🇬🇧 EN

Strenqo Privacy Policy

This Privacy Policy explains how Strenqo collects, uses, stores, shares and deletes personal data when you use the Strenqo mobile app and related services.

Version 1.0.0 · Last updated: May 24, 2026 · English (the Italian version is canonical in case of discrepancy)

1. Publisher

Strenqo is published and operated by Andreas Mondo, an Italian-registered sole proprietorship, acting as data controller under Article 4.7 GDPR.

View company & tax details

Andreas Mondo (sole proprietorship) · Via Pianezza 16, 10040 Givoletto (TO), Italy · VAT IT13352600012 · Tax code MNDNRS05B17L219J · Email strenqo-support@strenqo.eu · PEC andreasmondo@ultracert.it

For any request regarding your personal data you can contact us at the address above or through the in-app function (Profile → Privacy → Requests).

2. Categories of data we process

2.1 Identification and access data

Email address
Password (stored hashed by Supabase Auth)
User UUID identifier
Authentication provider used (Google, Apple)
Name (optional)

2.2 Identity and profile data

Date of birth (stored both in plain text as ISO YYYY-MM-DD in the profile, and as a SHA-256 hash in the AgeGateProof consent log together with the year in plain text and the applied age threshold)
Sex (free field, optional)
Country of residence
Preferred language
Profile picture (optional)

2.3 Health-related data (special category under Art. 9 GDPR)

Strenqo is a fitness and nutrition app and processes data that may fall within the special category of “health data” under Art. 9.1 GDPR:

Biometric data: weight, height, body check-in photos, body measurements (waist, chest, arms)
Workout data: workout sessions, exercises, reps, loads, duration, perceived intensity, average and maximum heart rate, calories burned, strain
Cardio/sport data: duration, calories, optional GPS track (with the option to apply a “GPS Clip” obscuring the first and last 200 metres of the route)
Nutrition data: meals consumed, foods, macronutrients (protein, carbs, fats), daily calories, hydration (water ml), custom recipes, food intolerances/allergies
Goals and health profile: training goal, activity level, diet type, calorie target, macro targets
Wearable data (read): if you authorise integration with Apple HealthKit (iOS) or Google Health Connect (Android), we read from your device: heart rate, HRV, resting heart rate, SpO₂, sleep analysis and sleep stages, wrist temperature during sleep (on compatible Apple devices), steps, distance, active and basal calories, body weight, body fat percentage, waist circumference, menstrual flow (cycle data, used solely to adjust the HRV baseline — never shared with third parties)
Wearable data (write, optional and separate): with a separate OS permission, Strenqo can also write to HealthKit / Health Connect: completed workout sessions, daily nutrition totals, weight and body fat percentage
Bluetooth (BLE) heart-rate device data: when you pair a compatible BLE heart-rate sensor (e.g. Polar, WHOOP, Garmin, or a generic BLE HRM), Strenqo reads live heart rate and RR-interval data during the workout. Strenqo is not affiliated with these manufacturers
Cloud wearable integrations (OAuth — optional): if you authorise integration via OAuth with a third-party fitness platform (currently Whoop and Oura — see §4.A for the complete list, which may include further providers in the future, such as Garmin Connect), the platform's servers transmit to our Supabase backend, on your behalf, only the raw biometric data strictly necessary for the Strenqo recovery and strain algorithms: HRV (RMSSD), resting heart rate, sleep stages (deep/REM/light/awake durations), wrist temperature deviation where available, per-workout heart-rate samples (where the third-party API exposes them), workout start/end timestamps and sport type. We deliberately do not import the provider's proprietary scores (Whoop recovery/strain/sleep score, Oura readiness/sleep/activity score, etc.): Strenqo computes its own score from the raw biometrics so that the same physiological values produce the same result regardless of device. The OAuth refresh token is encrypted at rest. You can revoke the connection at any time from Profile → Connected health and also from the provider's own account dashboard. See §4.A for the controllership analysis and §7 on extra-EU transfers
Live Activities (iOS): during a workout in progress, the app displays the active workout in the Dynamic Island / lock screen. No data leaves your device for this feature
AI Coach conversations: if you enable the AI Coach toggle (Profile → Support, privacy and legal), the text of your messages and the associated context (profile, recent workouts, weight) is sent to OpenAI to generate personalised replies. The toggle is on by default. If you do not want your health data sent to OpenAI (USA), turn it off before using the Coach

2.4 User-uploaded photos

Body check-in photos (bucket progress-photos)
Food photos (bucket food-images)
Optional workout media (bucket workout-media)

All photo storage buckets are private and accessible only by the owning user through Row-Level Security policies.

2.5 Service-usage data

Preferences (theme, language, units, reminders, quiet hours)
Favourite exercises and recipes
Consent state (AI Coach, crash reporting)
Push notification token
Pro subscription status (managed via RevenueCat)

2.6 Technical and diagnostic data

Device information (model, OS, app version, runtime version)
Crash logs and stack traces, only if you enabled “Crash reporting” (§5.2). When active, Sentry also receives a pseudonymous user identifier (UUID, not the email)
Internal anti-abuse counters (rate limiting)
Audit logs for privacy-sensitive actions
IP address for market geolocation: on first launch, if local fallbacks (timezone, system language) are not sufficient, the app may send a request to two IP geolocation services (ipwho.is and ipapi.co — see §4)

2.7 Operating system permissions

The app requests the following OS permissions (revocable at any time in Settings → Strenqo):

Camera: food barcodes, food photos, photos of workout/nutrition worksheets, profile photo
Photo library: read user-imported photos; write the route-map image to the library when you explicitly save it
Location: during an active outdoor workout. Tracking continues with screen locked or app in background, as long as the cardio session is open. GPS Clip obscures the first and last 200 metres
Bluetooth: scan and connect to compatible BLE heart-rate monitors
Push notifications: workout/diet/hydration/check-in reminders
HealthKit / Health Connect: read and write health data (see §2.3)
Apple/Google Sign-In: if you choose to sign in with Apple or Google
Local notifications / Live Activities: notifications during workout, rest timer, in-progress session in the Dynamic Island

Strenqo does not request or read: IDFA (iOS) or Advertising ID (Android); contacts; calendar; microphone; ATTrackingManager is never called.

3. Purposes and legal bases of processing

#	Purpose	Categories of data	Legal basis
1	Account creation and management	identification, profile	Contract performance (Art. 6.1.b GDPR)
2	Provision of core fitness/nutrition features	basic health data	Explicit consent (Art. 9.2.a GDPR) at signup + contract performance
3	AI Coach / plan generation	conversations, profile, context	Explicit consent (Art. 9.2.a) — toggle in Profile, on by default; see §5.3
4	HealthKit / Health Connect read & write	HR, HRV, sleep, weight, body fat, hydration, activity	Explicit consent (Art. 9.2.a) — native iOS/Android permissions
4-bis	Importing raw biometrics from cloud wearable platforms (Whoop, Oura and future compatible providers)	HRV, RHR, sleep stages, wrist temperature, workout HR samples	Explicit consent (Art. 9.2.a GDPR) — granted via OAuth consent at the third-party provider and a corresponding in-app connection action; revocable at any time
5	Pro subscription management	user UUID, subscription state	Contract performance
6	Security, abuse prevention, rate limiting	technical identifiers, audit logs	Legitimate interest (Art. 6.1.f GDPR)
7	Error and crash diagnostics	crash logs with PII redaction	Consent (Art. 6.1.a) — separate toggle
8	Market geolocation	IP address (only if local fallbacks insufficient)	Legitimate interest (Art. 6.1.f GDPR)
9	Legal compliance	all pertinent data	Legal obligation (Art. 6.1.c GDPR)
10	Transactional emails	email	Contract performance / legal obligation

Note on signup consent granularity. At registration we collect a cumulative consent (single checkbox) covering acceptance of the Terms, this Policy, and processing of health/wellness data under Art. 9.2.a GDPR. Additional or optional processing is governed by separate granular toggles in Profile → Support, privacy and legal.

4. Recipients and processors

Full sub-processor list with safeguards at /legal/subprocessors.html.

Sub-processor	Data hosting country	Purpose	Transfer mechanism
Supabase	European Union (eu-west-1)	Database, Auth, Storage, Edge Functions	No extra-EU transfer at rest. US support via DPA+SCC
OpenAI	United States (initial processing in EU for EU users)	AI Coach, food photo analysis, plan generation — only with explicit consent	EU-US DPF + SCC
RevenueCat	United States	Pro subscription state sync	SCC in RevenueCat DPA
Resend	United States	Transactional emails	EU-US DPF + UK Extension + SCC
Sentry	European Union — Germany (`ingest.de.sentry.io`)	Crash reporting (only with consent)	No extra-EU transfer
Apple	United States / Ireland	App Store, IAP, APNs, HealthKit on-device, Sign in with Apple	EU adequacy (Ireland) / DPF
Google	United States / Ireland	Play Store, IAP, FCM, Health Connect on-device, Maps SDK	EU-US DPF + SCC
OpenFoodFacts	France (EU)	Public food database	No extra-EU transfer
ipwho.is	United States	IP geolocation primary fallback	Provider standard SCC
ipapi.co	United States	IP geolocation secondary fallback	Provider standard SCC
Expo	United States	OAuth proxy for Sign in with Google, EAS build/OTA	DPF + SCC

Important: Strenqo does not sell your personal data, does not share data for cross-context behavioural advertising, and does not use third-party advertising or behavioural-tracking SDKs.

4.A Third-party data sources via OAuth (independent controllers)

The following platforms are autonomous data controllers that, upon your authorisation via OAuth, transmit your biometric data to our backend. They are not sub-processors of Strenqo under Art. 28 GDPR: they collect data from your wearable device under their own privacy policy, and you decide whether to allow them to share that data with us. They are listed here for full transparency on the data flow.

Provider	Legal name / location	Data hosting (their side)	Data we receive	Transfer mechanism
Whoop	Whoop, Inc. — United States (Boston, MA)	United States	Raw HRV (RMSSD), RHR, sleep stages, wrist temperature deviation, per-workout HR samples, workout metadata. We do not receive the Whoop recovery/strain/sleep score.	SCC in the Whoop API data-sharing agreement; the imported copy is hosted in our Supabase EU backend
Oura	Ōura Health Oy — Oulu, Finland (EU)	European Union (Finland)	Raw HRV, RHR, sleep stages, SpO₂, workout metadata, wrist temperature deviation. We do not receive the Oura readiness/sleep/activity score.	Intra-EU transfer at source (Oura is an EU controller); our copy is hosted in Supabase EU

Template clause — future cloud-wearable providers. Strenqo may, in the future, integrate further cloud-wearable platforms under the same OAuth-based model (examples include Garmin Connect, Polar Flow, Fitbit / Google Fit, Suunto, Coros, Withings, Samsung Health). Each new provider added to this list will be governed by the same principle (“we only import the raw biometrics strictly necessary; the algorithm remains ours”) and will be disclosed in this section with reasonable advance notice before activation, via the notify-policy-update flow described in §13. The list of currently active providers is also published, in real time, at /legal/subprocessors.html §3.

Revocation. Disconnecting the integration via Profile → Connected health → Disconnect revokes the OAuth refresh token both on our backend and at the provider; in addition, you may revoke authorisation from the provider's own dashboard at any time. After disconnection, your historical data already imported into Strenqo remains in our database under §6 retention rules until account deletion or a specific erasure request.

5. User-controlled consents

5.1 Health-data consent (Art. 9.2.a GDPR)

Collected at registration via a dedicated checkbox, recorded in the AgeGateProof log. Revocation can be requested at strenqo-support@strenqo.eu; processed within one month (Art. 12.3 GDPR). Account deletion (see §8) revokes the consent and erases all associated data.

5.2 Crash Reporting consent (Sentry)

Sentry is never initialised before the consent state has been loaded.
Per-market default once the country of residence is available:
- EU, EEA, UK, Switzerland and any unrecognised country: default off (opt-in)
- US, Canada, Australia, New Zealand, Japan, Singapore, South Korea: default on (opt-out)
Always changeable in Profile → Support, privacy and legal.

5.3 AI Coach consent

Separate toggle in Profile → Support, privacy and legal → AI data consent. The toggle is on by default. While on, AI features may send to OpenAI (USA) your messages and context (profile, recent workouts, weight). Turn it off before use if you do not want this. Disabling inhibits the AI features entirely.

5.4 Push notifications

Requested via the operating system. Granularity per type manageable in Profile → Reminders.

6. Data retention

Category	Retention period	Mechanism
Active account data	Duration of service use	—
Audit logs	90 days	Daily purge via `pg_cron` (03:15 UTC)
Privacy requests (terminal)	30 days	Daily purge via `pg_cron` (03:20 UTC)
Privacy requests pending	24 h (export) / 1 h (delete)	Token TTL
Rate-limit counters	Until window expiry	Natural cleanup
Photos in storage	For the account duration	Recursive cleanup on deletion
Data at sub-processors	Per their policies	—

7. Extra-EU transfers

EU-US Data Privacy Framework (EU Commission adequacy decision of 10 July 2023)
Standard Contractual Clauses (SCC) as parallel fallback
Transfer Impact Assessment (TIA) per transfer

8. Your rights

Right	How to exercise it
Access (Art. 15)	Profile → Export my data. Three-step flow with email confirmation. Returns a JSON file with all data categories from §2 plus signed URLs for photos
Rectification (Art. 16)	Direct edit in app; for email/password: Profile → Change email/password
Erasure (Art. 17)	Profile → Account → Delete account (three-step flow); see account-deletion
Restriction (Art. 18)	Granular disabling of optional toggles, or write to support
Portability (Art. 20)	Same as access
Objection (Art. 21)	Disable AI Coach / Diagnostics toggles
Consent withdrawal	Disable toggles, or write to support, or delete the account
Complaint to authority	garanteprivacy.it (Italy) or your local EU/EEA DPA

9. Data security

Row-Level Security (RLS) active on all database tables
TLS for all communications
Password hashing via Supabase Auth
Rate limiting and audit logging on Edge Functions
Webhooks with constant-time signature verification
PII redaction on Sentry before telemetry transmission

In the event of a data breach, Strenqo will notify the competent supervisory authority within 72 hours (Art. 33 GDPR) and data subjects without undue delay per Art. 34 GDPR.

10. Minors

Minimum age thresholds (as of 2026-05-17):

EU / EEA / Italy / Switzerland: 16 years
UK, US, Canada: 13 years
Australia: 15 years
Unrecognised country: 16 years (conservative default)

11. Automated decision-making

The AI Coach features do not produce legally binding decisions, do not constitute medical diagnosis, and do not produce legal effects or similarly significant effects under Art. 22.1 GDPR — the user retains full ability to accept, modify, ignore or disable the suggestions at any time.

12. Fitness and medical disclaimer

See the Health Disclaimer. Strenqo is not a medical device, does not replace professional consultation and its suggestions cannot be used for self-diagnosis or treatment.

13. Changes to the policy

Material changes will be notified in-app and by email. Change history: /legal/privacy-policy-changelog.html.

14. Contacts

Controller: Andreas Mondo (sole proprietorship)
Registered office: Via Pianezza 16, 10040 Givoletto (TO), Italy
VAT: IT13352600012 · Tax code: MNDNRS05B17L219J
Email: strenqo-support@strenqo.eu
PEC: andreasmondo@ultracert.it
EU Representative (Art. 27 GDPR): not applicable — controller is established in Italy (EU)