The Useful Place values your privacy and processes personal data in line with the EU General Data Protection Regulation (GDPR), the Swedish Data Protection Act, and applicable App Store and Google Play requirements. The Useful Place is the legal entity that owns and operates the Resculpt application and all related services.
This notice should be read together with our Terms of Use and California Privacy Notice. It explains what data we collect, why we collect it, and the rights you have.
We collect the information you enter (profile, health details, preferences) plus technical data generated while you use the app. We use it to deliver workouts, process subscriptions, send notifications, and keep the platform secure.
You may change or delete your data in-app or by contacting us, and we only share it with trusted processors such as Supabase, SendGrid, Superwall, analytics vendors, and support tools.
Email: support@resculptai.com
Postal: Privacy Team, Ripstigen 1, 17074 Solna, Sweden
When contacting us, include sufficient details so we can verify your identity and respond within statutory timelines.
For privacy-specific inquiries, you may contact our Privacy Officer at support@resculptai.com. The Privacy Officer oversees personal information processing, handles user complaints, and provides remedies related to personal information protection.
Account data: name, email address, password (hashed for email/password accounts), authentication method (email, Apple, or Google), subscription details, device identifiers.
Authentication data: If you sign in with Apple, we receive your name and email (or private relay email if you choose to hide your email). If you sign in with Google, we receive your name, email, and optionally your profile picture. We do not receive or store passwords for Apple or Google sign-in.
Profile & wellness data: height, weight preferences, goals, injuries or limitations you choose to share, workout history, and engagement metrics.
Usage data: app interactions, push token information, crash logs, diagnostics, and SMS delivery metadata (delivery receipts, STOP/HELP replies).
Payment data: handled entirely by Apple App Store or Google Play Store; we receive only limited transaction metadata (subscription status, purchase date, expiration date) and entitlement confirmations via Superwall. We do not receive credit card numbers, payment methods, or billing addresses.
Subscription & trial data: subscription plan type (weekly/monthly/yearly), trial start date, trial expiration date, subscription status, renewal dates, and cancellation status. This data is managed by Superwall and synchronized with Apple/Google.
Marketing preferences: opt-ins/opt-outs for push notifications, email newsletters, SMS messaging, proof of age (16+), consent version/source, and timestamps.
Community data: posts, comments, friend connections, blocked users, and reports you submit.
AI chat data: conversations with the AI trainer, timestamps, and context used to improve responses.
Health-related inputs are entirely optional. By submitting them, you acknowledge that we process this data to generate tailored plans.
You may delete or update health entries at any time via profile settings or by contacting us.
We share data only with vetted processors that support app hosting, analytics, communications, and support. Each processor is bound by written agreements and GDPR-compliant safeguards.
Where data leaves the European Economic Area, we rely on European Commission adequacy decisions or Standard Contractual Clauses.
We do not sell personal data or share it for cross-context behavioral advertising as defined by GDPR, CPRA, or applicable app store rules.
If this changes, we will update this policy, provide meaningful notice, and supply opt-out controls before any new processing begins.
Apple Sign-In: If you sign in with Apple, Apple processes your authentication and may share your name and email (or private relay email) with us. Apple's processing is governed by Apple's Privacy Policy. We use this information solely to create and maintain your account. You can revoke access through your Apple account settings.
Google Sign-In: If you sign in with Google, Google processes your authentication and may share your name, email, and profile picture with us. Google's processing is governed by Google's Privacy Policy. We use this information solely to create and maintain your account. You can revoke access through your Google account settings.
Apple App Store: Apple processes all payments for iOS subscriptions, handles currency conversion and tax collection, and provides transaction confirmations. Apple may collect additional data as described in their Privacy Policy. We receive only subscription status and entitlement confirmations from Apple.
Google Play Store: Google processes all payments for Android subscriptions, handles currency conversion and tax collection, and provides transaction confirmations. Google may collect additional data as described in their Privacy Policy. We receive only subscription status and entitlement confirmations from Google.
Superwall: Superwall provides our paywall technology and subscription management. Superwall processes device identifiers, approximate location (country/region), purchase transaction tokens, subscription status, trial eligibility, and entitlement data. This data is used solely to display appropriate pricing, validate subscriptions, manage the 2-day trial period, detect fraud, and confirm access to premium features. Superwall does not process payment information or passwords.
OpenAI: We use OpenAI's GPT-4o model to generate personalized workout plans and power the AI trainer chat feature. When generating workouts, we send OpenAI your profile information (name, age, gender, height, weight, fitness goals, health information, workout preferences, and activity level) to create customized workout plans. When you use the AI trainer chat, your messages and conversation history are sent to OpenAI to generate contextual responses. OpenAI processes this data according to their Privacy Policy and Data Processing Addendum. We have configured OpenAI to not use your data for training their models. OpenAI does not receive payment information, passwords, or other sensitive financial data.
All third-party processors are bound by data processing agreements, GDPR-compliant safeguards, and applicable privacy laws. Wearables or other integrations you opt into remain subject to their own policies. We require each partner to limit use of your data to the contracted service.
SendGrid (operated by Twilio) sends our transactional and marketing emails, and our SMS gateways deliver text campaigns. These subprocessors receive your email address, phone number, consent status, and STOP/HELP replies solely to deliver authorized communications.
We use various push notification services and platforms (including but not limited to Expo Push Notifications, Firebase Cloud Messaging, Apple Push Notification Service, and Google Cloud Messaging) to deliver push notifications to your device. These services receive your device push tokens, notification preferences, and device identifiers solely to deliver notifications. Push notification providers may include:
All push notification providers process device tokens, notification preferences, and delivery status solely for the purpose of delivering notifications. They do not receive your personal information beyond what is necessary for notification delivery.
You can control push notification preferences through your device settings (iOS Settings or Android notification settings) or through in-app notification preferences. Marketing and promotional push notifications require opt-in consent and can be disabled at any time, while some service notifications are necessary for core functionality and may not be fully opt-outable while maintaining account access.
All messaging and push notification vendors are bound by data processing agreements, Standard Contractual Clauses for transfers outside the EEA, and telecom rules such as CAN-SPAM, CASL, TCPA/CTIA, PECR, and GDPR/ePrivacy.
We use analytics services to understand how users interact with our Services, improve functionality, and enhance user experience. These services collect aggregated, anonymized data that cannot be used to identify individual users.
Analytics providers we use include:
All analytics data is aggregated and anonymized. These services do not receive personally identifiable information beyond what is necessary for their technical operation. You can opt out of certain analytics tracking through your device settings, though this may limit our ability to provide personalized features.
All analytics providers are bound by data processing agreements requiring them to use data solely for service improvement purposes and in compliance with GDPR, CCPA, and other applicable privacy laws.
We use cookies and similar technologies (collectively, "cookies") to store and retrieve information about your use of our Services. Cookies are small text files placed on your device that help us provide personalized and customized services.
Purpose of Using Cookies:
Types of Cookies We Use:
How to Manage Cookies:
You can control cookies through your device or browser settings. Most devices allow you to refuse or delete cookies, though this may impact your ability to use certain features of the Services.
Please note that disabling cookies may affect the functionality of the Services and your user experience.
The Services are available globally, but marketing communications (email, SMS, promotional push) are restricted to users who self-certify they are at least 16. If we discover that someone under 16 has opted into marketing, we immediately revoke the consent and delete any related data.
Parents or guardians may contact us to review or delete a child's data, and we will comply promptly.
We store detailed logs of unsubscribe actions, STOP replies, HELP requests, and preference changes. Each log captures the timestamp, channel, user identifier, and response that we issued back to you.
These records are required to demonstrate compliance with telecom and privacy laws and may be retained even if you delete other data, unless a longer retention period is legally mandated.
We use SendGrid for email delivery along with vetted push notification platforms and SMS gateways to send both transactional and marketing content. These processors receive your contact details, device tokens, and preference choices solely to deliver communications.
We send various types of push notifications including:
Service notifications about workouts and core account activity are on automatically whenever you approve device-level push permissions, whereas optional marketing emails, SMS, and promotional push reminders (including marketing, sales, and motivational notifications) remain optional and can be managed through onboarding or the in-app notification settings.
Marketing emails include unsubscribe links, SMS offers allow STOP replies, and push notifications can be controlled from your device OS settings or in-app preferences. We log opt-in/out timestamps (including consent version and source) to demonstrate compliance with GDPR, CAN-SPAM, CASL, TCPA, and other international rules.
We retain personal data for as long as your account is active and for a reasonable period afterward to fulfill legal obligations or resolve disputes. Marketing consent logs (including STOP/HELP records) are retained for at least 24 months after you opt out so we can prove compliance.
Account deletion requests are processed after a 48-hour grace period. After deletion, most data is permanently removed, though some records may be retained for legal compliance.
We implement administrative, technical, and organizational controls, including encryption in transit, role-based access, and auditing of subprocessor activity.
We destroy personal information immediately once the purpose of processing has been achieved, unless retention is required by law. The procedures, timelines, and methods for destruction are as follows:
Destruction Procedure:
Personal information that has fulfilled its purpose is transferred to a separate database (or stored in separate physical documents for paper records) and retained for a certain period in accordance with internal policies and relevant laws before being permanently deleted or destroyed.
Personal information transferred to the separate database will not be used for any other purpose unless required by law.
Destruction Timeline:
Destruction Method:
We maintain records of destruction activities for audit and compliance purposes, but these records do not contain the personal information itself.
You may request access, correction, deletion, restriction, or portability of your personal data. You may also object to processing based on legitimate interests.
Submit requests via in-app settings, postal mail, or by emailing our privacy team. We will respond within one month unless law permits an extension and may ask you to verify key account details before fulfilling the request.
The Services are not directed to children under 16, and we do not knowingly process their personal data. If we learn a child has provided information, we will delete it promptly.
Apple App Store: When you download the app from the App Store, Apple may collect data about your device, purchase history, and app usage as described in Apple's Privacy Policy. Apple also processes all subscription payments and may collect payment information. We encourage you to review Apple's privacy practices.
Google Play Store: When you download the app from Google Play, Google may collect data about your device, purchase history, and app usage as described in Google's Privacy Policy. Google also processes all subscription payments and may collect payment information. We encourage you to review Google's privacy practices.
Apple Sign-In: Apple processes your authentication when you use Sign-In with Apple. Apple may collect information about your device and authentication attempts. We only receive the information Apple chooses to share (name, email, or private relay email). Apple's data collection is governed by their Privacy Policy.
Google Sign-In: Google processes your authentication when you use Sign-In with Google. Google may collect information about your device, authentication attempts, and account activity. We only receive the information you authorize Google to share (name, email, profile picture). Google's data collection is governed by their Privacy Policy.
If you connect third-party wearables or services, their terms govern their use of your data. We recommend reviewing each third-party service's privacy policy before connecting.
When SendGrid or our SMS/push gateways process your information outside the EEA, we rely on European Commission Standard Contractual Clauses, transfer impact assessments, and supplementary safeguards (encryption, access controls).
You may request copies of relevant safeguards at any time.
In addition to the Swedish Authority for Privacy Protection (IMY), you may contact the regulator in your country of residence (e.g., ICO in the UK, FTC/FCC in the US, OPC in Canada, OAIC in Australia).
We encourage you to contact us first so we can resolve the issue quickly, but we will cooperate fully with any supervisory authority.
We may update this Privacy Policy to reflect product, legal, or regulatory changes. Significant changes will be announced via email or in-app notifications.
Continued use after the effective date constitutes acceptance of the updated policy.
For privacy questions contact support@resculptai.com.
Privacy Officer: Our Privacy Officer oversees personal information processing, handles user complaints, and provides remedies related to personal information protection. You may contact the Privacy Officer at support@resculptai.com.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local supervisory authority.
Review these statements together with our Terms of Use (service contract) and California Privacy Notice (enhanced rights for CA residents).
If any conflict arises, the document granting you stronger protection or required by law will govern that issue.