Privacy Policy
Effective Date: [PUBLICATION DATE]
Last Updated: June 19, 2026
1. Who We Are
Donum AI is operated by [FULL LEGAL NAME OR REGISTERED BUSINESS NAME], located at [FULL POSTAL ADDRESS, GERMANY] (“Donum,” “we,” “our,” or “us”).
For the purposes of applicable data protection law, we are the controller of the personal data described in this Privacy Policy.
Privacy contact:
[REAL PRIVACY EMAIL — REPLACE BEFORE LAUNCH]
This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you access our website, create an account, use the Donum AI fitness platform, or communicate with us (collectively, the “Service”).
2. Information We Collect
2.1 Account and Authentication Information
We may process:
Your email address
Your name, if provided
Your FrameAuth user identifier
Account status and onboarding status
Authentication and session information
Authentication credentials are processed by FrameAuth. Donum does not directly receive or store your account password.
2.2 Fitness and Training Information
We may process information that you submit while using the Service, including:
Workout dates and session names
Exercises
Sets and repetitions
Weight and preferred weight unit
Workout and exercise notes
Fitness goals
Experience level
Available equipment
Preferred weight increments
Weekly training targets
Training consistency and progress information
Messages submitted through the AI chat
The Service is intended for general fitness and training information. It is not designed to collect medical records, diagnoses, prescription information, or other detailed medical information. Please do not submit medical records or highly sensitive health information through the Service.
If you voluntarily include health-related information in a free-text message, it may be processed as part of that message in order to respond to your request.
2.3 Technical, Security, and Usage Information
When you access the Service, we and our service providers may automatically process:
IP address
Browser and device information
Operating system
Date and time of requests
Pages and API endpoints accessed
Request status and response time
Security and error logs
Request identifiers
Authentication and technical cookies
General usage information
We use this information to operate, secure, debug, and improve the reliability of the Service.
2.4 Support and Account Deletion Information
If you contact us or request account deletion, we may process:
Your name and email address
Your FrameAuth user identifier
Your communications with us
The date and status of your request
The number of deleted workout and session records
Administrative notes required to complete the request
3. How We Collect Information
We collect information:
Directly from you when you register, complete onboarding, log workouts, use AI chat, update Settings, or contact us
Automatically when you access the Service
From authentication and infrastructure providers that help operate the Service
4. How We Use Your Information
We process personal information for the following purposes:
Providing the Service
We use account, preference, workout, and chat information to:
Create and maintain your Donum profile
Save and display workout history
Generate fitness summaries and progress analytics
Calculate Donum Momentum
Display exercise progress and personal records
Allow you to edit or delete workouts
Personalize AI fitness responses
Where applicable, this processing is necessary to perform our contract with you or to take steps requested by you before entering into a contract.
Security and Reliability
We process technical and usage information to:
Authenticate users
Prevent fraud, misuse, and unauthorized access
Apply rate limits
Investigate errors
Monitor system reliability
Protect the Service and its users
Where applicable, this processing is based on our legitimate interests in operating a secure and reliable service.
Service Improvement
We may use limited usage and performance information to understand how the Service functions and improve its design and reliability.
Where this processing relies on optional cookies or similar technologies, we will request consent where required.
Legal Compliance
We may process and retain information where necessary to:
Comply with legal obligations
Respond to lawful requests
Establish, exercise, or defend legal claims
Enforce our Terms of Service
5. AI Processing
Donum uses automated systems to generate fitness-related summaries, insights, and responses.
Workout information and messages may be transmitted to Voiceflow and OpenAI in order to generate a response.
AI-generated output may be incomplete, inaccurate, or unsuitable for your individual circumstances. Donum does not provide medical diagnosis, medical treatment, rehabilitation plans, or emergency services.
Donum does not use solely automated processing to make decisions that produce legal or similarly significant effects concerning users.
6. Service Providers and Data Sharing
We may disclose personal information to service providers that process information on our behalf and help us operate the Service.
Current providers may include:
FrameAuth — user authentication and account management
Airtable — storage of Donum profiles, preferences, workout sessions, and account-deletion requests
Cloudflare — API infrastructure, security, rate limiting, and technical logging
Framer — website hosting and frontend delivery
Voiceflow — AI conversation management and workflow orchestration
OpenAI — generation of AI-assisted responses and analysis
We may also disclose information:
Where required by law or a valid legal request
To protect the security, rights, or property of Donum or other users
In connection with a merger, acquisition, financing, or sale of assets, subject to applicable law
We do not sell personal information.
We do not use personal information for third-party targeted advertising.
We do not disclose personal information to advertisers.
Payment providers such as Stripe must be added to this section only when paid subscriptions are actually enabled.
7. Cookies and Similar Technologies
We may use strictly necessary cookies or similar technologies to:
Keep users signed in
Maintain secure sessions
Protect the Service
Remember essential settings
Strictly necessary cookies cannot be disabled without affecting core Service functionality.
If we introduce non-essential analytics, advertising, or tracking technologies, we will provide appropriate notice and request consent where required before activating them.
You may also control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.
8. Data Retention
We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy.
In general:
Donum profile and workout information is retained while your Donum account remains active
Workout information remains available until you delete an individual workout or request account deletion
Technical and security logs are retained for [INSERT ACTUAL LOG RETENTION PERIOD]
Support communications are retained for [INSERT SUPPORT RETENTION PERIOD]
Minimal account-deletion request records are retained for [INSERT DELETION REQUEST RETENTION PERIOD] after completion
Information may be retained longer where required by law or necessary to establish, exercise, or defend legal claims
Account Deletion
You may request deletion through:
Settings → Delete account
After confirmation:
Your Donum profile and workout history are deleted from the active Donum database
A minimal administrative deletion request is retained
Your FrameAuth sign-in identity is queued for permanent deletion
FrameAuth account deletion is normally completed within 48 hours
You cannot create a new Donum profile while account deletion is pending
You may also contact:
[REAL PRIVACY EMAIL — REPLACE BEFORE LAUNCH]
Some information may be retained where required by law or where necessary for legal claims, fraud prevention, or security investigations.
9. International Data Transfers
Donum is operated from Germany. Some service providers may process information outside Germany or outside the European Economic Area.
Where required, we use legally recognized safeguards for international transfers, which may include:
Adequacy decisions
Standard Contractual Clauses approved by the European Commission
Additional contractual, technical, or organizational safeguards
You may contact us for additional information about the safeguards applicable to your personal information.
10. Your Data Protection Rights
Depending on your location and applicable law, you may have the right to:
Request access to personal information
Request correction of inaccurate or incomplete information
Request deletion of personal information
Request restriction of processing
Receive certain information in a portable, machine-readable format
Object to processing based on legitimate interests
Withdraw consent at any time where processing is based on consent
Object to direct marketing
Receive information about automated processing
Lodge a complaint with a competent data protection authority
Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
We may need to verify your identity before completing a request.
To exercise your rights, contact:
[REAL PRIVACY EMAIL — REPLACE BEFORE LAUNCH]
We will respond within the period required by applicable law.
European Union and European Economic Area
Users in the European Union or European Economic Area may lodge a complaint with their local supervisory authority.
Our competent supervisory authority is:
[INSERT THE DATA PROTECTION AUTHORITY FOR THE GERMAN FEDERAL STATE IN WHICH THE OPERATOR IS ESTABLISHED]
California Residents
Where the California Consumer Privacy Act, as amended, applies to Donum, California residents may have rights to:
Know what personal information is collected and how it is used
Request access to personal information
Request deletion
Request correction of inaccurate information
Opt out of the sale or qualifying sharing of personal information
Limit certain uses of sensitive personal information
Exercise their rights without discrimination
Donum does not sell personal information.
11. Children's Privacy
The Service is not intended for anyone under the age of 16.
By creating an account, you confirm that you are at least 16 years old.
We do not knowingly collect personal information from children under 16. If you believe that a child has provided personal information to Donum, contact us at:
[REAL PRIVACY EMAIL — REPLACE BEFORE LAUNCH]
We will investigate and take appropriate action.
12. Data Security
We use technical and organizational measures intended to protect personal information, including:
Encrypted transmission using HTTPS/TLS
Authentication and access controls
Rate limiting
Restricted access to production systems
Signed and expiring authorization tokens for sensitive workout actions
Logging and monitoring of errors and suspicious requests
Separation of public frontend access from internal service credentials
No system is completely secure. We cannot guarantee that unauthorized access, loss, or misuse will never occur.
13. Changes to This Privacy Policy
We may update this Privacy Policy when the Service, our providers, or applicable legal requirements change.
When we make material changes, we may notify users through the Service, by email, or by another appropriate method.
The updated policy will display a revised “Last Updated” date.
Where a change requires consent, we will request that consent before applying the relevant processing.
14. Contact Us
For privacy questions, requests, or complaints, contact:
[FULL LEGAL NAME OR REGISTERED BUSINESS NAME]
[POSTAL ADDRESS]
Germany
Email:
[REAL PRIVACY EMAIL — REPLACE BEFORE LAUNCH]