Privacy Policy
Last updated: May 13, 2026
This Privacy Policy describes how Robin Kirkestuen Melby, an individual operating under the trade name "Zet" ("Zet," "we," "us," or "our"), based in Skjåk, Innlandet, Norway, accesses, collects, stores, uses, and shares your personal information when you use the Zet mobile application or otherwise interact with us.
If you do not agree with this policy, please do not use the Service. Questions or concerns can be sent to support@getzet.app.
Summary
- What we collect: account information (name, email, password, sign-in identifiers), workout data, body weight, and coach conversations.
- Sensitive data: health data (body weight) and account login information.
- Why: to provide the Service, authenticate you, run the AI coach, manage your subscription, and respond to support.
- Who we share with: Apple, Google, Supabase, RevenueCat, Anthropic, and Expo — only as needed to operate the Service.
- We do not sell your data.
- Where data is processed: Norway, Germany (EU), and the United States.
- Your rights: access, correction, deletion, portability, and (where applicable) withdrawal of consent.
- Retention: for as long as you have an account.
1. What information we collect
Information you provide
When you create an account or use Zet, we collect:
- Account information: name, username/display name, email address.
- Authentication data: password (hashed) for email signup, OAuth identifiers when you use Sign in with Apple or Sign in with Google.
- Workout content: the exercises, sets, weights, reps, notes, and other content you log.
- Coach conversations: messages you send to the AI coach and the responses you receive.
- Profile data: body weight, training preferences (experience level, frequency, goal).
Sensitive information
We process the following sensitive categories:
- Health data: body weight and any health-adjacent information you choose to include in workout notes or coach conversations.
- Account login information.
We process sensitive information only with your consent or as otherwise permitted by applicable law.
Payment data
We do not collect or store payment card information. All payments are processed by Apple via the App Store. Subscription status is tracked by RevenueCat. You can review the privacy practices of these providers here:
- Apple: https://www.apple.com/legal/privacy/
- Google: https://policies.google.com/privacy
- Supabase: https://supabase.com/privacy
- RevenueCat: https://www.revenuecat.com/privacy
- Anthropic: https://www.anthropic.com/legal/privacy
- Expo: https://expo.dev/privacy
Information collected automatically
When you use the Service, we (or our providers) automatically collect:
- Device data: device model, operating system, OS version, language/locale, app version.
- Log data: IP address, request timestamps, error reports, and similar diagnostic information.
This information is used to operate, secure, and improve the Service.
Information from third parties
If you sign in using Apple or Google, we receive limited profile information from those providers (typically name, email, and a unique identifier). What we receive is governed by your settings with those providers.
2. How we use your information
We process your information to:
- Create your account, authenticate you, and keep your account secure.
- Deliver the core Service: store your workouts, display your training history and progression, and generate AI-powered coaching responses.
- Manage your subscription, including trial periods and renewals.
- Respond to your support requests.
- Send administrative communications such as password resets, trial-ending notices, and updates to our terms or this policy.
- Diagnose issues, prevent abuse, and protect the Service.
- Understand how the Service is used, in aggregate, so we can improve it.
- Comply with applicable law.
We do not use your information for advertising or marketing communications.
3. Legal bases for processing (EU/UK)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:
- Performance of a contract: to provide the Service you've signed up for.
- Consent: for processing sensitive data (such as health data), where consent is required. You can withdraw consent at any time.
- Legitimate interests: to improve the Service, prevent fraud and abuse, and ensure the security and reliability of the Service. We balance these interests against your rights.
- Legal obligations: to comply with applicable law.
- Vital interests: in rare cases involving safety.
4. AI features
Zet's coach feature is powered by Anthropic's Claude. When you interact with the coach, your messages and a limited window of recent workout history are sent to Anthropic to generate a response. Anthropic processes this data under its own terms and privacy policy.
The AI coach is for general fitness guidance only. It is not a medical professional, not a certified trainer, and is not a substitute for professional advice.
You can stop using the AI coach at any time. The rest of the Service functions independently.
5. Who we share your information with
We share information only with third-party providers who help us operate the Service. We do not sell your personal information.
| Provider | Purpose | Location |
|---|---|---|
| Apple | Sign in with Apple, payment processing, app distribution | United States (with EU infrastructure) |
| Sign in with Google (OAuth) | United States | |
| Supabase | Database, authentication, file storage | Germany (Frankfurt) with US control plane |
| RevenueCat | Subscription management | United States |
| Anthropic | AI processing for the coach feature | United States |
| Expo (EAS) | App build and deployment infrastructure | United States |
Each provider operates under a data processing agreement and is contractually limited to processing your data on our instructions.
We may also share information:
- In connection with a business transfer (merger, acquisition, sale of assets), with notice to you where required.
- To comply with law, court orders, or other legal processes.
- To protect our rights, your safety, or the safety of others.
6. International data transfers
Our servers and providers are located in Norway, Germany, and the United States. If you are located outside these countries — including in the EEA, the UK, Switzerland, or Canada — your data may be transferred to and processed in these countries.
For transfers from the EEA, UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs), which are included in our agreements with US-based providers.
7. How long we keep your data
We retain your personal information for as long as you have an active account with us. When you delete your account, we delete or anonymize your personal information within a reasonable period, except where we are required to retain it by law (e.g., for tax records or to defend legal claims).
Some data may persist briefly in backups (up to 90 days) before being fully purged.
8. How we protect your data
We use industry-standard security practices, including:
- Encryption in transit (HTTPS/TLS) and at rest.
- Row-level security on all database tables.
- OAuth-based authentication via Apple and Google, plus hashed passwords for email/password signup.
- Access controls that limit who can access your data.
No system is 100% secure. While we work to protect your data, we cannot guarantee its absolute security.
9. Children
Zet is not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we have collected information from a child under 13, contact us at support@getzet.app and we will delete it.
If you are between 13 and the age of majority in your jurisdiction, you may use Zet only with the consent of a parent or guardian.
10. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your personal information ("right to be forgotten").
- Restrict or object to certain processing.
- Portability: receive a copy of your data in a structured format.
- Withdraw consent at any time (without affecting prior processing).
- Lodge a complaint with a data protection authority.
To exercise these rights:
- Email us at support@getzet.app, or
- Submit a request via our data subject access request form.
We will respond within the timeframes required by applicable law.
EU/UK users
You may lodge a complaint with your local data protection authority. A list of EEA authorities is available at https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. UK users may complain to the ICO at https://ico.org.uk/make-a-complaint/.
Swiss users
You may contact the Federal Data Protection and Information Commissioner at https://www.edoeb.admin.ch/edoeb/en/home.html.
11. US state privacy rights
If you reside in California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have rights under applicable state law, including the right to:
- Know whether we process your personal information.
- Access and obtain a copy of your personal information.
- Correct inaccuracies.
- Request deletion.
- Opt out of the sale or sharing of personal information (we do not sell or share for targeted advertising).
- Limit the use and disclosure of sensitive personal information.
- Non-discrimination for exercising these rights.
Depending on your state, you may also have rights to appeal a denial, designate an authorized agent, or receive a list of third parties we have disclosed information to. To exercise any of these rights, contact us using the methods in Section 10.
We have not sold or shared personal information for advertising purposes in the last 12 months.
Categories of personal information collected (under California law)
- Identifiers: name, email, account ID, IP address.
- Customer records: name.
- Commercial information: subscription status, purchase history.
- Sensitive personal information: account login information, health data (body weight).
We do not collect biometric data, geolocation, professional/employment information, education records, or inferences used to create profiles about you.
12. Australian users
If you are in Australia, we collect and process your personal information consistent with the Australian Privacy Principles under the Privacy Act 1988. You may request access to or correction of your personal information by contacting us. You may also lodge a complaint with the Office of the Australian Information Commissioner at https://www.oaic.gov.au/privacy/privacy-complaints/.
13. Canadian users
If you are in Canada, we rely on your express or implied consent to process your personal information, as required by PIPEDA and Quebec's Law 25. You may withdraw consent at any time. In limited cases, applicable law permits processing without consent (for example, to investigate fraud or comply with a court order).
14. Do Not Track
Some browsers and operating systems support a "Do Not Track" (DNT) signal. There is no industry consensus on how to respond to DNT signals, so we do not currently respond to them. If a standard is adopted, we will update this policy.
15. Updates to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when changes took effect. For material changes, we will notify you by email (sent from support@getzet.app) before the new policy takes effect, where required.
16. Contact
If you have questions about this Privacy Policy or our handling of your personal information, contact us at:
Robin Kirkestuen Melby Svingen 7 2690 Skjåk, Innlandet Norway
Email: support@getzet.app