Back to home
Polish version Ukrainian version

Mobile App Privacy Policy

Last updated: May 22, 2026

This document applies only to the Smart Set mobile app.

1. Data controller

The controller of personal data processed in the Smart Set mobile app is Smart Set. Privacy inquiries may be sent to privacy@smartsetai.pl or contact@smartsetai.pl.

2. Scope of this policy

This Policy describes data processing in the Smart Set mobile app. It does not directly regulate the public marketing website unless a given operation is clearly linked to the operation of the user's account in the app.

3. Categories of data

  1. Account data: email address, password, user identifier.
  2. Profile data: first name, last name, age, height, body weight, training goals, and related profile preferences.
  3. Training data: exercises, loads, sets, reps, activity history.
  4. Health data: readiness, wellness, linked health integrations, and other sensitive metrics where product functionality requires them.
  5. Analytics and diagnostics: app version, device type, operating system, feature usage, crash logs, and diagnostic signals.
  6. Marketing and attribution data: campaign source, install and usage events, advertising or device identifiers, and iOS ATT consent status.

4. Legal bases

  1. Contract performance for account operations, app features, subscriptions, and support.
  2. Consent for health data, selected integrations, optional feature-level permissions, product analytics, and ads measurement or attribution where applicable.
  3. Legitimate interest for security, abuse prevention, diagnostics, and service improvement.
  4. Legal obligation for accounting, tax, and lawful authority requests.

5. Required vs optional data

Some data is required to create and maintain an account and to deliver the core service. Other data, including certain profile, health, or personalization inputs, may be optional and only needed for specific features.

6. Health data

  1. Health-related data is treated as a special category of personal data and is processed only where necessary for enabled features and on a valid legal basis.
  2. The user may limit or withdraw relevant permissions in the app settings where the product allows this.
  3. Turning off health data may limit or disable some product functionality.

7. Analytics, ads, and attribution

  1. The app separates product analytics consent from marketing and ads-attribution consent.
  2. Product analytics and diagnostics help improve app quality, stability, and usability.
  3. Marketing and attribution may use Firebase/Google, Meta, and TikTok to measure campaigns, installs, and conversions. This category is optional and off by default.
  4. On iOS, marketing consent may also require the system App Tracking Transparency permission.
  5. You can withdraw these consents in the app settings.

8. AI and automated recommendations

  1. The app may use profile, training, and optionally health data to generate automated training recommendations or explanations.
  2. AI outputs are intended to support the user and do not replace a doctor's, physiotherapist's, or certified coach's judgement.
  3. If a specific AI feature requires separate consent, that consent may be collected elsewhere in the product.

9. Data sharing

  1. Data may be shared with providers of infrastructure, authentication, analytics, diagnostics, and payment services to the extent required to operate the app.
  2. Marketing and attribution data may be shared with Google/Firebase, Meta, and TikTok only after the relevant consent is granted.
  3. If the product includes coach collaboration, selected data may be shared with a coach according to the account configuration and enabled features.
  4. Subscription and purchase-related data is also processed by Apple and Google under the App Store and Google Play ecosystems.
  5. We do not sell users' personal data.

10. Transfers outside the EEA

Where technical service providers involve transfers of data outside the European Economic Area, we use appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms.

11. Retention

  1. Account data is generally stored for as long as the account exists and then for the period needed for backups, claims handling, and legal obligations.
  2. Billing records may be retained longer where tax or accounting law requires this.
  3. Analytics and diagnostics data may be retained for shorter periods or in anonymized form depending on system configuration and purpose.

12. User rights

  1. Right of access.
  2. Right to rectification.
  3. Right to erasure.
  4. Right to restriction of processing.
  5. Right to data portability.
  6. Right to object to processing based on legitimate interest.
  7. Right to withdraw consent.
  8. Right to lodge a complaint with a competent supervisory authority.

13. Security

We apply technical and organizational measures to protect user data, including access control, encrypted transport, security event logging, and least-privilege access practices.

14. Data export, account deletion, and policy changes

  1. The app may provide a way to export selected data before account deletion.
  2. The public outside-app account deletion flow is available at /en/mobile/account-deletion.html.
  3. After account deletion, some data may still be retained for legal, security, anti-abuse, or claims-related reasons.
  4. If this Policy changes materially, we may require the user to review and accept the updated version on sign-in.