1. Data Controller Identity
The data controller responsible for your personal data is:
Prodaigy
Email: info@prodaigy.app
If you have any questions about how your data is processed or wish to exercise any of your data rights, please contact us at the address above.
2. Services Covered
This Privacy Policy applies to all personal data collected through:
- The WorkWorks mobile application (iOS and Android)
- The website at prodaigy.app and all subdomains
- All related features, services, and communications provided by Prodaigy
3. Information We Collect
a. Personal Information
When you create an account or interact with our services, we may collect:
- Full name
- Email address
- Hashed account credentials (passwords are never stored in plain text)
b. Athlete & Fitness Data
To deliver personalized fitness coaching, we collect fitness-related data that may be considered sensitive under GDPR (Article 9). This includes:
- Workout history and exercise logs
- Sets, repetitions, and weight lifted
- Progress tracking data and trends
- Personal records (PRs) and milestones
- Workout streaks and consistency metrics
- Body measurements (if provided)
c. Nutrition Data
- Food logs and meal entries
- Caloric intake records
- Macronutrient targets and tracking data
d. AI Coach Data
- Conversation messages sent to the AI Coach
- Prompts and user inputs
- AI-generated responses
e. Device Information
- Device type and model
- Operating system and version
- App version
- IP address
f. Usage Analytics
- Feature usage patterns
- Session duration and frequency
- Interaction patterns and navigation behavior
4. Sensitive Data Disclosure (GDPR Article 9)
Certain fitness and health-related data we collect (such as workout history, body measurements, and exercise performance) may qualify as sensitive personal data under GDPR Article 9. We treat all such data with the highest level of care and process it exclusively on the basis of:
- Explicit consent — which you provide when you create your account and input your fitness data
- Contract performance — as processing this data is necessary to deliver the personalized fitness coaching services you have subscribed to
5. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: Providing workout plans, exercise tracking, progress analytics, and core app functionality
- AI Personalization: Powering the AI Coach and generating personalized workout recommendations, progressive overload calculations, and form guidance
- Nutrition Guidance: Calculating caloric and macronutrient targets, tracking food intake, and providing nutritional insights
- Email Communications: Sending transactional emails (account verification, password resets) and, with your consent, promotional communications
- Analytics: Understanding how our services are used to improve features, performance, and user experience
- Security & Fraud Prevention: Protecting accounts, detecting unauthorized access, and preventing abuse
- Legal Compliance: Meeting our obligations under applicable laws and regulations
6. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
Consent
- Email marketing communications
- AI Coach conversations and personalized recommendations
- Processing of sensitive fitness and health-related data
You may withdraw your consent at any time by contacting us at info@prodaigy.app or adjusting your preferences within the app.
Contract Performance
- Account creation and management
- Subscription management and billing
- Delivery of core fitness coaching services
Legitimate Interests
- Analytics and product improvement
- Security monitoring and fraud prevention
- Ensuring the stability and performance of our services
7. Data Sharing & Third-Party Services
We share your personal data only with the following categories of service providers, strictly as necessary to operate our services:
| Provider |
Purpose |
Data Shared |
| RevenueCat |
Subscription and payment management |
Payment tokens, subscription status |
| Mailjet |
Transactional email delivery |
Email address, first name only |
| xAI |
AI Coach processing |
Conversation content only (no personal identifiers sent) |
We do not sell your personal data to any third party.
All third-party processors are contractually obligated to handle your data in accordance with applicable data protection laws and solely for the purposes specified above.
8. Profiling & Automated Decision-Making (GDPR Article 22)
WorkWorks uses automated processing to enhance your experience:
- AI Coach: Provides automated workout recommendations, exercise suggestions, and training guidance based on your fitness data and conversation history
- Progressive Overload: Machine learning models calculate optimal weight, set, and rep progressions based on your historical performance
- 1RM Predictions: ML algorithms estimate your one-rep max based on logged data — these are estimates and may not reflect actual capacity
- Personalization: Your workout patterns and preferences are used to tailor the app experience
These automated processes are used to provide and improve our services. They do not produce legal effects or similarly significant effects on you. You may request human review of any automated decision or opt out of automated processing by contacting us at info@prodaigy.app.
9. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category |
Retention Period |
| Account data |
Duration of active account + 30 days after deletion |
| Workout & fitness data |
Duration of active account |
| AI Coach conversations |
90 days rolling |
| Email communication logs |
1 year |
| Payment records |
As required by applicable tax and financial law |
Data may be retained longer only where required for legal compliance, dispute resolution, or fee collection as permitted by applicable law.
10. Data Security
We implement industry-standard technical and organizational measures to protect your personal data, including:
- Encryption in transit: All data transmitted between your device and our servers is protected using TLS (Transport Layer Security)
- Encryption at rest: Stored data is encrypted to prevent unauthorized access
- Password hashing: Account passwords are hashed using bcrypt with 12 rounds of salting
- Token security: Authentication tokens are hashed using SHA-256
- Secure session management: Sessions are managed with industry-standard security practices
- Rate limiting: API endpoints are protected against brute-force attacks and abuse
While we strive to protect your personal data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.
11. Your Rights — EU/UK/EEA (GDPR & UK GDPR)
If you are located in the European Union, United Kingdom, or European Economic Area, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to Restriction of Processing (Art. 18): Request that we limit how we use your data
- Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format
- Right to Object (Art. 21): Object to processing of your personal data based on legitimate interests
- Right to Withdraw Consent: Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawal
- Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority
To exercise any of these rights, please email info@prodaigy.app. We may require identity verification before processing your request. We will respond within 30 days of receiving your request.
12. Your Rights — California (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:
- Right to Know: You have the right to know what personal information we collect, use, disclose, and sell about you
- Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions
- Right to Opt-Out of Sale: You have the right to opt out of the sale of your personal information. "Do Not Sell or Share My Personal Information" — we do not sell your personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights
To exercise any of these rights, please email info@prodaigy.app.
13. Children's Privacy
WorkWorks is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
- United States (COPPA): We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
- GDPR Countries: We do not knowingly collect personal data from individuals under the age of 16, unless a lower age threshold applies under the laws of the relevant member state.
If you believe we have inadvertently collected data from a child, please contact us immediately at info@prodaigy.app and we will delete the data promptly.
14. Processor vs. Controller
Prodaigy acts as the data controller for personal data collected through WorkWorks. In circumstances where Prodaigy processes personal data on behalf of a business or enterprise client (for example, in future B2B or enterprise scenarios), Prodaigy may act as a data processor. In such cases, the respective enterprise client would be the data controller, and a separate data processing agreement would govern the relationship.
15. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Union, United Kingdom, or European Economic Area. When such transfers occur, we ensure an adequate level of protection through the following safeguards:
- EU Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission to govern transfers of personal data to third countries
- UK International Data Transfer Agreement (IDTA): For transfers from the UK, we rely on the IDTA or the UK Addendum to the EU SCCs
These mechanisms ensure that your personal data receives an adequate level of protection regardless of where it is processed.
16. Cookies & Tracking Technologies
Our services may use the following technologies:
- Web Sessions: Session cookies used to maintain your authenticated state and provide core functionality
- Analytics: We may use analytics tools to understand how our services are used and to improve performance
We do not use third-party advertising cookies or tracking technologies for targeted advertising purposes.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:
- The updated policy will be posted with a revised effective date
- For material changes, we will notify you via email or through an in-app notification
- Your continued use of WorkWorks after the updated policy is posted constitutes your acceptance of the changes
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
18. Contact
For all privacy inquiries, data subject requests, complaints, or questions about this Privacy Policy, please contact us at:
Prodaigy
Email: info@prodaigy.app
We are committed to working with you to resolve any concerns about your privacy and personal data.