Privacy Policy

Effective Date: May 4, 2026

1. Introduction

NabTech LLC ("NabTech", "we", "us", "our") develops and operates mobile and web applications, including but not limited to GYMZO and its white-label variants (collectively, our "Applications"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use any of our Applications and related services (collectively, the "Service").

This policy applies to all applications published by NabTech LLC on the Apple App Store, Google Play Store, and any other distribution platforms.

By using any of our Applications, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Depending on the Application you use, we may collect:

Account information: Name, phone number, and email address when you create an account.
Profile data: Personal details you choose to provide, such as date of birth, physical measurements, preferences, and goals.
User-generated content: Data you create within the Application, such as logs, records, notes, and progress entries.
Organization data: Information about organizations, groups, or professionals you associate with through the Application (e.g., gym memberships, trainer associations).

2.2 Information Collected Automatically

Device information: Device type, operating system, app version, and unique device identifiers.
Advertising identifier: On iOS, the IDFA (Identifier for Advertisers); on Android, the equivalent advertising identifier. Collected only if you grant permission via Apple's App Tracking Transparency prompt (or, on Android, via your device-level advertising preferences). If you do not grant permission, no advertising identifier is collected.
IP address: Used by our marketing attribution provider to estimate install attribution when an advertising identifier is unavailable. IP address is not used to identify your physical location beyond country-level inference.
Usage data: Features used, screens visited, and interaction patterns within the Application.
Language and locale: Your preferred language, regional settings, and timezone.
Camera and sensor data: When you use features like QR code scanning or photo uploads, we process this data only for the intended feature. We do not store raw camera data.

2.3 Information We Do Not Collect

We do not access your device contacts, camera roll, or microphone beyond features you explicitly initiate.
We do not collect precise GPS location data unless the Application explicitly requests and you grant location permission.
We do not collect financial information directly. Payments are handled by third-party processors (Apple, Google, or other payment providers).

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Applications and Services.
Personalize your experience and provide relevant content and recommendations.
Track your progress and display your data back to you within the Application.
Manage your account, subscriptions, and associations with organizations or professionals.
Send important service notifications (e.g., account security, subscription changes, feature updates).
Analyze usage patterns to improve app performance and user experience.
Measure the effectiveness of our marketing campaigns and attribute app installs to the advertising source that referred you.
Prevent fraud and enforce our Terms of Service.
Comply with legal obligations.

4. Data Sharing and Third Parties

We do not sell your personal information. We may share your data in the following limited circumstances:

Service Providers

We work with trusted third-party service providers to operate our Applications:

Cloud infrastructure: Secure cloud databases and hosting services for data storage.
App distribution: Platform services for app delivery and updates.
Crash and performance diagnostics: Third-party services that receive crash logs and performance metrics so we can identify and fix bugs. This data is used for app functionality and is not used to track you across apps or websites.
Payment processing: Third-party payment processors for subscription billing. We do not store your payment card details.
Product analytics: Usage data linked to your account, used to understand feature engagement and improve the Application.
Marketing attribution and advertising partners: See "Marketing Attribution and Advertising" below for details on the mobile measurement partner and ad networks we work with.

Organization and Professional Data Sharing

Some of our Applications connect you with organizations or professionals (e.g., gyms, trainers, coaches). When you join or associate with an organization through our Application, that organization may see relevant activity data (e.g., progress, completed sessions) to provide their services. Your personal contact information is not shared with organizations without your explicit consent.

White-Label Applications

Some of our Applications are offered as white-label products under a different brand name on behalf of a business partner. In these cases, the business partner may have access to user data relevant to their service delivery. This will be disclosed within the specific Application.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of NabTech, our users, or the public.

5. Marketing Attribution and Advertising (GYMZO)

GYMZO uses a mobile measurement partner ("MMP") to attribute app installs and key events (such as subscription purchases) to the advertising campaigns that referred users. This helps us understand which marketing channels are effective and avoid wasting spend on those that are not.

5.1 Apple Tracking Transparency

On iOS, before any advertising identifier is collected, the app presents Apple's App Tracking Transparency ("ATT") prompt. You may allow or deny tracking. If you deny — or have not yet responded — no IDFA is collected and no cross-app or cross-website tracking occurs. If you allow, your IDFA is shared with our MMP for install attribution.

5.2 Data Shared with the MMP

Whether or not you grant ATT permission, the MMP receives the following technical signals so it can perform attribution:

Device platform, operating system version, device model, and app version.
Locale and timezone.
IP address — used for probabilistic fingerprint matching when an advertising identifier is unavailable.
Advertising identifier (IDFA on iOS, equivalent on Android) — only when you have granted permission.
Purchase events forwarded by our payment processor when you complete an in-app purchase.

5.3 Conversion Postbacks to Ad Networks

The MMP forwards conversion events (install, purchase, key milestones) to the ad networks where our marketing campaigns run, including Meta (Facebook and Instagram), TikTok, Google, Snap, and Apple Search Ads. These postbacks tell each network whether their ad led to a conversion so they can optimize ad delivery. The data shared is limited to the event type and, where ATT permission was granted, the advertising identifier associated with the event.

5.4 Your Control

You can revoke ATT permission at any time on iOS via Settings → Privacy & Security → Tracking → GYMZO. Revoking permission stops further IDFA collection by the Application on this device. You may also exercise your other rights as described in Section 9 ("Your Rights and Choices").

6. Google Sign-In & Google User Data

GYMZO offers Google Sign-In as an authentication option. When you choose to sign in with Google, we receive and process the following data from your Google account:

6.1 Data Collected via Google Sign-In

Google ID — a unique identifier from your Google account, used to link your sign-in.
Email address — used as your primary account identifier.
First name and last name — used to personalize your profile within the app.
Profile photo URL — displayed as your profile picture within the app.

6.2 How We Use This Data

To create and manage your GYMZO account.
To identify you within the app and personalize your experience.

We do not use Google Sign-In data for any purpose other than those listed above.

6.3 Storage and Security

Data obtained via Google Sign-In is stored securely on our servers and protected with industry-standard encryption at rest and in transit. The same security measures described in the Data Storage section of this policy apply to all Google-sourced data.

6.4 No Third-Party Sharing

We do not:

Sell, share, or transfer Google user data to any third party.
Use Google user data for advertising, retargeting, or profiling of any kind.

6.5 Retention and Deletion

Google Sign-In data is retained for as long as your account is active. You can delete your account and all associated data — including data obtained via Google Sign-In — at any time through our account deletion page.

Google API Services Compliance: GYMZO's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Data Storage and Security

Your data is stored securely using industry-standard cloud infrastructure with encryption at rest and in transit. We use token-based authentication to protect your account access.

Some data (such as preferences and session information) may be stored locally on your device. This data remains on your device and is not transmitted to our servers unless necessary for the Service.

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Aggregated, anonymized usage data may be retained for analytics and product improvement after account deletion.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Update or correct inaccurate personal data.
Deletion: Request deletion of your account and associated personal data.
Data portability: Request your data in a portable format.
Opt-out: Disable push notifications through your device settings. Unsubscribe from marketing emails via the link in each email.
Advertising opt-out: On iOS, revoke App Tracking Transparency permission for GYMZO via Settings → Privacy & Security → Tracking. This stops IDFA collection on this device. On Android, you can reset or limit your advertising identifier through your device's advertising settings.

To exercise any of these rights, contact us at nabeel@nabtech.pro. We will respond within 30 days.

10. Children's Privacy

Our Applications are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at nabeel@nabtech.pro.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including countries where our cloud infrastructure providers operate. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page and notify you through the Application or via email for significant changes.

Your continued use of our Applications after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us:

NabTech LLC
Email: nabeel@nabtech.pro