Privacy Policy app

Reboots App

As of: 05/2026

Valid for app version: 3.39

1. Subject of this Privacy Policy

This privacy policy applies to the use of the Reboots app.

Through the app, you can control our products and use additional features, services, and offers.

This privacy policy informs you about

  • which personal data we process,
  • for what purposes this is done,
  • on what legal basis the processing is carried out,
  • to which recipients data is transmitted,
  • how long data is stored,
  • and what rights you have.

This privacy policy applies exclusively to the use of the Reboots app.

2. Provision via App Stores

The Reboots app is provided via external platforms (e.g., Apple App Store, Google Play Store).

Registration with the respective platform provider may be required for the download. We have no influence on the data processing by these providers. The data protection provisions of the respective platform operator apply.

3. General Information on Data Processing

Personal data is any information relating to an identified or identifiable natural person.

We process personal data exclusively in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the respective applicable national data protection laws.

The processing of personal data in connection with applications or supplier relationships is not the subject of this privacy policy. We provide separate information on this on our website.

4. Controller

The controller within the meaning of the GDPR is:

Wellcosan GmbH c/o Caya Postbox 794627 Am Börstig 5 96052 Bamberg Germany

Germany

Email: privacy@reboots.de

Phone: +49 6664-919642

5. Categories of Processed Data

In the context of using the Reboots app, the following data may be processed in particular:

  • Identity data (e.g., name, email address)
  • Contact data
  • Usage data (e.g., features used, duration of use)
  • Interaction data (e.g., clicks, push openings)
  • Device information (e.g., device ID, operating system, log data)
  • Purchase data
  • Segmentation and profiling data within personalized communication
  • Health and training data (e.g., heart rate, HRV, training duration, activity data), if provided via connected third-party apps or wearables
  • Manually recorded training and Recovery data
  • AI-generated analysis and recommendation results

6. Purposes of Processing

6. Use of the App

We process your data to provide you with the features of the Reboots app and manage your user account.

Legal basis: Art. 6 para. 1 lit. b GDPR (Contract fulfillment)

6.2 Push Notifications

When you enable push notifications, we process:

  • Push token
  • Device information
  • Information about shipping and opening push notifications
  • Interaction data
  • Segmentation information

For sending and managing push notifications, we use the service Klaviyo.

Provider is:

Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA.

Purpose:

  • Information on the use of our products
  • Recovery tips
  • Marketing information (if activated)
  • Measurement of push campaign success

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

Revocation:

Push notifications can be disabled at any time via the app or device settings.

A transfer of personal data to the USA may occur. This is based on appropriate safeguards in accordance with Art. 44 ff. GDPR (e.g., standard contractual clauses or EU-US Data Privacy Framework, if applicable).

6.3 Analysis and Optimization of the App

To analyze the use of our app and optimize our offering, we use analytics services.

Google Analytics (GA4)

Provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In particular, the following are processed:

  • IP address (shortened, if activated)
  • Device information
  • Usage behavior
  • Session data
  • Interactions within the app

Purpose:

  • Analysis of user behavior
  • App optimization
  • Measurement of conversion rates
  • Evaluation of marketing measures

Legal Basis:

Art. 6 para. 1 lit. a GDPR (consent, if required)

or Art. 6 para. 1 lit. f GDPR (legitimate interest)

A transfer to the USA cannot be excluded. This is done in accordance with Art. 44 ff. GDPR.

6.4 Redirect to the Online Shop

Our online shop is operated via Shopify.

Provider for EU users:

Shopify International Limited, Ireland.

Processed are:

  • Transaction data
  • Payment information
  • Technical parameters (e.g., UTM parameters)

Purpose:

  • Order processing
  • Conversion measurement
  • Sales analysis

Legal Basis:

Art. 6 para. 1 lit. b GDPR

Art. 6 para. 1 lit. f GDPR

6.5 Marketing Automation and CRM

To conduct marketing campaigns and segment user groups, we use a customer relationship management system.

Provider: Klaviyo Inc., USA.

The following may be processed:

  • App usage data
  • Purchase history
  • Interaction data
  • Segmentation information

Purpose:

  • Personalized communication
  • Push and marketing campaigns
  • Measurement of campaign success

Legal Basis:

Art. 6 Abs. 1 lit. a DSGVO (Einwilligung)

Art. 6 para. 1 lit. f GDPR (legitimate interest)

6.6 IT Security and Log Data

To ensure the security and stability of our app, we process:

  • Server log data
  • IP address
  • Device information
  • Error and system logs

Purpose:

  • Error analysis
  • Abuse prevention
  • System security

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

6.7 Friends Club / Referral Program

When participating in the Friends Club, we process:

  • Participation information
  • Purchase data
  • Interaction data
  • Contact data

Purpose:

  • Program execution
  • Granting of benefits
  • Analysis of program usage

Legal Basis:

Art. 6 para. 1 lit. b GDPR (contract)

Art. 6 para. 1 lit. f GDPR (legitimate interest)

6.8 Integration of Wearables and Apple Health

If you connect to third-party apps or wearables (e.g., Apple Health, fitness trackers), training and health data can be transferred to our app.

In particular, the following data can be processed:

  • Training Duration and Intensity
  • Heart Rate Data
  • HRV (Heart Rate Variability)
  • Activity Data
  • Recovery Indicators
  • Other health-related metrics

The transfer is carried out solely based on your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR and – if health data is involved – Art. 9 para. 2 lit. a GDPR.

The connection to Apple Health or other third-party providers can be revoked at any time via the respective system settings.

We point out that the data processing by Apple or other wearable providers is subject to their respective privacy policies.

6.9 AI-Supported Recommendations (“AI Recovery Coach”)

Within the app, AI-supported functions can be used to generate personalized recommendations for recovery and program usage based on collected usage, training, and health data.

In particular, the following data can be analyzed:

  • Training and Activity Data
  • Recovery Usage Data
  • Historical and Trend Data
  • Possibly health data (if connected)

Purpose:

  • Creation of personalized Recovery recommendations
  • Program Suggestions
  • Optimization of the individual recovery routine

Legal Basis:

Art. 6 Abs. 1 lit. a DSGVO (Einwilligung)

Art. 9 Abs. 2 lit. a DSGVO (Einwilligung bei Gesundheitsdaten)

The processing is carried out to support your personal training and recovery goals.

Automated decision-making with legal or similarly significant effects as per Art. 22 GDPR does not take place.

6.10 Data Dashboard and Training Log

Within the app, training and Recovery data can be displayed on a personal dashboard.

The following data can be processed and stored:

  • Number and Duration of Recovery Sessions
  • Training and Activity Data
  • Manually recorded Mobility, Yoga, Breathing, or Meditation Sessions
  • Progress Metrics
  • Trend Analyses

Purpose:

  • Transparency about your own Recovery routine
  • Visualization of Training and Recovery Balance
  • Motivation and Progress Tracking

Legal Basis:

Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung)

Art. 6 Abs. 1 lit. a DSGVO (Einwilligung, sofern Gesundheitsdaten verarbeitet werden)

7. Transfer to Recipients

We transfer personal data to:

  • Shopify
  • Klaviyo
  • Google
  • Hosting and Cloud Service Providers
  • Authorities and Courts
  • Lawyers and Tax Advisors

The transfer is based on Art. 28 GDPR (Data Processing Agreement) or on legal obligations or legitimate interests.

8. Transfer to Third Countries

If service providers outside the EU/EEA are used (e.g., USA), the transfer is based on appropriate safeguards in accordance with Art. 44 et seq. GDPR (e.g., EU Standard Contractual Clauses or EU-US Data Privacy Framework).

9. Storage Duration and Deletion

We generally store personal data only as long as it is necessary for the respective processing purposes.

Use of the App and User Account

Personal data related to your Reboots account is generally processed as long as your user account exists.

When your user account is deleted, your personal data is generally deleted or anonymized, unless legal retention obligations or other legitimate reasons oppose deletion.

Legal Retention Obligations

Longer storage may be necessary in particular:

  • to fulfill legal retention obligations (e.g., tax and commercial law regulations),
  • to assert, exercise, or defend legal claims,
  • to fulfill data protection proof obligations.

In these cases, processing is limited to the necessary extent.

10. Your Rights as a Data Subject

You have the following rights within the framework of legal provisions:

10.1 Information (Art. 15 GDPR)

You have the right to request information about whether and which personal data we process about you.

10.2 Correction (Art. 16 GDPR)

You have the right to request the immediate correction of incorrect or incomplete personal data.

10.3 Deletion (Art. 17 GDPR)

You have the right to request the deletion of your personal data if the legal requirements are met.

10.4 Restriction of Processing (Art. 18 GDPR)

You can request the restriction of processing under certain conditions.

10.5 Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transfer to another controller.

10.6 Revocation of Consents (Art. 7 para. 3 GDPR)

You can revoke a given consent at any time with effect for the future.

The legality of the processing carried out until the revocation remains unaffected.

10.7 Right to Object (Art. 21 GDPR)

If we process your personal data based on Art. 6 para. 1 lit. e or lit. f GDPR, you have the right to object to the processing for reasons arising from your particular situation.

If personal data is processed for the purpose of direct marketing, you have the right to object to the processing for such advertising at any time.

This also applies to profiling, insofar as it is related to such direct marketing.

To exercise your rights, you can contact us at any time at the following email address:

privacy@reboots.de

11. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

Previous Versions

Valid for App Version: 1.0; As of: 12/01/21

As of: 01.12.21

Valid for app version: 1.0

all versions of the privacy policy are available here:

https://reboots.com/pages/datenschutzerklarung-app

Privacy Policy

Reboots App

Preamble

With the Reboots app, you can control the function of your Reboots Go Lite, as well as in the future

use various services and offers, such as the Sequence Hub. These

The privacy policy exclusively refers to your use of the Reboots app.

With the following data protection provisions:

● We show clearly which data we collect and how we use this data,

● enable you to have more control over your data

● and provide you with extensive information about your rights as a user of our app.

Provision and Installation of the Reboots App

The Reboots app can be downloaded via distribution platforms operated by third parties, the so-called app stores (Google Play and Apple App Store). Downloading may require prior registration with the respective app store and the installation of the app store software from Google or Apple. Wellcosan has no influence on the collection, processing, and use of personal data in connection with your registration.

Privacy Policy

Your privacy is very important to us. With this privacy policy, we inform you about the type, scope, and purposes of the collection and use of your personal data by Wellcosan GmbH ("Wellcosan", "we"). We collect and use your personal data exclusively within the framework of these provisions. Personal data includes all information relating to an identifiable or identified natural person. The processing of your personal data is carried out in accordance with the applicable legal regulations, such as the EU General Data Protection Regulation ("GDPR") or the Federal Data Protection Act ("BDSG"). Please note that the processing of your personal data in connection with applications and collaboration as a supplier is not the subject of this privacy policy. We inform you about this processing of personal data on our website.

Controller

The controller for the collection, processing, and use of your personal data in connection with the use of the Reboots app is the

Wellcosan GmbH

Hauptstraße 27

36381 Schlüchtern

Tel.: +49 6664-919642

Email: privacy@reboots.de

We process your personal data as the controller when you use our Reboots app or our websites (together with the apps, "products") or otherwise get in touch with us.

Contact for Data Protection

For your questions about the processing of personal data and the protection of your rights as a data subject, we have appointed a contact person whom you can reach at the email address privacy@reboots.de you can reach. You can also write us a letter with the addition "Data Protection" at the postal address provided under Responsible or call us.

Categories of personal data

We process personal data that we receive directly from you or indirectly (e.g., through the use of our services and products), that others transmit to us (e.g., because you use their services and products), or that we generate ourselves and assign to you (e.g., your Reboots account). We process the following categories of personal data:

Identity data

Identity data includes all information that identifies you as a natural person. This includes, for example: name (first name, last name), date of birth, email address, gender, password.

Contact data

Contact data includes all information we process when you communicate with us. This includes, for example: phone number, shipping and billing address, email address, messenger ID, social media handle, and other communication channels through which you contact us.

Size information

Size information includes all information regarding your body measurements. This includes, for example: shoe size, clothing size, height, and weight.

Financial data

Financial data includes all information that we process in connection with services or apps we provide. This includes, for example: invoices, purchases, claims, payment service providers, price, currency, bank and tax information. For processing payments, we receive an ID from our payment service provider, which also represents personal data.

Device data

Device data includes all information about your device that we collect with our app. This includes, for example: device EUI, device ID, device fingerprint, IP/WIFI information, operating system, device type and version, logging information, as well as other information stored on the device that you have granted us access to.

Tracking data

Tracking data includes all information about your browsing behavior. This includes, for example: browser name, IP address, clickstream data, date and time of your visit, and the time spent on the website, the pages you visited, selected links on a website or clicking on our marketing messages, information about pages or advertisements through which you came to us, the data volume transmitted, as well as the browser language and version, web beacons, tracking pixels, and mobile identifiers, and the extensions you have installed.

Communication Data

Communication data are all the information we process during communication with you. This includes, for example: your feedback, comments, and opinions on our products and services. It also includes the data we receive from you when surveying and evaluating our products and services, when you participate in surveys on usage and product satisfaction.

Preferences and Settings

Preferences and settings are all the information we process that indicate your inclinations and preferences. The information can be provided by you or inferred. This includes, for example: preferred activities, preferred language, preferred attributes and settings for our products and services, units (distance, weight, temperature), personal goals and motivation (e.g., weight goal), training plan information, completed workouts, preferences for your equipment (brand, model, size, color), and product reviews as well as photos.

Processing Purposes and Legal Bases

We process your personal data for specific, defined purposes ("processing purposes"). Under certain circumstances, we also process your personal data for different purposes, e.g., when we are legally obliged or otherwise entitled to do so ("legal basis").

Communication

We process your personal data to communicate with you as part of our customer relationship. This is the case, for example, when we inform you about new products and services or the basis of processing your personal data.

The legal basis for these processing activities is the fulfillment of our contract with you.

The categories of personal data processed for this purpose are identity data, contact data, location data, financial data, correspondence, and reference data.

For this processing purpose, we share personal data with processors, in this case with the operators of our email and messaging services and our customer relationship management system.

Provision of our Products and Services

We process your personal data to provide you with an optimal user experience when using our products and services.

For this purpose, we may collect personal data by using technologies such as cookies, pixels, web beacons, tracking pixels, tags, and mobile identifiers to collect device information. More information about the cookies we use, the personal data we process in doing so, and how you can influence this processing can be found in our Cookie Notice.

The legal basis for these processing activities is the necessity to fulfill our contract with you or our legitimate interest.

The categories of data processed for this purpose are identity data, contact data, purchase data, size information, device information.

For this processing purpose, we share personal data with processors, in this case with the operators of our Customer Relationship Management system, cloud service providers, authentication service providers.

Customer Management

We process your login information for our products and services on our central authentication platform so that you can sign up for our products and services. When you access our products and services with your Reboots account, we use a token to verify your identity through the authentication platform. This enables the secure use of our products and services and the management of your account. This also includes sending messages, e.g., related to changes in personal data and the assignment or modification of authentication information.

For this purpose, we may collect personal data by using technologies such as cookies, pixels, web beacons, tracking pixels, tags, and mobile identifiers to collect device information. More information about the cookies we use, the personal data we process in doing so, and how you can influence this processing can be found in our Cookie Notice.

The legal basis for these processing activities is the necessity to fulfill our contract with you or our legitimate interest.

The data categories processed for this purpose are identity data, contact data, and device information.

For this processing purpose, we share personal data with processors, in this case with authentication service providers.

Customer Support

We process your personal data to answer questions regarding the use of our products and services. This form of support also includes inquiries related to the protection of your rights as a natural person in the area of data protection.

The legal basis for these processing activities is the necessity to fulfill our contract with you or our legitimate interest. For questions about data protection, the legal basis is our legal obligation to process your inquiries.

The data categories processed for this purpose are identity data, contact data, location data, purchase data, device information, usage data, activity data, correspondence.

For this processing purpose, we share personal data with processors, in this case with the operators of our email and messaging services and our customer relationship management system.

Product Development

We process your personal data to improve questions regarding the use of our products and services. For this purpose, we may invite you to surveys, ask for your feedback, and request evaluations of our products.

The legal basis for these processing activities is your consent, which you can withdraw at any time without giving reasons and without disadvantages.

The data categories processed for this purpose depend on the purpose of product development and can include all data categories. Wherever possible, we remove personal information, such as identity, contact, location, and device data, and process anonymized data that does not allow conclusions about your person.

For this processing purpose, we share personal data with processors, in this case with the operators of our email and messaging services and our customer relationship management system, as well as providers of survey services.

Business analysis

We process your personal data to learn more about the use of our products and services, better understand which features of our products and services are used, review the effectiveness of our marketing measures, optimize the use of our website, and improve the overall user experience. For this purpose, we may collect personal data by using technologies such as cookies, pixels, web beacons, tracking pixels, tags, and mobile identifiers to collect device information and analyze the interaction and use of our app and website. For more information about the cookies we use, the personal data we process, and how you can influence this processing, please refer to our cookie notice.

The legal basis for these processing activities is our legitimate interest or your consent, which you can withdraw at any time without giving reasons and without disadvantages.

The data categories processed for this purpose include identity data, location data, purchase data, profile and community information, social media information, device information, browsing information, activity data, correspondence, as well as preferences and settings.

For this processing purpose, we share personal data with processors, in this case with the operators of our email and messaging services and our customer relationship management system, as well as providers of cloud services and analytics services.

Secure operation of our products and services, information security

We process your personal data by monitoring the traffic to our websites and apps and analyzing the data transmitted by our servers. The purpose of processing is to determine which websites and apps are connected to our domain, identify and fix errors, ensure the promised use of our products and services, grant access only to authenticated users, prevent misuse, and ensure information security.

The legal basis for these processing activities is our legitimate interest.

For this purpose, we may collect personal data by using technologies such as cookies, pixels, web beacons, tracking pixels, tags, and mobile identifiers to collect device information and analyze the interaction and use of our app and website. For more information about the cookies we use, the personal data we process in the process, and how you can influence this processing, please refer to our Cookie Notice.

For this processing purpose, we share personal data with processors, in this case with providers of analytics services.

Cooperation with law enforcement and regulatory authorities

We process your personal data when we are legally required to provide your data for reasons of national and public security, crime prevention, investigation and prosecution of criminal offenses, combating money laundering, conducting judicial proceedings, protecting the rights and freedoms of others, and enforcing civil claims. In these cases, we will review the legal bases for the transmission. Under certain circumstances, we may not inform you about the transmission, as laws prohibit the information.

The legal basis for these processing activities is the applicable legal obligation, the protection of vital interests of natural persons, or the public interest.

The categories of data processed for this purpose depend on the content and circumstances of the request and our obligation to comply with it.

For this processing purpose, we share personal data with processors, in this case with operators of email and messaging services, as well as with requesting authorities and courts.

Legal obligations and contractual disputes

We process your personal data when we are required to comply with legal retention periods. In cases of contractual disputes, investigations, or disputes and complaints about compliance with data protection regulations, including handling data protection requests, we must retain evidence to defend ourselves.

The legal basis for these processing activities is the applicable legal obligation or our legitimate interest.

The categories of data processed for this purpose depend on the respective legal obligation and the specific circumstances of the inquiries or disputes and can include all categories of personal data. For this processing purpose, we share personal data with processors, in this case with operators of email and messaging services, cloud service providers, as well as with lawyers and tax advisors commissioned by us.

Sharing of personal data

We share personal data with processors, authorities, and lawyers and tax advisors commissioned by us.

Sharing of personal data with processors

We share personal data with processors who support us in the processing activities specified under processing purposes and legal bases, and as far as it is necessary for the purposes listed under processing purposes and legal bases of data processing.

Our processors are contractually obligated to process this personal data according to our instructions, to protect it, and not to use it for other purposes. Which processors are involved is specified under the processing purposes.

Sharing of personal data with authorities, lawyers, and tax advisors

We share personal data with authorities, lawyers, and tax advisors as far as it is necessary for the purposes listed under processing purposes and legal bases of data processing.

Storage and deletion of personal data

Use of our products and services

For the use of our products and services, we store your personal data as long as you have created a Reboots account with us. If we no longer need your personal data for the use of our products and services, we will delete or anonymize this data after a reasonable period. This is the case, for example, when we change or no longer offer products, services, and/or features.

Use of the Reboots account

Your personal data will be processed as long as your Reboots account exists. Your data will be automatically deleted when your Reboots account is deleted. Your data will not be deleted if legal obligations require the storage of the data, if we need this data to defend against claims or to enforce our claims, if we need this data to demonstrate compliance with legal requirements, or if this data is necessary for handling data protection inquiries.

Your Rights as a Data Subject

Right to Object

If we process your personal data based on Art. 6 para. 1 lit. e or f of the GDPR, you have the right to object to the processing of your personal data for reasons arising from your particular situation.

If we process your personal data for direct marketing purposes, you can object to the processing of your personal data for direct advertising purposes at any time.

In this context, this right also applies to the processing of your personal data in the context of profiling.

Please send an email to privacy@reboots.de.

Right to Withdraw Consent

You have the right to revoke your given consents at any time. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal. Please send an email for revocation to privacy@reboots.de.

Right of Access

You have the right to request confirmation as to whether personal data concerning you is being processed. You have the right to access this data as well as further information and copies of the data in accordance with legal requirements. Please send an email to privacy@reboots.de.

Right to Rectification

You have the right to have incorrect or incomplete personal data concerning you corrected immediately. Please send an email to privacy@reboots.de.

Right to Deletion and Restriction of Processing

You have the right to have personal data concerning you deleted immediately or alternatively to have the processing of this data restricted. Please send an email to privacy@reboots.de.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or you can request the transfer of this data to another controller. Please send an email to privacy@reboots.de.

Right to Complain

If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, such as "Der Hessische Beauftragte für Datenschutz und Informationsfreiheit," without prejudice to other legal remedies. Email: poststelle@datenschutz.hessen.de.