Your data is yours. I take that seriously.
This policy explains what data Mylo collects, why it’s collected, and what control you have over it — in plain language.
I do not sell your data. I never have, and I never will.
Privacy policy
Who’s Responsible for Your Data
I operate Mylo and am the data controller for any personal data processed through the service.
If you have questions about privacy or your data, you can contact me at max@mylo.fit
What I Collect
Account Information
If you create a Mylo account, I collect:
- Your email address
I don’t ask for your name.
Your email is used only to:
- Create and secure your account
- Contact you about important account or service-related matters
Legal basis: processing is necessary to provide the service you request (performance of a contract).
Product Data
If you have an account, I store the data you intentionally enter into Mylo — for example, workouts and training sessions.
This data exists only so the product works.
If you don’t create an account:
- No product data is stored on my servers
Legal basis: processing is necessary to provide the service.
If you delete your account, your data is deleted within 60 days.
Website Usage
I don’t track website visitors.
That means:
- No analytics
- No A/B testing
- No advertising
- No tracking of pages visited, session duration, browser type, or referrers
Cookies
Mylo does not use cookies for analytics or advertising.
The only cookies used are required for authentication and are provided by Firebase Authentication. These are used to keep you signed in securely.
Legal basis: legitimate interest in securing accounts and preventing abuse.
Emails You Send Me
If you email me for support or with a question, I’ll keep that correspondence so I can reply and have context if you reach out again later.
Legal basis: legitimate interest in providing support.
Third-Party Services
Mylo uses a small number of third-party services to function:
- Firebase Authentication — account login and security
- Netlify — hosting and server infrastructure
These services process personal data only as needed to operate Mylo and are bound by data processing agreements.
When I Access or Share Data
I don’t look at your data unless it’s necessary.
This may happen:
- To keep the service running
- To fix a technical issue (with your permission)
- To investigate abuse or misuse (as a last resort)
- If I’m legally required to do so
If legally permitted, I’ll notify you before sharing your data in response to a legal request.
Your Rights
You have the right to:
- Access your data
- Correct or delete your data
- Export your data
- Object to or restrict processing
If you’re in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.
To exercise your rights, email max@mylo.fit
Automated Decision-Making
Mylo does not use automated decision-making or profiling that produces legal or similarly significant effects.
Data Security
I take reasonable technical and organizational steps to protect your data.
Some data is stored unencrypted at rest because it needs to be available for the app to function. Access is limited and controlled.
Where Data Is Stored
Mylo is operated from Europe.
Data may be processed or stored in the EU or the United States, depending on the infrastructure provider (for example, Firebase or Netlify).
Where required, international data transfers are protected using appropriate safeguards such as Standard Contractual Clauses or equivalent protections.
Changes
If this policy changes, I’ll update it here.
I also keep a public, versioned copy of this policy so you can see what’s changed over time: https://github.com/MaxMonteil/mylo-privacy-policy.
Contact
Questions, concerns, or data requests?
Email me at max@mylo.fit
I used AI to help make this a privacy policy someone could actually read.
Before that it also wasn't written by me but modified from a template before the AI times. I'm not a lawyer and I can't afford one...