Download App

Privacy Policy

Effective Date: April 20, 2026
Data Controller: RegenBlau OG, Schnirchgasse 9/2608, 1030 Wien, Austria (office@regenblau.at)

At Nouta, we believe your training data belongs to you. This Privacy Policy explains how we collect, use, and protect your information when you use the Nouta app and website. We do not sell your personal data.

1. The Data We Collect

We collect only the data necessary to provide you with a reliable gym notebook and community experience:

  • Account & Authentication Data: When you sign up, we collect your email address. We do not use passwords; authentication is handled via secure "magic link" codes sent to your email.

  • Workout Data: We store the workout history, training plans, exercises, and Personal Records (PRs) you log in the app.

  • Profile Data: We store your display name, username, profile picture (including animated GIFs for Supporters) and your friends list.

  • Feedback Data: If you use the in-app feedback tool, we store your submitted text linked to your user account so we can address the bug or feature request.

  • Device & Usage Data: We rely on default analytics provided by the app stores (Apple App Store and Google Play Store) to understand basic metrics like crash reports and app usage.

2. How We Use Your Data

We process your data based on your consent and our legitimate interest in providing a functioning service (Art. 6(1)(a) and (b) GDPR). We use your data to:

  • Save and sync your workout logs across devices.

  • Enable user profiles so users can view each other's progress and stats.

  • Manage user authentication by sending login magic codes.

  • Improve the app by reviewing your direct feedback and bug reports.

3. Data Sharing & Third-Party Services

We do not sell your data. We share data only with essential infrastructure partners needed to run the app:

  • InstantDB: Our primary backend infrastructure. InstantDB handles database hosting, user authentication, and automated account emails.

  • RevenueCat: Used to manage our Supporter tier subscriptions securely.

  • Apple & Google: For processing in-app purchases and providing default anonymous crash analytics. Nouta does not see or store your credit card information.

4. International Data Transfers (US Hosting)

Our backend provider, InstantDB, operates servers located in the United States. By using Nouta, your data is transferred to and processed in the US. We ensure compliance with the European General Data Protection Regulation (GDPR) by relying on standard legal safeguards provided by our partners, such as the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).

5. Public Profiles, Privacy Settings & Friends

Nouta is built for users to share their progress. By default, your profile is public. This means anyone using the app can view your profile picture, name, username, workout history, training plans, and PRs.

Private Accounts & Friends:
You have full control over your privacy and can switch your account to Private at any time in the app settings.

  • If your account is Private, the general public will only be able to see your profile picture, name, and username.

  • However, users you have explicitly added to your Friends List will still be able to view your full profile, including your workout history, plans, and stats.

  • Your Friends List is strictly private. Only you can see who you have added as a friend. Nouta does not publicly display your friends list to anyone else, and we do not feature "mutual friends" or similar public network graphs.

6. Data Retention and Deletion

Your data is kept for as long as you have an active account. We provide a true "Delete Account" button directly in the app settings. Using this button permanently and immediately erases your account, profile, and workout logs from our active database.

Note on Backups: For security and disaster recovery, our database is periodically backed up. If you delete your account, your data may temporarily remain in these encrypted, offline backups until they are naturally overwritten according to our standard retention cycle. If a backup needs to be restored, your deleted data will not be reinstated.

7. Your GDPR Rights

Under the GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Correct any inaccurate data (which you can do directly in the app).

  • Erasure: Request full deletion of your data (via the in-app deletion tool).

  • Data Portability: Request an export of your data.

  • Withdraw Consent: You can delete your account at any time to withdraw consent for future processing.

If you have questions about your privacy or wish to exercise these rights, please contact us at office@regenblau.at.