Privacy Policy
1. Introduction
This Privacy Policy explains how Mylus collects, uses, shares, and protects your personal information when you use the Service. We are committed to handling your data responsibly and transparently.
Because Mylus is a training tool that works with body and health-related information, parts of the data we process may be considered sensitive. We treat that data with corresponding care.
2. Information we collect
Account information: your email address, the sign-in method and identifier you use (email, Apple, or Google), and your account ID. If you sign in with Apple and choose to hide your email, we receive an Apple private-relay address instead of your real email.
Body and demographic data: height, weight, birth year (used to derive your age), and gender.
Training profile: your training goal (sport performance or general fitness) and chosen sport or objective, training experience, weekly training frequency, training venue/environment, and available equipment.
Health and injury data: the injuries, pain history, and physical limitations you choose to tell us about. This is sensitive data, used to make your training plans safer; we process it only with your separate explicit consent.
Plans and activity: the training plans we generate for you, your workout check-ins (including completion, effort metrics, and any pain you report), your feedback on plans, and the messages you send to the in-app AI coach.
Technical and usage data: app interactions, log data, device type, app language, and basic technical information needed to operate and secure the Service.
We do not collect payment-card details (any purchases are handled by the app store), medical records, or precise location.
3. How we use your information
We use your information to: create, generate, and adjust your personalized training plans; apply safety filtering based on your injury and health information; operate, maintain, secure, and support the Service; and comply with our legal obligations.
We do not use your data to train or improve machine-learning models — Mylus generates your plans from the information you provide together with general scientific references, and your data is not fed back into any model training. We also do not sell your personal information.
4. Legal bases for processing
Where data-protection laws such as the GDPR apply, we process your information on the basis of: performance of our contract with you (to provide the Service); your explicit consent (for processing your health and injury data, which is special-category data); our legitimate interests (such as securing and maintaining the Service); and compliance with legal obligations.
You may withdraw consent at any time, without affecting processing already carried out.
5. How we share information
We share information with service providers who process data on our behalf, such as cloud-hosting and authentication providers, under contracts that require them to protect it. We may also disclose information where required by law or to protect rights, safety, and the integrity of the Service.
We do not sell your personal information, and we do not share it for third-party advertising.
6. Data retention
We keep your information for as long as your account is active or as needed to provide the Service, and thereafter only as required for legitimate business or legal purposes. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is legally required.
7. Security
We use technical and organizational measures designed to protect your information, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, export, or restrict the use of your personal information, and to object to certain processing. Residents of the EEA/UK (GDPR), California (CCPA/CPRA), and China (PIPL), among others, have specific rights under local law.
To exercise your rights, contact [email protected]. You may also have the right to lodge a complaint with your local data-protection authority.
9. International data transfers
Your information may be processed in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) to protect information transferred across borders.
10. Children's privacy
The Service is intended only for adults aged 18 and over. It is not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided us personal information, contact us so we can delete it.
11. Changes to this Policy
We may update this Privacy Policy from time to time. We will provide notice of material changes, for example within the app, and update the "last updated" date above.
12. Contact
For privacy questions or requests, contact us at [email protected].