Muscle Pals

MUSCLEPALS.COM PRIVACY POLICY Effective Date: February 1, 2026

This Privacy Policy explains how we collect, store, and process your personal data in connection with your use of our website (including the subdomain: quiz.musclepals.com and the main page). Your privacy is our priority, and we ensure the security of your data in accordance with the GDPR (General Data Protection Regulation).

1. Data Controller

The Data Controller of your personal data is:

Szymon Świderski conducting business activity at: ul. Polna 16/40, 26-200 Końskie, POLAND Tax ID (NIP): 6582003346 REGON: 542587327

Contact regarding data protection: en-support@musclepals.com

2. Purposes and Legal Bases for Processing

We process your data for specific purposes:

  1. Contract Performance (AI Services and Digital Products):

    • To generate a personalized training plan, diet report, or body analysis.
    • Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract).

  2. Order Processing and User Account:

    • To process transactions, deliver digital files, and handle complaints.
    • Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

  3. Accounting and Tax Obligations:

    • Issuing invoices and maintaining accounting records.
    • Legal basis: Art. 6(1)(c) GDPR (legal obligation).

  4. Communication:

    • Responding to inquiries sent via contact forms or email.
    • Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the controller).

  5. Analytics and Marketing:

    • Analyzing site traffic, optimizing services, and remarketing (displaying ads to site visitors).
    • Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent for cookies).

3. Scope of Collected Data

Depending on the service you use (e.g., the training plan generator at quiz.musclepals.com), we may process the following data:

  • Identification and Contact Data: Name, email address, country (location).
  • Biometric and Health Data (Necessary for plan generation): Age, gender, weight, height, body fat level, BMI, caloric needs (TDEE).
  • Training Data and Preferences: Physical activity level, diet/training goal, experience (training age), training priorities, training frequency, difficulty level, available equipment/location (gym/home), sleep quality, training difficulties.

Providing this data is voluntary but necessary to generate the personalized digital product (plan/report).

4. Use of Artificial Intelligence (Profiling)

We inform you that we use Artificial Intelligence (AI) technologies provided by Google (Gemini models) to provide our services (generating training plans and reports).

  1. Data entered into forms is processed automatically.
  2. This data is sent to the AI model to analyze and generate unique content (e.g., a training plan).
  3. This involves profiling – the system automatically evaluates your parameters (e.g., BMI, goal) and decides on exercise and diet selection based on them. The consequence of this processing is the receipt of a personalized digital product.

5. Hosting, Infrastructure, and Security

We ensure the security of your data by using modern infrastructure:

  1. Databases: Your personal data and training parameters are stored in a secured PostgreSQL database.
  2. Server Location: Our infrastructure (databases, n8n automation systems, Gotenberg PDF generator) is hosted on servers provided by Hetzner Online GmbH located in Germany (Falkenstein/Nuremberg). This guarantees data processing within the European Economic Area (EEA).
  3. Transmission Security: We use SSL certificates, and database passwords are hashed.

6. Data Recipients

Your data may be shared with entities that support us in providing services:

  1. IT and AI Service Providers:

    • Google Ireland Ltd. / Google LLC – for AI services (Gemini) and analytics (GA4). Regarding Google tools, data may be transferred to the USA based on Standard Contractual Clauses or the Data Privacy Framework.
    • Hetzner Online GmbH – server provider (hosting).

  2. Payment Operators:

    • PayU S.A. (based in Poznań) – for processing secure online payments.

  3. Accounting and Invoicing:

    • inFakt Sp. z o.o. – invoicing system provider (processing data necessary to issue sales documents).
    • Biuro Rachunkowe PROffice (based in Końskie) – accounting firm providing services to the Controller, with access to financial documentation.

  4. Analytics and Marketing Tools:

    • Google (Google Analytics 4, Google Tag Manager).
    • Meta Platforms (Facebook Pixel).
    • TikTok (TikTok Pixel).

We do not sell your data to third parties.

7. Cookies and Analytics

Our website uses cookies and tracking pixels to:

  • Ensure proper website functioning (maintaining sessions).
  • Analyze traffic statistics (Google Analytics 4).
  • Measure ad effectiveness and remarketing (Facebook Pixel, TikTok Pixel).

We use Google Tag Manager to manage tracking scripts. You can change your cookie settings in your browser or via the "Cookie Consent" tool available on the site at any time.

8. Your Rights

Under the GDPR, you have the following rights:

  1. Right of access: You can ask what data we process about you.
  2. Right to rectification: You can correct your data if it is incorrect.
  3. Right to erasure ("Right to be forgotten"): You can request data deletion if it is no longer necessary for the purposes for which it was collected.
  4. Right to restriction of processing.
  5. Right to data portability.
  6. Right to object: Specifically regarding processing for marketing purposes.
  7. Right to human intervention: In the case of automated decisions (AI), you have the right to question the decision and express your own point of view (e.g., file a complaint regarding the generated plan).

Complaints regarding data processing can be submitted to the President of the Personal Data Protection Office (UODO) in Poland, or your local data protection authority.

9. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: en-support@musclepals.com.