Privacy Policy

Last updated: 12/10/2025

1. Introduction

Guthly ("we", "our", "us") is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, share, and protect your personal information when you use our personal tracking application.

By using Guthly, you accept the practices described in this policy.

2. Data Controller

Eguth

20 rue de Bucarest

75008 Paris, France

SIREN: 910 888 379

SIRET: 910 888 379 00013

Contact email: hello@eguth.io

3. Data We Collect

3.1 Identification Data

  • Email address
  • First and last name (if provided via OAuth authentication)
  • Profile picture (if provided via OAuth authentication)

3.2 Health and Behavioral Data

⚠️ Sensitive Data: In accordance with GDPR, this data is considered sensitive and subject to enhanced protection.

  • Addiction tracking (types, frequency, dates)
  • Sports activities (exercises, sets, performance)
  • Personal progressions (goals, measurements)
  • Application usage statistics

3.3 Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Cookies and similar technologies

3.4 Payment Data

  • Payment information processed by Stripe (we do not store credit card details)
  • Transaction history and subscriptions

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent (Article 6.1.a GDPR): For sensitive health data, we obtain your explicit consent
  • Performance of a contract (Article 6.1.b): To provide the services you have requested
  • Legal obligations (Article 6.1.c): To comply with our legal obligations (invoicing, accounting)
  • Legitimate interests (Article 6.1.f): To improve our services and ensure platform security

5. How We Use Your Data

  • Provide and maintain our personal tracking services
  • Personalize your user experience
  • Generate personalized statistics and analytics
  • Manage your account and subscriptions
  • Process your payments via Stripe
  • Improve security and prevent fraud
  • Send you important notifications (if enabled)
  • Respond to your support requests
  • Improve our services and develop new features

6. Sharing Your Data

We never sell your personal data. We only share your data in the following cases:

6.1 Third-Party Service Providers

Stripe (Payments)

Secure payment and subscription processing

Hosting (Vercel/Cloud Provider)

Application hosting and data storage

NextAuth (Authentication)

Authentication management

6.2 Legal Obligations

We may disclose your information if required by law or in response to valid legal requests from public authorities.

7. Data Retention

  • Account data: Retained as long as your account is active
  • Health data: Retained until account deletion + 30 days (backup)
  • Payment data: Retained according to legal accounting obligations (10 years in France)
  • Technical logs: Maximum 12 months

8. Your Rights (GDPR)

In accordance with GDPR, you have the following rights:

✓ Right of access (Article 15)

Access your personal data

✓ Right to rectification (Article 16)

Correct inaccurate data

✓ Right to erasure (Article 17)

Delete your data ("right to be forgotten")

✓ Right to data portability (Article 20)

Retrieve your data in a structured format

✓ Right to object (Article 21)

Object to the processing of your data

✓ Right to restriction (Article 18)

Restrict the processing of your data

✓ Right to withdraw consent

Withdraw your consent at any time (without affecting the lawfulness of prior processing)

To exercise your rights:

  • Via your account: Settings
  • By email: hello@eguth.io

We will respond to your request within a maximum of one month.

9. Data Security

We implement technical and organizational security measures:

  • Encryption of data in transit (HTTPS/SSL)
  • Encryption of sensitive data at rest
  • Secure authentication (NextAuth)
  • Restricted data access (principle of least privilege)
  • Security monitoring and logs
  • Regular backups
  • Regular security testing

Despite our efforts, no method of transmission or electronic storage is 100% secure. In the event of a data breach, we will inform you within 72 hours in accordance with GDPR.

10. Cookies and Similar Technologies

We use cookies to improve your experience. For more details, see our Cookie Policy.

11. International Data Transfers

Your data may be transferred and stored on servers located outside the European Economic Area (EEA). In this case, we ensure that:

  • Transfers comply with GDPR (Article 44 and following)
  • Appropriate safeguards are in place (standard contractual clauses)
  • The level of protection is equivalent to that of the EU

12. Protection of Minors

Guthly is not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this privacy policy. We will inform you of any significant changes by:

  • In-app notification
  • Email (for major changes)
  • Updating the "Last updated" date at the top of this page

We encourage you to review this policy regularly to stay informed.

14. Right to Lodge a Complaint

If you believe your rights are not being respected, you can file a complaint with the French Data Protection Authority (CNIL):

CNIL

3 Place de Fontenoy

TSA 80715

75334 Paris Cedex 07

Website: www.cnil.fr

15. Contact Us

For any questions regarding this privacy policy or to exercise your rights, contact us:

Email: hello@eguth.io

Address: 20 rue de Bucarest, 75008 Paris, France

© 2025 Eguth. All rights reserved.

Terms of ServiceCookie Policy