data privacy: hello@lumosignite.com
Security and technical issues: dev@lumosignite.com
We strive to respond to inquiries within 48 hours.