Data Processing Addendum (DPA)

Last updated: March 1, 2026

This DPA describes data processing terms for customers and users where data protection law requires controller-processor terms.

1. Roles

• MyGymLogs as Controller: for account management, security, billing/operations, and product analytics under our own purposes.
• MyGymLogs as Processor: where we process customer/user-submitted data strictly on documented instructions.

2. Processing Details

• Subject matter: operation of fitness tracking and planning services.
• Duration: for the term of services and legally required retention periods.
• Data types: account, workout, nutrition, support, device/log data.
• Data subjects: end users, account administrators, support contacts.

3. Confidentiality and Security

• Access controls and least-privilege principles.
• Encryption in transit and secure storage controls.
• Monitoring, logging, and incident response processes.
• Personnel confidentiality obligations.

4. Sub-processors

We may use sub-processors for hosting, infrastructure, analytics, and communications. We impose contractual protections and remain responsible for processor obligations as required by law.

5. International Transfers

Where data transfers cross borders, we apply safeguards required by applicable law (such as contractual clauses and equivalent protections).

6. Assistance and Data Subject Rights

Where MyGymLogs acts as processor, we provide reasonable assistance for rights requests, security obligations, and regulatory cooperation as legally required.

7. Breach Notification

We maintain incident response procedures and notify affected parties without undue delay when notification is required by applicable law.

8. Deletion and Return

Upon valid request and subject to legal obligations, we delete or return personal data and remove residual copies in accordance with retention/security requirements.

9. Contact

Email: [email protected]