Privacy Policy

 

Last updated: Tue. 25 November 2025

At LastManWorks, your privacy is our priority. This Privacy Policy explains how we collect, use, and safeguard your information when you use RollTracker ("the App").


Go to French version

1. Information We Collect

Account Information

  • Email address and password (stored securely with Firebase Authentication)

  • Display name and phone number (optional, stored locally and in your gym's database)

  • Profile information including belt rank and stripes

Gym and Attendance Data

  • Training session attendance records

  • Gym membership information and role (owner/student)

  • Member statistics and achievements

  • QR codes for gym sharing (contains only gym ID, no personal data)

Device Information

  • App usage analytics (anonymous, for improving app performance)

  • Device type and operating system version

  • Crash reports and error logs (anonymous)


2.1 How We Use Your Information

Core App Functionality

  • Manage your gym membership and attendance tracking

  • Display leaderboards and statistics within your gym

  • Enable gym owners to manage members and sessions

  • Provide subscription services for gym management features

Data Storage

  • Your personal data is stored securely using Firebase (Google Cloud)

  • Gym-specific data is isolated and only accessible to gym members

  • Local caching for offline functionality

Subscription Management

  • Process in-app purchases through Apple's App Store

  • Manage subscription status and member limits

  • No payment information is stored by us (handled by Apple)


2.2 Legal Basis for Processing (GDPR)

We process your personal data in accordance with the legal bases defined by the General Data Protection Regulation (GDPR):

Contractual Necessity

  • Creating and managing your account

  • Managing your gym membership

  • Providing access to training features, statistics, and attendance tracking

  • Managing subscriptions and member limits

Consent

  • Optional information such as phone number, profile photo or avatar, and any additional information you voluntarily provide

  • You can withdraw your consent at any time in the app settings or by contacting us

Legitimate Interest

  • Ensuring the security of the app and preventing abuse

  • Anonymous statistics used to improve app performance

  • Technical operation of the infrastructure (e.g., crash detection)

Legal Obligation

  • Processing information required for tax or billing compliance relating to Apple in-app purchases


3. Third-Party Services

Firebase (Google)

  • Authentication, database, and cloud storage services

  • Governed by Google's Privacy Policy: https://policies.google.com/privacy

  • Data is encrypted in transit and at rest

Apple Services

  • App Store for app distribution and in-app purchases

  • Sign in with Apple (optional authentication method)

  • Governed by Apple's Privacy Policy: https://www.apple.com/legal/privacy/

Google Sign-In (Optional)

  • Alternative authentication method

  • Governed by Google's Privacy Policy: https://policies.google.com/privacy


4. Data Sharing

Within Your Gym

  • Your attendance data and statistics are visible to other gym members

  • Gym owners can see all member information for management purposes

  • No data is shared outside your gym community

No Third-Party Advertising

  • We do not sell or share your data with advertisers

  • No advertising networks or tracking services are used

  • No data is used for marketing purposes outside the app


5. Data Security

Encryption and Protection

  • All data transmission uses HTTPS encryption

  • Firebase provides enterprise-grade security

  • Regular security updates and monitoring

Access Controls

  • Gym data is isolated and access-controlled

  • Only gym members can access their gym's data

  • Gym owners have additional management permissions

Data Retention Period

We retain your data only for as long as necessary for the purposes for which it was collected, in compliance with GDPR:

  • Account data (email, profile, role): retained until you delete your account

  • Gym and training data: retained while you remain a member of the gym; deleted 30 days after account deletion or immediately when you leave the gym

  • Logs, crash reports, and anonymous analytics: retained for a maximum of 12 months

  • Data stored locally on your device: deleted when the app is uninstalled

Once these retention periods expire, the data is permanently deleted or irreversibly anonymized.


6. Your Rights

Data Access and Control

  • View and edit your profile information within the app

  • Request data export by contacting us

  • Delete your account and associated data

  • Leave a gym to remove your data from that gym's records

Account Deletion

  • Contact us at contact@lastmanworks.com to delete your account

  • Data will be permanently removed within 30 days

  • Gym owners should transfer ownership before deleting their account

Your Rights as a European User (GDPR)

In addition to the rights already mentioned, you have the following rights under GDPR:

  • Right of access: obtain a copy of your personal data

  • Right to rectification: correct inaccurate information

  • Right to erasure (right to be forgotten)

  • Right to restrict processing: in specific cases defined by GDPR

  • Right to data portability: receive your data in a structured, commonly used, machine-readable format

  • Right to object: object to certain types of processing based on our legitimate interests

  • Right to lodge a complaint with a supervisory authority

    • For users in France: CNIL – www.cnil.fr

You can exercise these rights by contacting us at: contact@lastmanworks.com


7. Children Privacy

RollTracker is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. Transfers of Data Outside the European Economic Area

Some data may be transferred to countries outside the European Union, including the United States, where Firebase services (Google) are hosted.

These transfers are carried out in accordance with GDPR requirements, based on:

  • The Data Privacy Framework (DPF) when applicable, or

  • The Standard Contractual Clauses (SCCs) approved by the European Commission

Firebase also applies advanced technical and organizational measures, including encryption of data in transit and at rest.


9. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy in the app and updating the "Last updated" date.

10. Absence of Automated Decision-Making

RollTracker does not use any automated processing that produces legal or similarly significant effects on users.

Statistics (rankings, attendance, training time) are generated solely for internal display within the gym and do not result in any automated decision-making.


11. Contact Us

If you have any questions or concerns about our Privacy Policy, please contact us at contact@lastmanworks.com.