Updated January 13, 2026

Privacy Policy

Your privacy matters to us. This policy explains how we collect, use and protect your personal data when you use Tsemppi.

1. Data Controller

The controller responsible for processing your personal data is:

Tsemppi Fitness Oy

  • Business ID: 3377898-6
  • Address: Kolmas Linja 30 B, Helsinki, Finland
  • Email: info@tsemppiapp.com

2. Data We Collect

We collect the following data to provide our service:

Basic information

Name, email address, date of birth, gender

Account data

Username, password (encrypted), profile picture

Workout data

Training history, performance records, weights, reps, progress data

Body data

Height, weight, physical limitations (optional)

Usage data

App usage patterns, device information, IP address

Note: We do not collect sensitive health data. Workout and body data are optional — you decide what to save.

3. AI & Data Processing

Tsemppi uses AI to generate personalized workout programs. Here is exactly how it works:

What data AI uses

  • Goal: Muscle gain, strength, fat loss or performance
  • Level: Beginner, intermediate or advanced
  • Frequency: How many days per week you want to train
  • Duration: Target time per session
  • Equipment: Gym, basic equipment or home workout
  • Limitations: Any injuries or restrictions (knee, shoulder, back, hip)

Third-party AI service

We use OpenAI's GPT-4o-mini model to generate workout programs. When you create a new program:

  • We send OpenAI only the onboarding data listed above — no personally identifiable information such as name or email
  • OpenAI does not use API data to train its models
  • Data is processed in accordance with GDPR

Data storage

  • All user data is stored on our own servers within the EU
  • Generated workout programs are saved to your account, not to OpenAI
  • Workout history and performance records are stored only in our own database

AI limitations: The AI generates a workout program based on the information you provide and our exercise library. AI does not replace professional advice — we recommend consulting a doctor before starting a new program, especially if you have health conditions.

4. App Permissions

Tsemppi may request the following permissions on your device. All permissions are optional and can be managed in your device settings:

Camera
Optional

Used for taking a profile photo and saving workout videos and progress photos to your profile.

Notifications
Optional

Used to remind you of workouts, notify you of community activity (likes, comments, followers) and support message replies.

HealthKit (iOS)
Optional

HealthKit integration allows syncing workout data with Apple Health so you can track all your activity in one place.

Note: The app works fully without these permissions. We only request access when you use the relevant feature for the first time.

5. How We Use Your Data

We use your data for the following purposes:

  • Generating personalized workout programs with AI
  • Tracking and visualizing your progress with a muscle map
  • Managing your user account and authentication
  • Providing community features (if you choose to share your workouts)
  • Improving and developing the service
  • Customer communication and support

6. Data Security

We protect your data carefully:

🔐
Encryption

All data is encrypted in transit (TLS) and at rest. Passwords are hashed using bcrypt.

🛡️
Secure infrastructure

We use server infrastructure located within the EU (MongoDB Atlas).

🔑
Access control

JWT token-based authentication with 90-day session validity.

📋
Regular audits

We review our security practices on a regular basis.

7. Data Sharing

We never sell your data

Your personal data is never sold to third parties for marketing purposes.

We share data only with:

  • OpenAI (GPT-4o-mini): Workout program generation — only onboarding data, no personal identifiers
  • Service providers: Cloud infrastructure (MongoDB Atlas, Sentry error tracking)
  • Community features: Other users only if you choose to share your workouts publicly
  • Legal obligations: Authorities only when required by law

8. Cookies & Analytics

We use cookies to ensure the service functions correctly:

Essential cookies

Login and session management — these cannot be disabled.

Required
Analytics cookies

Help us understand how the app is used.

Optional
Performance cookies

Improve app speed and functionality.

Optional

You can manage cookie preferences in the app settings or through your browser.

9. Data Retention

  • 👤Account data: Retained for as long as your account is active
  • 💪Workout data: Retained for the lifetime of your account so you can track your progress
  • 🗑️After account deletion: Data is permanently deleted within 30 days
  • 📊Anonymized statistics: We may retain anonymized aggregate data for service improvement
  • Session expiry: After 90 days of inactivity you will need to log in again

10. Your Rights (GDPR)

You have the following rights regarding your personal data:

Right to access

You can request a copy of all data we hold about you.

Right to rectification

You can correct inaccurate or incomplete information.

Right to erasure

You can delete your account from the app settings ("right to be forgotten").

Right to restrict processing

You can restrict how your data is processed in certain situations.

Right to data portability

You can receive your data in a machine-readable format.

Right to object

You can object to the processing of your data for marketing purposes.

To exercise your rights, email us at info@tsemppiapp.com. We will respond within 30 days.

11. Minors

Tsemppi is intended primarily for adult users. If you are under 16:

  • You require parental or guardian consent to use the service
  • A parent or guardian has the right to review and delete a minor's data
  • We do not knowingly collect data from children under 13

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via:

  • 📱In-app notification
  • 📧Email
  • 🌐Our website

We recommend checking this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. In Finland, the competent authority is:

Office of the Data Protection Ombudsman (Finland)

  • Address: Lintulahdenkuja 4, 00530 Helsinki, Finland
  • Email: tietosuoja(at)om.fi
  • Phone: +358 29 566 6700
  • Website: tietosuoja.fi/en

You may also contact the data protection authority in your country of residence within the EU/EEA.

14. Contact Us

If you have questions about this privacy policy or wish to exercise your rights, please get in touch:

📧
📍
Address:

Kolmas Linja 30 B, Helsinki, Finland

🏢
Company:

Tsemppi Fitness Oy (Business ID: 3377898-6)