Privacy Policy

Last updated: March 19, 2026

Setio ("we", "our", "the app") is committed to protecting your privacy. This policy explains how we collect, use and protect your personal data in compliance with the General Data Protection Regulation (GDPR/RGPD) and applicable laws.

1. Data Controller

Setio is developed and operated by Edgar Cresson. For any privacy-related questions, contact us at [email protected].

2. Data We Collect

We collect the minimum data necessary to provide our service:

• Account data: email address, display name (when you create an account)
• Training data: programs, sessions, exercises, sets, reps, weights (data you enter in the app)
• Subscription data: subscription status (free or Pro), purchase date, expiration date. We do not collect or store your payment information — all payments are processed by Apple through the App Store.
• Technical data: device type, app version, crash reports (for debugging)

We do not collect:

• Location data
• Health data from Apple Health or Google Fit (unless you explicitly opt in)
• Contacts, photos or any other personal data
• Advertising identifiers

3. How We Use Your Data

• Managing your subscription and unlocking Pro features
• Providing and improving the app's features
• Syncing your training data across devices
• Sending push notifications you opted into (workout reminders, PRs)
• Debugging and fixing technical issues

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for marketing purposes.

4. Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS in the EU region). All data is encrypted in transit (TLS 1.3) and at rest. Authentication tokens are stored in your device's secure enclave (Keychain on iOS).

The app works offline. Your training data is stored locally on your device and syncs when you're connected.

5. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Delete your account and all associated data
• Export your data in a portable format
• Withdraw consent at any time
• Object to data processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Data Retention

Your data is retained as long as your account is active. When you delete your account, all your personal and training data is permanently deleted from our servers within 30 days.

7. Third-Party Services

• Supabase: authentication and data sync (EU-hosted)
• RevenueCat: subscription management and purchase validation. RevenueCat receives an anonymous user identifier to track your subscription status. It does not receive your email, name or training data. RevenueCat Privacy Policy
• Apple Push Notification Service: push notifications (if enabled)
• Expo: app updates and crash reporting

8. Children's Privacy

We do not knowingly collect personal data from children under 16 without parental consent. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through the app. The latest version is always available on this page.

10. Contact

For any questions about this privacy policy or your data, contact us at [email protected].