Privacy Policy

Last updated: January 26, 2026

1. Introduction

This Privacy Policy explains how Joey ("we", "us", or "our") collects, uses, and protects your personal data when you use our personal training tracker application. Joey is a personal project operated by Martin Eliason, based in Germany. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

By using Joey, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller responsible for your personal data is:

Martin Eliason

Berlin, Germany

martin@eliason

3. Personal Data We Collect

We collect the following types of personal data:

Account Information

Name
Email address
Password (stored securely using industry-standard hashing)

Workout and Training Data

Training programs and exercises
Workout session logs (dates, weights, sets, reps)
Personal notes on exercises
Progress metrics and statistics

Health and Fitness Data (Optional)

Weight measurements (via Withings integration)
Activity data (via Strava integration)
Recovery, HRV, and sleep data (via WHOOP integration)
Daily energy levels (manually entered)

Technical Data

Browser type and version
Device information
IP address
Usage data and analytics

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

Contract (Art. 6(1)(b)): Processing is necessary to provide you with the training tracker service you have requested.
Consent (Art. 6(1)(a)): For optional integrations (Strava, Withings), we process data only with your explicit consent.
Legitimate Interest (Art. 6(1)(f)): For basic analytics to improve the service and ensure security.

5. How We Use Your Data

We use your personal data to:

Provide and maintain the training tracker service
Authenticate you and secure your account
Store and display your workout history and progress
Generate progress charts and statistics
Provide AI-powered coaching features (Coach Vita)
Sync with third-party fitness services (when you opt in)
Improve and optimize the application

6. Third-Party Service Providers

We use the following third-party services to operate Joey:

Vercel

Hosting and deployment platform, including Vercel Analytics

Location: United States

Neon (PostgreSQL)

Database hosting for storing your account and workout data

Location: European Union

Anthropic (Claude AI)

Powers the Coach Vita AI assistant feature

Location: United States

Strava (Optional)

Activity tracking integration (only if you connect your account)

Location: United States

Withings (Optional)

Weight and health data integration (only if you connect your account)

Location: France (European Union)

WHOOP (Optional)

Recovery, HRV, and sleep data integration (only if you connect your account)

Location: United States

Note: Some services are located in the United States. Data transfers to the US are conducted in compliance with GDPR requirements, including appropriate safeguards such as Standard Contractual Clauses.

7. Cookies and Tracking

Joey uses only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

Essential Cookies

next-auth.session-token: Maintains your login session
next-auth.csrf-token: Security token to prevent cross-site request forgery

8. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, all associated personal data is permanently deleted from our systems. This includes your profile information, workout history, training programs, and any connected service data.

9. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15): You can request a copy of all personal data we hold about you.
Right to Rectification (Art. 16): You can request correction of inaccurate personal data.
Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing (Art. 18): You can request that we limit how we use your data.
Right to Data Portability (Art. 20): You can request your data in a machine-readable format.
Right to Object (Art. 21): You can object to processing based on legitimate interests.
Right to Withdraw Consent: You can withdraw consent at any time for optional features.

To exercise any of these rights, please contact us at martin@eliason. We will respond to your request within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted data transmission (HTTPS), secure password hashing, and access controls.

11. Age Requirement

Joey is intended for users who are at least 16 years of age. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete the information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For Germany, the relevant authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Germany
www.datenschutz-berlin.de

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: martin@eliason

Back to Login