Back to GYMO
GYMO Logo

Privacy Policy

Last updated: October 2025 • Version 1.0

Overview

At GYMO, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and protect your data when you use our AI-powered video generation application for creating Spotify canvases.

GYMO is operated by EMGY, located at Oost-indiëplaats 2611BS Delft, The Netherlands. You can contact us via email at contact@emgy.eu.

Information We Collect

Account Information

  • Email address (for account creation and authentication)
  • Account creation date and timestamps
  • Credit balance and transaction history

Content Data

  • Uploaded artwork images (processed to create moving videos)
  • Generated video content and metadata
  • Processing information necessary to create your videos

Payment Information

  • Stripe Customer ID (for payment processing)
  • Subscription status and billing information
  • Credit purchase history

Technical Data

  • Device and browser information (minimal analytics)
  • Usage patterns and app interaction data

Legal Basis for Processing Your Information

Under the General Data Protection Regulation (GDPR), we process your personal data under the following legal bases:

Performance of a Contract

We process your data to provide and maintain the services you signed up for, including account management, video generation, credit system management, and subscription services.

Legitimate Interests

We process your data for our legitimate interests, such as improving our app, analyzing usage patterns to develop new features, ensuring security, and preventing fraud, provided that these interests do not override your fundamental rights and freedoms.

Consent

For optional data collection and certain communications, we rely on your consent. You can withdraw your consent at any time.

Legal Obligation

We process your data to comply with legal obligations, such as maintaining transaction records for tax and accounting requirements, and responding to lawful requests from authorities.

How We Use Your Information

Service Delivery

  • Transform your artwork into animated moving videos
  • Provide credit-based usage tracking
  • Deliver generated videos to your account

Account Management

  • Create and maintain your account
  • Process payments and manage subscriptions
  • Provide customer support
  • Send essential service updates and notifications

Improvement and Analytics

  • Improve app performance and fix bugs
  • Develop new features based on usage patterns
  • Analyze app performance and user experience

Data Security, Retention, and Breach Notification

Data Storage and Security

Your data is stored securely on Supabase servers located in Central EU (Frankfurt, Germany) with enterprise-grade security. All data is encrypted both in transit (using TLS) and at rest using industry-standard encryption protocols.

Data Retention

We retain your personal data according to the following specific periods:

  • Account data: Until account deletion, plus 30 days for legal obligations
  • Uploaded images: Stored temporarily during video creation process
  • Generated videos: Displayed temporarily during creation, not permanently stored
  • Credit transactions: 7 years for legal and tax compliance

Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities without undue delay, in accordance with applicable law.

Data Sharing and Third Parties

No Data Selling

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers (Data Processors)

We work with trusted service providers who help us process your images into moving videos. They are contractually bound to protect your data. These include Supabase for database, authentication, and storage services (Privacy Policy), and OpenAI, Google Gemini, Luma AI, and Shotstack for video generation (OpenAI API Policy, Gemini Terms, Luma Privacy, Shotstack Privacy).

Third-Party Data Controllers

When you make a purchase, payment processing is handled by Stripe, which acts as a separate data controller (Privacy Policy).

Legal Requirements

We may disclose information when required by law, to protect our rights, or to ensure the safety and security of our users.

Your Rights and Choices

Data Access and Portability

  • Request a copy of your personal data
  • Review your account information in the app
  • Export your generated videos

Data Correction and Deletion

  • Update your profile information
  • Delete generated videos
  • Request complete account deletion

Withdrawing Your Consent

Where we rely on your consent to process your data, you can withdraw it at any time by contacting us at contact@emgy.eu. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

If you are in the European Economic Area (EEA), you have the right to lodge a complaint with a data protection authority. Our lead supervisory authority is the Dutch “Autoriteit Persoonsgegevens”:

Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ DEN HAAG

The Netherlands

autoriteitpersoonsgegevens.nl

Cookies and Tracking Technologies

Our web application uses minimal tracking technologies necessary for functionality. We use Supabase SDKs which may collect technical data and device identifiers to help the app function correctly, manage authentication, and analyze performance. This processing is performed for our legitimate interests in operating and improving our service.

Children's Privacy

Our app is not intended for children under the age of 16 in the European Economic Area, or under 13 in other jurisdictions. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can take appropriate action.

International Data Transfers

Your information, including personal data, may be transferred to and maintained on computers located outside of your jurisdiction where data protection laws may differ. We take all steps reasonably necessary to ensure that your data is treated securely. For transfers of data outside the European Economic Area (EEA), we rely on appropriate safeguards, such as Standard Contractual Clauses and adequacy decisions, to ensure your data is protected.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy in the app and updating the “Last updated” date at the top of this page. Your continued use of the app after changes are posted constitutes acceptance of the new policy. Previous versions of this policy are available upon request.

Contact Us

If you have questions about this Privacy Policy or our data practices, or if you wish to exercise any of your rights, please contact our Data Protection representative:

Company: EMGY

Address: Oost-indiëplaats 2611BS Delft, The Netherlands

Email: contact@emgy.eu

Subject: Data Protection Inquiry

We will respond to your request within a reasonable timeframe and in accordance with applicable law. As our operations do not currently require it under GDPR, we have not appointed a formal Data Protection Officer (DPO), but our data protection contact is available to handle all your privacy-related inquiries.

© 2025 EMGY. All rights reserved.