MWC

Privacy Policy

Last Updated: April 8, 2026

1. Introduction

MyWorkoutCalendar ("we", "our", or "us"), operating at myworkoutcalendar.com, is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR), and, for users in Turkey, the Law on the Protection of Personal Data (Kişisel Verilerin Korunması Kanunu, KVKK No. 6698).

This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our service. By using MyWorkoutCalendar, you acknowledge that you have read and understood this policy.

2. Data Controller

The data controller responsible for your personal information is:

MyWorkoutCalendar

Website: myworkoutcalendar.com

Data Protection / Privacy Contact: privacy@myworkoutcalendar.com

3. Data We Collect

We collect the following categories of personal data:

  • Account Information: Email address, display name, and profile photo (when signing in via Google).
  • Fitness Data: Workout logs, completed sessions, exercise history, and AI-generated workout preferences you provide.
  • Usage Data: Pages visited, features used, session duration, click patterns, and interactions with the service.
  • Technical Data: IP address, browser type and version, device type, operating system, and time zone.
  • Payment Data: Transaction records for token purchases (processed by Creem; we do not store full card details).
  • Communications: Messages you send us through the contact form or by email.
  • Cookie Data: Consent preferences and analytics identifiers. See Section 7 for details.

4. How We Use Your Data

  • To create and manage your account and authenticate your sessions.
  • To provide AI-powered workout generation and personalized recommendations.
  • To process token purchases and maintain your token balance.
  • To track your workout history and progress over time.
  • To send transactional emails such as account verification and purchase receipts.
  • To analyze aggregate usage patterns and improve the platform.
  • To detect, prevent, and address technical issues, fraud, and abuse.
  • To comply with legal obligations.
  • To serve interest-based advertisements (only with your consent).

5. Legal Basis for Processing (GDPR Article 6)

We rely on the following legal bases under GDPR Article 6:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide the service you signed up for, including account management, workout logging, and token purchases.

Consent (Art. 6(1)(a))

Analytics cookies and advertising. You may withdraw consent at any time via our cookie banner or by contacting us.

Legitimate Interests (Art. 6(1)(f))

Security monitoring, fraud prevention, and service improvement through aggregate analytics.

Legal Obligation (Art. 6(1)(c))

Retaining transaction records as required by applicable tax and commercial law.

6. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following categories of trusted processors under data processing agreements:

ProcessorPurposeLocation
Google FirebaseAuthentication, database, hostingUSA (EU SCC)
Google AnalyticsUsage analytics (consent-gated)USA (EU SCC)
Google AdSenseAdvertising (consent-gated)USA (EU SCC)
OpenAIAI workout generationUSA (EU SCC)
CreemPayment processingUSA / EU

We may also disclose data when required by law, court order, or governmental authority, or to protect the rights and safety of our users or the public.

7. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality. These cannot be disabled.
  • Analytics Cookies: Google Analytics cookies that help us understand how users interact with the service. Only set with your consent.
  • Advertising Cookies: Google AdSense cookies for personalized ads. Only set with your consent.
  • Preference Cookies: Store your cookie consent choice (mwc_cookie_consent) in localStorage.

We implement Google Consent Mode v2. Analytics and advertising cookies are denied by default until you explicitly accept via our cookie banner. You can change your preference at any time by clearing your browser's localStorage or contacting us.

8. Data Retention

  • Account Data: Retained for the lifetime of your account plus 30 days after deletion request.
  • Workout Logs: Retained as long as your account is active.
  • Transaction Records: Retained for 7 years as required by applicable financial regulations.
  • Analytics Data: Retained for up to 26 months per Google Analytics default configuration.
  • Contact Form Messages: Retained for up to 2 years unless an earlier deletion is requested.

9. Your Rights (GDPR & KVKK)

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
  • KVKK Article 11 Rights (Turkish Users): In addition to the above, Turkish data subjects may apply to us to learn whether their personal data is processed, request information about the purpose and whether it is used in accordance with its purpose, know third parties to whom data is transferred, request correction if data is incomplete or incorrect, and request deletion or destruction under conditions in Article 7 of KVKK.

To exercise any of these rights, contact us at privacy@myworkoutcalendar.com. We will respond within 30 days (or within the timeframe required by applicable law).

10. Children's Privacy

MyWorkoutCalendar is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately at privacy@myworkoutcalendar.com and we will take prompt steps to delete that information.

11. International Data Transfers

Our service is operated primarily from servers in the United States. If you access the service from the European Economic Area (EEA), the United Kingdom, or Turkey, your data may be transferred to and processed in the USA. We ensure such transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent safeguards as required by applicable law.

12. Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Firebase provides enterprise-grade infrastructure security. However, no electronic transmission or storage system is 100% secure, and we cannot guarantee absolute security.

13. Contact & DPO

For privacy-related inquiries, data subject requests, or to contact our Data Protection Officer, please reach out to:

MyWorkoutCalendar — Privacy

Email: privacy@myworkoutcalendar.com

Website: myworkoutcalendar.com/contact

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority. Turkish users may also apply to the Kişisel Verileri Koruma Kurumu (KVKK Board).

14. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last Updated" date. For material changes, we may also send an email notification. Your continued use of the service after any changes constitutes acceptance of the revised policy.