Privacy Policy
Privacy Policy for the Fitness App “Elabawo”
This English translation of our Privacy Policy is for informational purposes only. The legally binding version is the German original. In the event of any conflict or ambiguity between the English and German versions, the German version shall govern.
A. Introduction
This privacy policy informs you about how Elabawo UG (haftungsbeschränkt) processes your personal data – both when using our fitness app “Elabawo” and when visiting our website www.elabawo.de.
We explain which data is collected, for what purposes it is processed, the legal basis for such processing, and what rights you have as a data subject. In doing so, we place particular importance on transparency, security, and compliance with the General Data Protection Regulation (GDPR).
This policy applies to all features of the app as well as all website content, including contact forms, blog comments, affiliate links, and analytics tools.
B. Data Controller and Contact
The controller responsible for data processing under the GDPR is:
Elabawo UG (haftungsbeschränkt)
Hansaring 77
50670 Cologne, Germany
Email: contact@elabawo.de
If you have any questions about data processing or wish to exercise your rights, you can contact us at the email address provided at any time.
C. What Data We Process
C.1. In the App
1. Categories of Personal Data
We collect various categories of personal data to provide you with optimal use of our fitness app. We strive to collect only the data that is truly necessary to ensure the app’s functionality and to offer you a personalized user experience.
Data We Process:
Basic Data:
Username: Your username is required to uniquely identify you. Within the app, it is used to display your individual progress and activities.
Email Address: Your email address is important for communication. It is used to send you important notices, such as changes to the app or this privacy policy, and to assist you in resetting your password if necessary.
Password: Your password protects your account from unauthorized access. It is essential that you choose a secure password to safeguard your personal data.
These basic data are essential to grant you access to the app, create a user account, and ensure your authentication.
Personal Data:
Height and Weight: This information helps us create personalized training plans tailored to your physical condition. It also enables us to accurately calculate the calories burned during your exercises.
Age: Your age is taken into account to provide age-appropriate recommendations and training plans. Different age groups have different physical needs, which we consider in our planning.
Gender: This information helps us to make gender-specific adjustments to your training plans, as men and women may have different physiological requirements.
Fitness Level: Your current fitness level is used to avoid over- or underexertion. It forms the basis for training plans that match your individual capabilities.
Fitness Goal: Your personal goal – whether it is weight loss, muscle building, or improving general fitness – is crucial for designing your individualized training plans.
With this information, we create personalized training plans tailored to your needs and goals, so you can benefit from the app in the best possible way.
Training Data:
Resistance Bands Used: This information ensures that the recommended exercises are compatible with your equipment. We can also provide suitable recommendations for resistance bands.
Training Times and Duration: This data documents your progress and helps us tailor your training plans to fit into your daily routine.
Number of Repetitions: These figures allow us to track your progress and gradually adjust training intensity according to your increasing fitness level.
Processing this training data allows us to provide you with feedback on your workouts and optimize future sessions based on your performance.
To delete your account, follow these steps:
Log in to your account: Make sure you are logged in to the account you wish to delete.
Navigate to the menu: Open the main menu by clicking the appropriate icon or button.
Open Settings: Select the “Settings” option in the menu.
Delete Account: Scroll down in the settings or look for the option “Delete Account.” Click it.
Confirmation: Follow the on-screen instructions to confirm the deletion of your account. A confirmation message will typically be displayed to ensure you really want to proceed.
Alternatively, you can send us an email at contact@elabawo.de to request the deletion of your data.
2. Data Collection by App Stores
When downloading the app via platforms such as the Apple App Store or the Google Play Store, data may be collected directly by the operators of these platforms. This processing is carried out independently of us.
Examples of data collected by app stores include:
Apple App Store: Information such as your Apple ID, device data, transaction details, and the time of download.
Google Play Store: Data such as your Google account, device information, and the installation status of the app.
Please note that we have no influence over the data processing carried out by app stores. To learn more, you can refer to the privacy policies of the respective platforms:
Apple Privacy Policy
Google Privacy Policy
C.2. On the Website
Data from contact forms: First name, last name, email address, message
Blog comments: Name, email address, comment text
Cookies (only necessary cookies)
D. Purposes of Data Processing
We process your personal data to provide you with a convenient, secure, and targeted experience when using our app and website. The data is processed for the following purposes:
Provision and technical operation of the app and website (e.g., IP address, browser data for error detection and content display)
Management of user accounts and authentication (e.g., via Firebase Authentication)
Creation and optimization of individualized training plans based on your fitness goals, health data, and training behavior
Processing of support and contact inquiries via forms or email communication
Analysis of user behavior to improve our services (e.g., using Google Analytics or Firebase Analytics)
Interactive functions, such as commenting in the blog
IT security and abuse prevention, e.g., through reCAPTCHA or log data
Fulfillment of legal obligations, particularly in cases of security incidents or requests from authorities
Participation in affiliate programs, to fund our services through pseudonymized tracking information
Management and handling of in-app purchases and subscriptions; we process transaction and subscription data with the help of the external service provider RevenueCat to provide paid content and features
E. Services and Technologies Used
Our app does not use traditional cookies. The collection and processing of personal data is carried out exclusively via privacy-friendly technologies such as Firebase.
Various Google services are used for analytics both in the app and on the website. The following sections clearly distinguish between app and web applications.
Firebase Analytics (App)
We use Firebase Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to better understand usage behavior within our app and to continuously improve the app.
The following data is processed:
Frequency of app launches
Screens viewed and session duration
Interactions with specific app features
Device information (model, operating system version)
Language and regional settings
Firebase user ID (if personalized features are used)
The data may be transferred to Firebase servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection pursuant to Art. 45 GDPR.
Processing is carried out solely on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You will be asked for consent when you first launch the app. You can revoke your consent at any time in the app settings.
The collected data is analyzed only in aggregate form and is not used to create individual user profiles. IP addresses are anonymized and not stored.
For more information, visit: https://firebase.google.com/support/privacy
Firebase Crashlytics (App)
To analyze stability and troubleshoot technical errors, we use Firebase Crashlytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
In the event of a crash or serious error, the following data is processed:
Device type and operating system version
Last active screen
Timestamp of the error
Type and cause of the error
Firebase user ID (if applicable)
This information is used to analyze and fix technical problems. A personal reference may exist, especially if the crash data is linked to a user account.
Processing is carried out solely on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can grant upon first starting the app or in the privacy settings. You may revoke your consent at any time with future effect in the app settings.
Google may transfer data to the USA. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of protection under Art. 45 GDPR.
For more information, visit: https://firebase.google.com/support/privacy
Firebase Authentication (App)
We use Firebase Authentication to manage and authenticate user accounts. Personal data such as email address and password is processed for the creation and protection of your user account and for password recovery. Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).
Firebase Firestore (App)
We use the Firestore cloud service from Firebase to store and manage your individual usage data (e.g., training history, configurations, and device settings). The data processed includes:
Personal settings
Training history
Device information
This data enables personalized and continuous app usage. Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (technical provision and optimization). Google Firebase services are provided by Google Ireland Ltd., but data may be transferred to the USA in individual cases.
Note on Data Transfer by Google Firebase Services
All Firebase services mentioned above (Analytics, Crashlytics, Authentication, and Firestore) are provided by Google Ireland Ltd. It cannot be ruled out that data may be transferred to servers of Google LLC in the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework. This ensures an adequate level of data protection under Art. 45 GDPR for the transfer of personal data to the USA.
RevenueCat (In-App Purchases & Subscription Management – App)
To provide, manage, and bill in-app purchases and subscriptions, we use the service RevenueCat (Provider: RevenueCat, Inc., 300 Euclid Ave, San Francisco, CA 94118, USA).
The following data is processed:
Pseudonymized user identifiers (e.g., app-specific user ID, device ID)
Platform information (iOS/Android)
Purchase, transaction, and subscription status information
Possibly the payment method used (excluding full payment details)
Data processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).
Data Transfer to Third Countries: RevenueCat may transfer data to the USA. RevenueCat is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection under Art. 45 GDPR.
For more information, please refer to RevenueCat’s privacy policy.
You cannot object to the use of RevenueCat, as it is technically necessary for handling in-app purchases.
Use of Cookies on the Website
Our website uses cookies to ensure basic functions and enhance your user experience. Cookies are small text files stored locally on your device. We distinguish between the following types:
Necessary Cookies
These cookies are technically required to correctly display our website and provide basic functions. Technically necessary cookies are set without consent, as they are required for the website’s functionality (Art. 6 para. 1 lit. f GDPR, § 25 para. 2 no. 2 TTDSG). This includes, for example, security functions, authentication cookies, or language settings. These are the only cookies we use.
Cookie Management:
You can delete or block cookies at any time in your browser. Please note that some website functions may be impaired as a result.
WordPress and Related Plugins (Website)
Our website is built using WordPress and uses various plugins to extend functionality. These include:
Elementor Pro and associated extensions: Our website uses Elementor Pro to design and present content, as well as additional design modules via “Exclusive Addons.” These extensions do not process personal data themselves but may load dynamic content client-side (e.g., animations or buttons). Processing is based on our legitimate interest under Art. 6 para. 1 lit. f GDPR in providing a modern, user-friendly presentation.
Polylang: This plugin enables multilingual content on our website. Polylang does not store personal data of visitors but does store language preferences in a cookie. This language preference may be used in combination with other cookies for recognition. This is done solely with your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Contact Forms (Website)
If you use a contact form on our website, we process the data you enter (e.g., name, email address, message) exclusively to handle your request. The data is deleted after the request has been processed, provided there are no statutory retention obligations.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) and/or lit. b GDPR (contract initiation).
Affiliate Links (App & Website)
We use affiliate links in both our app and on the website. When you click these links and make a subsequent purchase through a third-party provider, we may receive a commission. The following pseudonymized information may be processed:
Time of click
Session ID or click ID
Affiliate identifier
This processing is based on our legitimate interest in funding our services pursuant to Art. 6 para. 1 lit. f GDPR. No direct personal data is shared with affiliate partners without your consent. The affiliate programs used are provided by external partners (e.g., Amazon, Decathlon), who only receive pseudonymized session data when you click an affiliate link. A direct identification of you does not take place.
Opt-Out Options and Objection to Tracking:
App (Firebase Analytics & Crashlytics):
You can disable tracking by Firebase Analytics and Crashlytics at any time in the app settings.Affiliate Tracking:
To completely disable tracking, we recommend using tracking blockers such as uBlock Origin, Ghostery, or the incognito mode of your browser.
F. Your Rights as a User
In accordance with the General Data Protection Regulation (GDPR), you have a number of rights regarding your personal data. We would like to inform you here about what these rights are and how you can exercise them.
Right of access (Art. 15 GDPR): You have the right to obtain confirmation from us as to whether we process personal data about you. You may also request information about what data we have stored about you, why we process it, and how long it will be stored.
Right to rectification (Art. 16 GDPR): If you discover that your data is incorrect or incomplete, you have the right to request its correction. We are obliged to rectify your data without undue delay.
Right to erasure (Art. 17 GDPR): You can request the deletion of your personal data unless legal or contractual obligations prevent this. For example, your data will be deleted if it is no longer needed for the purposes for which it was collected.
Right to restriction of processing (Art. 18 GDPR): You can request that we only process your data in a restricted manner. This may be the case if you dispute the accuracy of the data or object to the processing.
Right to data portability (Art. 20 GDPR): You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format. Upon request, we will transfer this data directly to another provider, if technically feasible.
Right to object (Art. 21 GDPR): You can object to the processing of your personal data, particularly if it is based on legitimate interests. After your objection, we will no longer process your data unless there are compelling legitimate grounds.
Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw your previously given consent to the processing of your data at any time. The withdrawal will take effect from the time you declare it and will not affect the processing that has already taken place.
If you believe that we are not adequately respecting your rights, you can also contact the competent data protection supervisory authority. For us, this is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia.
G. Data Security
We place great importance on protecting your personal data from unauthorized access, loss, or misuse. Below, we explain the measures we take to ensure the security of your data.
Encryption: All data transmissions between your device and our servers are encrypted using TLS. This technology ensures that data cannot be intercepted or manipulated by third parties during transmission.
Local storage: Data stored on your device is protected by encryption standards. This additional encryption ensures that your data remains secure even if someone gains unauthorized access to your device.
Organizational measures: Our employees who work with personal data are regularly trained to ensure compliance with data protection regulations. In addition, only authorized persons have access to your data.
We regularly review and update our security measures to keep them aligned with the latest technological standards.
H. Push Notifications
Our app uses push notifications to inform you about important features, updates, offers, or your training progress. These notifications do not contain sensitive personal data.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give when you first enable notifications.
You can enable or disable push notifications at any time in your smartphone’s system settings or directly in the app settings.
I. Blog Comments
In our blog, you have the opportunity to leave comments. The following data is processed in the process:
Name (if provided)
Email address (for abuse prevention)
Comment text
Processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. Comments remain stored indefinitely unless deletion is requested. You can request the deletion of your comments at any time by emailing contact@elabawo.de.
J. Hosting and Technical Infrastructure
Our website is hosted by a service provider based in the European Union (EU). All personal data processed on our website remains within the EU and is therefore subject to European data protection law.
Technical operation is based on our legitimate interest in providing a secure and reliable online offering (Art. 6 para. 1 lit. f GDPR).
K. Changes to the Privacy Policy
We reserve the right to amend this privacy policy to comply with new legal requirements, changes in our services, or technical developments.
You will be informed of any material changes by email or within the app. The current version of the privacy policy can be accessed at any time in the app and on our website at www.elabawo.de/privacy.