Privacy Policy
Your privacy matters. Learn how Virtus Athlete protects your data.
Table of Contents
Last updated: February 22, 2026
Virtus Athlete ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Virtus Athlete mobile application and the website virtusapp.ai, in accordance with the General Data Protection Regulation (GDPR) and applicable French data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
Virtus Athlete
Email: contact@virtusapp.ai
2. Information We Collect
Account Information
When you create an account, we collect your email address and generate a unique user ID. You can sign up using email and password, Apple Sign In, or Google Sign In. We do not collect your name, phone number, or any other personal identification information during sign up.
Workout Data
Data you create within the app, including workout programs, exercises, workout logs (sets, reps, weights, times, notes), additional measurements you add, calendar schedules, and custom exercise libraries.
Activity Data
We log the date you open the app and the platform you use (iOS or Android). This is limited to one entry per day.
Subscription Data
Your subscription status and entitlements, managed through RevenueCat.
Feedback
If you choose to respond to in-app feedback prompts, we store your response.
Information We Do NOT Collect
- Name or physical address
- Location data
- Contacts or address book
- Photos or media files
- Browsing history
- Advertising identifiers
- Device information beyond platform (iOS/Android)
- Payment or billing information
3. How and Why We Use Your Data
We use your personal data for the following purposes:
- Account information: to authenticate you, manage your account, and enable data sync across your devices
- Workout data: to provide the core functionality of the app, creating, tracking, and managing your workouts
- Activity data: to understand general usage patterns and improve the app
- Subscription data: to manage your subscription status and provide access to premium features
- Feedback: to improve the app based on user input
4. Legal Basis for Processing
Under the GDPR, we process your personal data on the following legal bases:
- Contract performance: Processing your account information and workout data is necessary to provide you with the service you signed up for.
- Legitimate interest: Processing activity data to understand usage patterns and improve the app. We have assessed that this processing does not override your rights, as the data is minimal (date and platform only) and cannot be used to identify your behavior outside the app.
- Consent: Processing feedback data, which you voluntarily provide. You can withdraw consent at any time by contacting us.
5. Data Storage and Security
Virtus Athlete uses a local-first architecture. Your data is stored on your device in a local database and automatically synced to secure cloud servers when an internet connection is available. The app works fully offline. Any changes you make while offline are synced to the cloud when your connection is restored.
We implement the following measures to protect your data:
- Row-level security ensuring you can only access your own data
- Encrypted authentication tokens
- Secure HTTPS connections for all data transmission
- Automatic session management with secure token refresh
- EU-hosted infrastructure
6. Data Retention
We retain your personal data for as long as your account is active. Specifically:
- Account and workout data: retained until you delete your account
- Activity data: retained until you delete your account
- Subscription data: retained for the duration of your subscription and as required by our payment provider
- Feedback: retained until you delete your account
When you delete your account, all your data is permanently removed from our servers. This action cannot be undone.
7. Third-Party Services
We use the following third-party data processors to operate the app:
- Supabase: authentication and cloud database hosting (EU servers)
- PowerSync: sync orchestration between your device and the cloud (EU servers)
- RevenueCat: subscription status and entitlement management
- Apple / Google: social sign-in (only if you choose to use it)
These services act as data processors on our behalf and are bound by data processing agreements in accordance with GDPR requirements.
We do not sell your data to any third party. We do not use advertising networks or analytics platforms. Beyond the processors listed above, we do not share your personal data with any other parties unless required by law or a valid legal order from a competent authority.
8. International Data Transfers
Your data is stored on servers located within the European Union. We do not transfer your personal data outside the European Economic Area (EEA). If this changes in the future, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, and update this Privacy Policy accordingly.
9. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate personal data
- Right to erasure: request deletion of your personal data (see Account and Data Deletion below)
- Right to restriction: request that we restrict the processing of your data
- Right to data portability: request your data in a structured, machine-readable format
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at contact@virtusapp.ai. We will respond to your request within 30 days.
You also have the right to lodge a complaint with your local data protection authority or any competent supervisory authority in the EU.
10. Account and Data Deletion
Account Deletion
You can delete your account from within the app. This permanently deletes all your data from both your device and our servers. This action cannot be undone.
Signing Out
Signing out clears your local data from the device. Your data remains stored securely on our servers and will sync back when you sign in again.
Uninstalling
Uninstalling the app removes all local data from your device. Your cloud data remains on our servers until you delete your account.
Device Backups
Your data may also be included in your device's backup system (such as iCloud or Google backups). Device backups are managed by your device's operating system, not by Virtus Athlete.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page and will include an updated "Last Updated" date. For significant changes, we will make reasonable efforts to notify you through the app or by email.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:
Email: contact@virtusapp.ai