Privacy Policy
1. Who we are
This Privacy Policy explains how Snězeno s.r.o. ("Rezult", "we", "us", "our") processes personal data when you use the Rezult mobile application (the "App") and related services (collectively, the "Service").
For the purposes of the EU General Data Protection Regulation ("GDPR") and the Czech Act No. 110/2019 Coll. on the Processing of Personal Data, Snězeno s.r.o. is the data controller of the personal data described below.
2. Scope
This Policy applies to personal data we process when you:
- download, install, open, register for, or use the App;
- communicate with our support team;
- interact with in-app content, plans, challenges, progress photos, leaderboards, or social features;
- make or manage a subscription purchase; or
- visit our website or any marketing page operated by us.
It does not apply to third-party services you reach through links or integrations that we do not control.
3. Age limits and children's data
- The minimum age to create an account is 13. If you are under 13, do not use the Service; we do not knowingly collect personal data from children under 13 and will delete any such data promptly.
- If you are 13–15 years old, you may use the Service only with verifiable consent of a parent or legal guardian.
- If you are 16 or older, you may consent on your own behalf under Czech law.
4. Categories of personal data we process
4.1 Account data
Username (public), display name, email address, encrypted password (managed by Firebase Authentication — we never see the plaintext password), creation date, last-login date, account status.
4.2 Profile and onboarding data
Sex, date of birth, age, height, weight, unit preferences, primary goal, experience level, activity level, sleep, stress, injuries, dietary restrictions, allergies, training preferences, equipment, focus areas, and related quiz answers.
4.3 Special category (sensitive) data
Under Article 9 GDPR, some data you provide is considered "special category" because it concerns health or biometric information:
- Body photographs ("progress photos") uploaded to the in-app Photo Vault;
- Body composition / leanness estimates you select;
- Body-map scores, body weight log, and lift records;
- Injury / medical-condition notes where you enter them.
We process this data only on the basis of your explicit consent (Art. 9(2)(a) GDPR). You can withdraw that consent at any time — see Section 9.
4.4 Usage and device data
Interactions with plans, meals, workouts, challenges, rewards, predictions, leaderboards, social features; device model, OS version, app version, language, time zone; crash logs and performance metrics (via Sentry).
4.5 Payment data
When you subscribe, Apple App Store or Google Play process your payment directly. We receive only a non-payment identifier (transaction ID, subscription status, renewal dates) from RevenueCat. We never see your card number or full billing details.
4.6 Communications
If you email us or submit a support form, we store your message, your email address, and any attachments you send.
5. Why we process your data, and the legal basis
| Purpose | Data | Legal basis (GDPR) |
|---|---|---|
| Create and operate your account | Account data | Art. 6(1)(b) contract |
| Generate your personalised plan | Profile, onboarding, body weight, preferences | Art. 6(1)(b) contract |
| Process body photos, body-map, lift records | Special category data | Art. 9(2)(a) explicit consent |
| Prevent minors from using the Service without consent | Age, parent email | Art. 6(1)(c) legal obligation |
| Keep the App secure and detect abuse | Device, crash logs, IP-derived region | Art. 6(1)(f) legitimate interest |
| Product analytics | Usage, device (where consented) | Art. 6(1)(a) consent |
| Process payments and subscriptions | Subscription metadata | Art. 6(1)(b) contract |
| Comply with tax and accounting law | Transaction metadata | Art. 6(1)(c) legal obligation |
| Handle support requests | Communications, account metadata | Art. 6(1)(b) contract |
We do not sell your personal data. We do not use your personal data for automated decisions that produce legal effects concerning you.
6. Third parties and processors
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Google Firebase | Auth, data store, backend | Account, profile, plan data | EU / USA |
| Sentry | Crash monitoring | Device info, stack traces | EU |
| Cloudflare R2 | Photo storage | Uploaded images | EU / global CDN |
| Apple / Google | App distribution, purchases | Subscription metadata | USA |
| RevenuCat | Subscription management | Transaction ID, status | USA |
| Expo | Build and updates | App bundle identifiers | USA |
Transfers outside the EEA are protected by EU Standard Contractual Clauses (2021) or equivalent safeguards.
7. How long we keep your data
| Data | Retention |
|---|---|
| Account and profile | While active. Deleted within 30 days of account deletion. |
| Body photos & sensitive data | While active, or until you delete / withdraw consent. |
| Crash logs (Sentry) | Up to 90 days, then aggregated. |
| Payment metadata | 10 years (Czech tax & VAT law). |
| Support correspondence | 3 years from last contact. |
| Compliance records | 5 years after account deletion. |
8. Automatic processing and profiling
The App generates your plan using a deterministic rule-based planner that runs on your device. We do not perform profiling or automated decision-making that produces legal effects (Article 22 GDPR).
9. Your rights
Under the GDPR you have the following rights:
- Right of access (Art. 15) — ask us whether we process your data, and get a copy.
- Right to rectification (Art. 16) — ask us to correct inaccurate data.
- Right to erasure (Art. 17) — ask us to delete your data. Use Settings → Delete Account.
- Right to restriction (Art. 18) — ask us to stop processing in specific situations.
- Right to data portability (Art. 20) — ask for a machine-readable export.
- Right to object (Art. 21) — object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time.
How to exercise rights: email us from the email address associated with your account. We will respond within 30 days.
10. Right to lodge a complaint
If you believe we have infringed your data-protection rights, you may complain to:
Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
+420 234 665 111
You may also complain to the supervisory authority in the EU member state where you live or work.
11. Security
We protect your data using technical and organisational measures including:
- encryption in transit (TLS 1.2+);
- encryption at rest for credentials, photos, and tokens;
- role-based access controls;
- server-side security rules on Firestore;
- short-lived authentication tokens;
- crash and intrusion monitoring via Sentry;
- routine reviews of dependencies and permissions.
In the event of a personal data breach, we will notify the Czech supervisory authority within 72 hours (Art. 33 GDPR) and inform affected users without undue delay (Art. 34 GDPR).
12. Photos and sensitive data
Progress photos are opt-in. Photos are stored on Cloudflare R2 under access controls and are private by default. Deleting a photo removes it everywhere. Deleting your account deletes all photos.
13. Cookies and similar technologies
The App does not use cookies. If we publish a website, a separate cookie notice on that site will apply.
14. International transfers
See Section 6 for the list of providers and transfer mechanisms. By using the Service you acknowledge that your data may be processed in countries outside the EEA subject to the safeguards described.
15. Changes to this Policy
We may update this Policy. Material changes will be announced at least 14 days before they take effect. The "Last updated" date above indicates the latest revision.
16. Contact
For any question about this Privacy Policy, write to:
privacy@rezult.fit
Snězeno s.r.o.
Türkova 2319/5b, Chodov, 149 00 Praha 4, Czech Republic
We aim to acknowledge all privacy requests within 5 working days.