Privacy Policy
Welcome to Yuzu! Your privacy is extremely important to us. This Privacy Policy clearly and transparently explains what data we collect, why we collect it, how we use it, and what your rights are. By using the App, you agree to the practices described in this Privacy Policy.
1. FUNDAMENTAL PRINCIPLES
We commit to respecting the following principles: ✓ Transparency: Clearly informing you about our practices ✓ Minimization: Collecting only strictly necessary data ✓ Security: Protecting your data with best practices ✓ Control: Giving you control over your data ✓ Compliance: Respecting GDPR and applicable laws
2. DATA COLLECTED
2.1 Data You Provide to Us PROFILE DATA • First name (required) • Age (optional) • Gender (optional) PREFERENCES AND GOALS DATA • Main goal (flexibility, pain relief, posture, mobility, stress) • Targeted body areas (full body, neck, back, shoulders, legs, feet) • Specific flexibility goals • Professional context (office, standing, physical, mixed, flexible) • Fitness level (beginner, intermediate, advanced) • Preferred time for exercises • Reminder time (optional) ACTIVITY DATA • Session history (date, duration, type, difficulty) • Completed exercises with dates • Favorite exercises • Custom sessions created • Progress metrics (streaks, total exercises, total time) 2.2 Automatically Collected Data TECHNICAL DATA • Device identifier • Device model and system version • App version • Device language • Push notification token (if enabled) • Time zone USAGE DATA • Usage dates and times • Features used • Errors and crashes (anonymized data) 2.3 Data We DO NOT Collect ✗ Last name ✗ Full postal address ✗ Phone number ✗ Banking information ✗ Precise GPS location ✗ Contacts ✗ Personal photos or videos ✗ Sensitive health data (medical diagnoses, treatments) ✗ Biometric data
3. USE OF DATA
We use your data to: • Provide App services (Legal basis: Contract) • Personalize your experience (Legal basis: Contract) • Generate tailored programs (Legal basis: Contract) • Save your progress (Legal basis: Contract) • Sync across multiple devices (Legal basis: Contract) • Send reminder notifications (Legal basis: Consent) • Improve the App (Legal basis: Legitimate interest) • Ensure security (Legal basis: Legitimate interest) • Customer support (Legal basis: Legitimate interest) You can withdraw your consent at any time for processing that depends on it.
4. DATA RETENTION
• Profile data and preferences: As long as your account is active • Session history: As long as your account is active • Favorite exercises: As long as your account is active • Custom sessions: As long as your account is active • Technical data and logs: 12 months maximum • Customer support data: 3 years after ticket closure AFTER ACCOUNT DELETION: All your personal data is deleted within 30 days maximum.
5. DATA SHARING AND TRANSFER
We NEVER sell your personal data. TECHNICAL SERVICE PROVIDERS Supabase (Hosting and Database) • Service: Supabase Inc. • Location: Servers located in the European Union • Role: Secure hosting, authentication, synchronization • Protection: TLS and AES-256 encryption, SOC 2 Type II compliance Notification Services (Apple/Google) • Apple Push Notification Service (APNs) for iOS • Firebase Cloud Messaging (FCM) for Android • Shared data: Only notification token and message content • Control: Can be disabled at any time in settings EU HOSTING Your data is hosted exclusively in the European Union, ensuring the highest level of GDPR protection.
6. DATA SECURITY
6.1 Technical Measures ✓ Encryption in transit: TLS 1.3 for all communications ✓ Encryption at rest: AES-256 for stored data ✓ Secure authentication: Session management with JWT tokens ✓ Data isolation: Row Level Security (RLS) - each user only sees their own data ✓ Regular backups: Automatic daily backups ✓ Monitoring: 24/7 system monitoring 6.2 Organizational Measures ✓ Access restricted to authorized personnel only ✓ Principle of least privilege ✓ Regular security audits ✓ Team training on data protection 6.3 In Case of Data Breach We commit to: • Notify the supervisory authority (CNIL) within 72 hours • Inform you without delay if the risk is high • Take all necessary measures to limit the impact
7. YOUR DATA RIGHTS (GDPR)
7.1 Right of Access You can request a copy of all your data. How? Settings > My data or contact us 7.2 Right of Rectification You can correct inaccurate data. How? Modify directly in settings 7.3 Right to Erasure You can request deletion of your data. How? Settings > Delete my data 7.4 Right to Portability You can receive your data in structured format (JSON, CSV). How? Settings > Export my data 7.5 Right to Object You can object to the processing of your data. How? Disable the relevant options in settings 7.6 Right to Withdraw Consent For notifications, you can withdraw your consent at any time. How? Disable in Settings > Notifications 7.7 Right to Lodge a Complaint If you believe your rights are not being respected: CNIL (Commission Nationale de l'Informatique et des Libertés) 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 Phone: 01 53 73 22 22 Website: https://www.cnil.fr/ RESPONSE TIME We commit to responding to your requests within one month maximum.
8. CHILDREN'S DATA
The App is accessible to individuals aged 13 and over. For users under 18, we strongly recommend obtaining parental consent. If we discover that a child under 13 has provided personal data, we will immediately delete that data.
9. COOKIES AND SIMILAR TECHNOLOGIES
The App does not use cookies in the traditional sense. LOCAL STORAGE The App stores certain data locally on your device to: • Improve performance • Allow offline use • Save your preferences This data remains on your device and is deleted if you uninstall the App.
10. CHANGES TO THIS POLICY
We may update this Privacy Policy to reflect changes in our practices or legislation. In case of significant changes: • We will notify you via the App • We will update the date at the top of this policy • Your continued use constitutes acceptance of the new terms
11. CONTACT
For any questions regarding this Privacy Policy or to exercise your rights: Email: [email protected] We commit to responding to your requests as quickly as possible. YUZU'S COMMITMENTS Respect your privacy Be transparent about our practices Give you control over your data Protect your data with the best security measures Never sell your data to third parties Respond quickly to your requests By using the Yuzu App, you acknowledge that you have read, understood, and accepted this Privacy Policy. Version 1.0 - November 2025 — Compliant with GDPR (EU 2016/679) and Apple App Store requirements
Last updated: November 21, 2025