Privacy Policy

1. Information We Collect

We collect the following types of information:

• Personal Information: Name, email address, phone number
• Authentication Data: Google Sign-In credentials (if you choose to sign in with Google)
• Apple Sign-In Data: Apple user ID, name (if you choose to sign in with Apple)
• Appointment Data: Booking preferences, appointment history, service selections
• Device Information: Device type, operating system version, unique device identifiers
• Usage Data: App usage patterns, interactions, and preferences
• FCM Tokens: Firebase Cloud Messaging tokens for push notifications

2. How We Use Your Information

We use your information to:

• Provide personal training services and appointment booking
• Send appointment confirmations, reminders, and updates
• Send promotional notifications and special offers
• Improve our services and user experience
• Communicate with you about our services
• Ensure app security and prevent fraud
• Provide customer support and resolve issues
• Comply with legal obligations

3. Third-Party Services

Our app uses the following third-party services:

• Google Firebase Authentication: For secure user authentication
• Google Sign-In: For convenient login options
• Apple Sign-In: For iOS users (when available)
• Google Maps: For displaying our shop location (static map only)
• Firebase Cloud Messaging (FCM): For push notifications and reminders
• Retrofit/OkHttp: For API communications with our servers
• Google Play Services: For app functionality and updates

4. Push Notifications and Reminders

• We use FCM tokens to send you push notifications
• Notifications include appointment confirmations, reminders, and promotional offers
• Appointment reminders are sent 24 hours and 2 hours before your appointment
• You can control notification permissions in your device settings
• FCM tokens are automatically updated when you reinstall the app

5. Automated Reminder System

• Appointment reminders are sent automatically by our server
• Reminders are sent 24 hours and 2 hours before your appointment
• The system works even when the app is closed or your device is locked
• No background app services are required for reminders
• You can disable push notifications in your device settings

6. Data Storage and Security

• Your data is stored securely on our servers in Cyprus
• We use industry-standard encryption for data transmission (HTTPS)
• Passwords are hashed using SHA-256 and never stored in plain text
• We implement appropriate security measures to protect your information
• Regular security audits are conducted to maintain data protection standards

7. Data Retention

• Account information is retained as long as your account is active
• Appointment history is kept for 5 years for business records
• FCM tokens are updated automatically and old tokens are discarded
• Inactive accounts may be archived after 2 years of inactivity
• You can request deletion of your data at any time

8. Your Rights

You have the right to:

• Access your personal data and appointment history
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Opt out of promotional communications
• Withdraw consent for data processing at any time
• Request a copy of your data in a portable format
• Lodge a complaint with the Cyprus Data Protection Commissioner

9. Account Deletion and Data Removal

You have the right to request deletion of your account and associated data at any time. This section explains how to request account deletion and what happens when you do.

How to Request Account Deletion

You can request account deletion through the following methods:

• In-App: Go to Settings > Delete Account in the app and follow the verification process
• Email: Send an email to k.ioannouy@bitscy.com with "Account Deletion Request" in the subject line
• Account Deletion Request Page: Visit https://kyriakosiwannou92.github.io/Account-Deletion-Request/ for detailed instructions on how to request account deletion

What Happens When You Delete Your Account

When you request account deletion, the following actions will be taken:

• Immediate Actions:
  • Your account will be permanently deleted from our user database (GoogleUsers, ManualUsers, or AppleUsers tables)
  • You will be signed out immediately from the app
  • All pending appointments will be cancelled
  • Your FCM (Firebase Cloud Messaging) token will be removed
  • You will stop receiving all notifications and communications
• Data Anonymization:
  • Your booking history will be anonymized (phone number replaced with '99999999', name replaced with 'Deleted User')
  • This anonymized data is retained for business records and analytics purposes as required by law
  • No personal information will remain associated with anonymized booking records
• Third-Party Services:
  • Google Sign-In: You will be signed out from Google authentication
  • Apple Sign-In: You will be signed out from Apple authentication
  • Firebase: Your FCM token will be removed from our system

Verification Process

To protect your account security, account deletion requires phone verification:

• You will receive an SMS verification code to your registered phone number
• Enter the verification code to confirm the deletion request
• After verification, you will see a final confirmation dialog
• Once confirmed, the deletion process begins immediately

What Data is Deleted vs. Anonymized

Completely Deleted:

• Your account information (name, email, phone number from user tables)
• Authentication credentials and tokens
• FCM tokens for push notifications
• App preferences and settings
• Any stored personal data in our active databases

Anonymized (Retained for Business Records):

• Booking/appointment history (with personal identifiers removed)
• Service selections (anonymized)
• Aggregated usage statistics (no personal identifiers)

Processing Time

• Account deletion is processed immediately upon verification and confirmation
• You will be signed out and unable to access your account immediately
• Data anonymization occurs within the same transaction
• You will receive confirmation once the deletion is complete

After Account Deletion

• You will need to create a new account from scratch if you wish to use our services again
• You cannot recover your deleted account or data
• Your anonymized booking history remains in our system for business records (as required by law)
• You will no longer receive any communications from us

Important Notes

• This action cannot be undone. Once your account is deleted, it cannot be recovered.
• Make sure to cancel any upcoming appointments before deleting your account, or they will be automatically cancelled
• If you have any active subscriptions or pending payments, please resolve them before account deletion
• For detailed step-by-step instructions, visit our Account Deletion Request page

10. Phone Verification and Security

• Phone numbers are verified via SMS during registration
• This helps prevent fraud and ensures account security
• Phone verification is required for both manual and Google sign-in
• We only accept Cyprus phone numbers starting with 95, 96, 97, or 99
• Phone numbers are used for appointment communications and account recovery

11. Children's Privacy

• Our app is not intended for children under 16 years of age
• We do not knowingly collect personal information from children under 16
• If you are a parent and believe your child has provided us with personal information, please contact us
• We will take steps to delete such information if we become aware of it

12. Data Processing and Legal Basis

• We process your data based on your consent and legitimate business interests
• Data processing is necessary to provide our personal training services
• We may process data to comply with legal obligations
• Marketing communications are sent based on your consent
• You can withdraw consent for marketing at any time

13. International Data Transfers

• Your data is primarily stored and processed in Cyprus (EU)
• Some third-party services (Google, Firebase) may process data in other countries
• These services comply with EU data protection standards
• We ensure appropriate safeguards are in place for any international transfers

14. Changes to This Policy

• We may update this Privacy Policy from time to time
• Changes will be posted in the app and effective immediately
• We will notify you of significant changes via push notification
• Continued use of the app after changes constitutes acceptance of the new policy

15. iOS-Specific Privacy Information

• Apple Sign-In: We offer Apple Sign-In for iOS users (iOS 13+)
• Apple Sign-In Data: We collect Apple user ID and name (email may be hidden by Apple)
• Push Notifications: You can disable these in iOS Settings > Notifications
• Background App Refresh: Not required for reminders (server-side system)
• We comply with Apple's App Store Review Guidelines and iOS privacy requirements

16. App Store Privacy Labels

As required by Apple, our app uses the following data types:

• Contact Info: Email, phone number for account creation and communication
• Identifiers: Device ID, user ID, Apple user ID for app functionality
• Usage Data: App interactions to improve user experience
• Diagnostics: Crash logs and performance data to fix issues
• Calendar (optional): We add confirmed appointments to your device calendar. Calendar data stays on your device and is never transmitted to our servers.

Data is linked to your identity for service provision and may be used for tracking with your consent.

17. Calendar Access

• With your permission, we add your confirmed appointments to your device calendar so you never miss a session
• We only access your calendar to add appointment events and to check if an event already exists (to avoid duplicates)
• All calendar data stays on your device—we never transmit calendar data to our servers
• You can revoke calendar permission at any time in your device settings
• Calendar access is optional; the app works fully without it