Back to Home

Privacy Policy

Last updated: 2026-04-20

1. Introduction

Welcome to vivaTrainer ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered fitness coaching application.

This policy is compliant with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the Digital Personal Data Protection Act, 2023 (DPDPA) for users in India, and other applicable data protection laws.

2. Data Controller Information

Data Controller: VIVANET
Service: vivaTrainer
Contact Email: atyourservice@vivanet.in
Address: India

For DPDPA purposes, we act as the "Data Fiduciary" responsible for processing your personal data.

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

  • Account Information: Name, email address, password (encrypted), profile photo
  • Profile Data: Fitness preferences, selected sports, training goals
  • Nutrition Profile: Age, sex, weight, height, dietary preferences (vegetarian/non-vegetarian/vegan), dietary inclusions (meat/fish/dairy), and fitness goals (weight loss/muscle gain/maintenance/endurance)
  • Payment Information: Processed securely through Stripe/Razorpay (we do not store card details)
  • Communications: Support inquiries, feedback

3.2 Information Collected Automatically

  • Training Session Data: Exercise type, duration, AI feedback received, performance metrics
  • Video Data: Processed in real-time for form analysis using your device camera/webcam; not stored on our servers unless explicitly saved
  • Camera Access: We request camera/webcam access solely for real-time pose detection and exercise form analysis during active training sessions
  • Device Information: Device type, operating system, browser type
  • Usage Data: Features used, session frequency, app interactions
  • Log Data: IP address, access times, error logs

3.3 Sensitive Personal Data

We may process health-related data (fitness performance, exercise form analysis) which is considered sensitive under GDPR and DPDPA. This data is processed only with your explicit consent and solely to provide our fitness coaching services.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Consent (Article 6(1)(a)): For processing video data, health-related information, and marketing communications
  • Contract Performance (Article 6(1)(b)): To provide our fitness coaching services
  • Legitimate Interests (Article 6(1)(f)): For service improvement, fraud prevention, and security
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws

5. Purposes of Processing (DPDPA)

Under India's DPDPA, we process your data for the following lawful purposes:

  • Providing AI-powered fitness coaching and form analysis
  • Managing your account and subscription
  • Processing payments through authorized payment processors
  • Improving our services through anonymized analytics
  • Communicating service updates and (with consent) marketing
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations

6. How We Use Your Data

  • Form Analysis: Analyze your exercise form locally on your device using MediaPipe technology and provide real-time coaching feedback (video is not transmitted to servers)
  • Personalization: Customize training recommendations based on your progress and profile settings
  • Training Programs: Provide structured beginner and intermediate workout programs; content may be personalized based on your profile (age range, fitness goals) using AI
  • Nutrition Tips: Generate nutrition advice using AI based on generalized profile information (sport type, fitness goal category) - no personal identifiers are used
  • Progress Tracking: Track workout completion, streaks, and training progress across programs (stored in your account)
  • Account Management: Create and manage your account, process subscriptions
  • Communication: Send service notifications, respond to inquiries
  • Analytics: Understand usage patterns to improve our services (anonymized)
  • Security: Detect and prevent fraudulent or unauthorized activity
  • Legal Compliance: Meet regulatory requirements

7. Data Sharing and Disclosure

We may share your personal data with:

  • Cloud Services: Google Firebase for authentication, database storage, and hosting
  • Payment Processors: Stripe and Razorpay for secure payment processing (they receive only payment-related information)
  • Organization Administrators: If you join a gym or team, coaches may view your training data
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

7.1 AI Processing

Video/Pose Analysis: Your camera feed is processed locally on your device using MediaPipe technology. Video data is NOT transmitted to our servers or any third party.

Nutrition Tips: AI-generated nutrition tips are created using Groq LLM. We send only generalized, non-identifying information (such as fitness goal type and sport category) to generate recommendations. No personal identifiers are shared.

Training Programs: Program content is generated using AI based on sport type and skill level. Personal profile data (age range, fitness goals) may be used to personalize content but is not shared with third parties.

We do not sell your personal data to third parties for marketing purposes.

8. International Data Transfers

Your account data is stored on Google Firebase servers, which may be located in various regions including the United States. Video and pose data is processed locally on your device and is not transferred internationally.

For transfers from the EEA, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Google's data processing agreements and certifications

For transfers from India, we ensure compliance with DPDPA requirements for cross-border data transfers.

9. Data Retention

We retain your personal data for:

  • Account Data: Duration of your account plus 30 days after deletion
  • Training Sessions: Until you delete them or your account
  • Video Data: Not stored; processed in real-time only
  • Payment Records: 7 years for tax/legal compliance
  • Log Data: 90 days

10. Your Rights

10.1 GDPR Rights (EEA Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

10.2 DPDPA Rights (Indian Users)

  • Right to Access: Obtain confirmation and summary of your data
  • Right to Correction: Correct or complete inaccurate data
  • Right to Erasure: Request deletion when data is no longer necessary
  • Right to Grievance Redressal: Lodge complaints with us or the Data Protection Board
  • Right to Nominate: Nominate another person to exercise rights on your behalf

10.3 Exercising Your Rights

To exercise any of these rights, please contact us at atyourservice@vivanet.in or use the data export and deletion features in your account settings. We will respond within 30 days (GDPR) or as required by DPDPA.

11. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Secure authentication with Firebase Auth
  • Regular security assessments and updates
  • Access controls and employee training
  • Incident response procedures

12. Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Cookies and Tracking

We use essential cookies for authentication and functionality. For details on our cookie usage and how to manage preferences, please see our Cookie Policy.

14. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing any personal data.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. Continued use of our services after changes constitutes acceptance of the updated policy.

16. Grievance Officer (DPDPA)

In accordance with DPDPA requirements, our Grievance Officer can be contacted at:

Email: atyourservice@vivanet.in
Response Time: Within 7 days of receipt

17. Supervisory Authority

EEA Users: You have the right to lodge a complaint with your local Data Protection Authority.

Indian Users: You may file complaints with the Data Protection Board of India once established under DPDPA.

18. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

Email: atyourservice@vivanet.in
Address: India

Terms of ServiceCookie PolicyData Processing Agreement