Privacy Policy

Last updated: 1st January 2026

Introduction

cryptalionis AG ("we", "us", or "our") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website and services. We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data We Collect

The data collection we undertake includes both information you provide directly and information we collect automatically through your use of our services:

• Personal Information: Name, email address, phone number, and any other information you provide when contacting us or using our services
• Training Data: Fitness goals, experience level, training history, and progress information when you participate in our programs
• Technical Data: IP address, browser type, device information, and website usage data collected through cookies and similar technologies
• Communication Data: Records of correspondence, support requests, and feedback you provide to us

How We Use Your Information

We use of your data is governed by legitimate business interests and your consent, where applicable. Specifically, we use your information to:

• Provide and deliver our bodybuilding programs and services
• Personalise training recommendations and nutritional guidance
• Communicate with you about your programs and respond to enquiries
• Process payments and manage your account
• Improve our services and develop new programs
• Comply with legal obligations and protect our legitimate interests
• Send marketing communications (with your consent)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: performance of contract (to provide our services), legitimate interests (to improve our services and communicate with you), consent (for marketing communications and cookies), and legal obligation (to comply with applicable laws).

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our cookie usage, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information with trusted service providers who assist us in operating our business (such as payment processors and email services), legal authorities when required by law, and business partners with your explicit consent. All third parties are required to maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy. Typically, we keep account information for the duration of your relationship with us plus a reasonable period thereafter for legal and business purposes. Training data and progress information may be retained longer to provide continuity of service. You may request deletion of your data at any time, subject to legal obligations.

Your Rights

Under GDPR and other applicable data protection laws, your rights regarding your personal data include:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete such information.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have questions about this privacy policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with this policy or applicable law, you have the right to lodge a complaint with the relevant supervisory authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your local data protection authority.