Skip to content
Back to home
NEURAL TRAINER GYM

// LEGAL

GDPR — Data Protection

Last updated: May 21, 2026

This page is intended for users residing in the European Economic Area (EEA). If you are outside the EEA, please see our Privacy Policy.

// 01

Data controller

Neural Trainer Gym acts as data controller for its users' personal data. Contact us at hello@neuraltrainergym.com for any data protection inquiries.

// 02

Legal basis for processing

We process your personal data under the following legal bases set out in Article 6 of the GDPR:

  • Contract performance (art. 6.1.b): service provision, subscription management, and technical support.
  • Legitimate interest (art. 6.1.f): product improvement through aggregated/anonymous usage analysis, fraud prevention, and security.
  • Consent (art. 6.1.a): sending commercial communications. You may withdraw consent at any time.
  • Legal obligation (art. 6.1.c): retaining billing data as required by applicable tax law.

// 03

Your rights as a data subject

As an EEA resident you have the following rights under the GDPR:

  • Access (art. 15): request a copy of the personal data we process about you.
  • Rectification (art. 16): correct inaccurate or incomplete data.
  • Erasure (art. 17): request deletion of your data when it is no longer necessary, you have withdrawn consent, or you have objected to processing.
  • Restriction (art. 18): ask us to suspend processing while a dispute is resolved.
  • Portability (art. 20): receive your data in a structured, commonly used, machine-readable format.
  • Objection (art. 21): object at any time to processing based on legitimate interest, including direct marketing.
  • Automated decision-making (art. 22): we do not apply solely automated individual decisions that produce significant legal effects.

To exercise any of these rights, email hello@neuraltrainergym.com stating the right you wish to exercise and proof of identity. We will respond within 30 days (extendable to 90 days for complex requests, with prior notice).

// 04

International transfers

Some of our service providers (Vercel, Supabase, Anthropic, Stripe) are based in the United States. International data transfers are carried out via:

  • Standard Contractual Clauses approved by the European Commission, or
  • Other valid transfer mechanisms compliant with the GDPR.

You can request further information about the applicable safeguards by writing to hello@neuraltrainergym.com.

// 05

Retention periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: while the account is active + 90 days after cancellation.
  • Billing data: up to 5 years under applicable tax law.
  • Security logs: maximum 12 months.
  • Student data (entered by trainer): tied to the trainer account lifecycle.

// 06

Right to lodge a complaint

If you believe our processing of your data does not comply with the GDPR, you have the right to lodge a complaint with the supervisory authority of the EU member state where you habitually reside or work, or where the alleged infringement occurred.

We encourage you to contact us first so we can resolve any concerns directly.

// 07

Data protection contact

To exercise your GDPR rights or for any data protection inquiry: hello@neuraltrainergym.com

Suggested subject line: "GDPR Request — [your right]"