Privacy Policy

1. Data Controller

The Musku app is operated by:

• Julien Legrand, sole proprietor based in Lille (France)
• Email: email@musku.app

For any question regarding this policy or your personal data, please contact us at the email above.

2. Data we collect

2.1 Data you provide directly

• Account: email, password (hashed)
• Profile: first name, last name, gender, date of birth, height, weight, experience level, goal, target training frequency
• Self-declared health: pain zones (shoulder, knee, etc.) with intensity level — used only to adapt recommendations
• Workout data: sessions, sets, reps, loads, durations, notes
• Custom exercises: created in your account

2.2 Automatically generated data

• Activity data: last activity date (last_active_at)
• Technical data: app version, device type (iOS)

2.3 Data via third-party services

• Sign in with Apple: anonymous Apple identifier, first name and (relayed) email — only if you use this sign-in method
• RevenueCat: RevenueCat user ID, subscription status (Premium or not)
• Brevo: email, first name, language, profile attributes — for transactional communication and newsletter
• PostHog (EU): anonymized events (screens viewed, actions performed) and a random device identifier — only if you accept on first launch (revocable anytime in Settings → Anonymous statistics). No health data is shared.

2 bis. Apple Health (HealthKit)

If you enable Apple Health sync in the app's settings, Musku writes your completed strength training workouts (workout type, date, and duration) to Apple's Health app, where they are stored locally on your device.

Musku does not read any data from Apple Health. No data from HealthKit is transmitted to our servers, shared with third parties, used for advertising, or sold.

You can disable this sync at any time in the app's settings or in Settings → Health → Data Access & Devices → Musku.

3. Purposes

Your data is used to:

• Provide the workout-tracking service (sessions, progress statistics)
• Personalize recommendations (programs adapted to your level and goal)
• Manage your Premium subscription and payments (via Apple In-App Purchases and RevenueCat)
• Contact you for transactional information or, with your consent, for the newsletter
• Improve the service (anonymized error and performance analysis)

4. Legal basis (GDPR)

• Contract performance: providing the service you chose to use
• Consent: newsletter, push notifications (revocable at any time in settings)
• Legitimate interest: service security, fraud prevention

5. Retention

• As long as your account is active
• On account deletion: your personal data (profile, pain zones) is deleted immediately. Your email is anonymized. Your workout data may be retained anonymized for aggregate statistics.

6. Your rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Access: get a copy of your data
• Rectification: correct inaccurate data (directly in the app or via email)
• Erasure: delete your account (Settings → Delete account) or write to email@musku.app
• Portability: receive your data in a readable format
• Objection: to processing based on legitimate interest
• Restriction: temporarily restrict processing

You may also file a complaint with the French CNIL if you believe your rights are not being respected.

7. Subprocessors and third-party services

We use the following services to operate Musku:

• OVH (France): API and database hosting
• Apple (Ireland/USA): Sign In with Apple authentication, In-App Purchases, push notifications
• RevenueCat (USA): subscription management
• Brevo (France): transactional emails and newsletter
• PostHog (EU): anonymized usage statistics (only with your consent)

Transfers outside the EU are governed by EU Standard Contractual Clauses or the Data Privacy Framework.

8. Security

• HTTPS encryption on all communications
• Passwords stored hashed (bcrypt)
• Secure, revocable API authentication tokens
• Rate limiting on authentication attempts

9. Cookies

The mobile app does not use cookies. The associated website may use strictly necessary cookies (session, authentication); we do not use any third-party advertising or analytics cookies.

10. Changes

We may update this policy. Any substantial change will be notified to you in the app. The last update date is shown at the top of this page.

11. Contact

For any question: email@musku.app