Legal
Privacy Policy
Last updated: 3 June 2026
This Privacy Policy explains how Wamao OÜ, trading as FVRM ("FVRM", "we", "us" or "our") collects, uses and protects your personal data when you use the FVRM mobile app, the FVRM coach web app, and our websites (together, the "Service"). FVRM is the data controller.
We take privacy seriously, especially because FVRM handles video recordings of people training, which can be sensitive. Please also read our Terms of Service and Cookie Policy.
1. Who we are (controller)
Wamao OÜ, trading as FVRM
Sepapaja 6, Tallinn, 15551, Estonia
Registry code 14379428 · VAT EE102028964
Contact for any privacy question or request: support@fvrm.app
2. Scope
This policy covers the Student mobile app, the Coach web app, and our marketing website. Where a Coach uses FVRM to coach a Student, the Student's recordings and data are handled as described here; the Coach is responsible for their own use of any data they receive.
3. The data we collect
You give us
- Account & profile: name, email address, and optional profile details such as timezone, gender, date of birth and phone number.
- Recordings: videos and images you capture or upload of your training, and the feedback, annotations and analysis Coaches create about them. These show identifiable people and may constitute biometric and health-related data.
- Training & health data: workouts, movements, metrics, notes, and (on iOS, if you allow it) workout records read from or written to Apple Health.
- Messages: chat between a Student and their Coach.
- Payment details: for Coaches, billing information processed by our payment provider (we do not store full card numbers).
We collect automatically
- Usage & analytics: actions and events in the app (e.g. screens viewed, features used) used to understand and improve the Service.
- Diagnostics: crash reports, error logs and performance data so we can fix problems.
- Device & technical data: device type, operating system, app version, IP address and similar identifiers.
- Push tokens: to send notifications, if you enable them.
4. How and why we use your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and run your account; deliver coaching, recordings and messaging | Performance of a contract (Art. 6(1)(b)) |
| Process and share your training Recordings (biometric/health data) with your Coach | Your explicit consent (Art. 9(2)(a)) |
| Read/write workouts to Apple Health (iOS) | Your explicit consent (device permission) |
| Take payment for Coach subscriptions | Contract; legal obligation for tax/accounting (Art. 6(1)(b), (c)) |
| Keep the Service secure, prevent abuse, and fix bugs (diagnostics) | Our legitimate interests (Art. 6(1)(f)) |
| Understand and improve the Service (product analytics) | Our legitimate interests (Art. 6(1)(f)) |
| Send push notifications and any marketing | Your consent (Art. 6(1)(a)) |
| Comply with the law and respond to lawful requests | Legal obligation (Art. 6(1)(c)) |
5. Special-category data (biometric & health)
Training Recordings can identify a person and reveal health information, so we treat them as special-category data. We process them only to provide the Service to you, on the basis of your explicit consent. This means storing your Recordings, optimising them for playback, automatically analysing your own Recordings to give you features such as form analysis and measurements, and sharing them with the Coach you connect with. We do not use your Recordings to train artificial-intelligence models or for any unrelated purpose without your separate consent. You can withdraw consent at any time by deleting the relevant content, disconnecting from a Coach, or closing your account; this does not affect processing already carried out.
6. Who we share data with (sub-processors)
We do not sell your personal data. We share it only with service providers ("sub-processors") who process it on our behalf to run the Service, and with your connected Coach (for Recordings and messages). These providers fall into the following categories:
| Category | Purpose | Data | Region |
|---|---|---|---|
| Cloud hosting, database & authentication | Run the Service, store your account and messages | Account, profile, messages, request logs | EU / global |
| Media storage | Store your recordings and images | Recordings, images | EU / global |
| Payments & in-app purchases | Take Coach payments and manage subscriptions | Billing and subscription details | US |
| Email & push notifications | Send sign-in links and notifications | Email address, device push token | US |
| Product analytics & diagnostics | Understand usage and fix problems | Usage events, diagnostics, device info, IP | EU / US |
| Fonts & icons on our websites | Display our websites | IP, browser info | Global |
We may also disclose data if required by law, to protect our rights or safety, or as part of a business transfer (e.g. a merger or acquisition).
7. International transfers
Some sub-processors are located outside the European Economic Area (for example in the United States). Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (or an adequacy decision where one applies) to protect your data.
8. How long we keep it
We keep your personal data for as long as your account is active and as needed to provide the Service. When you delete your account, we delete your data as described below; some records may be kept for a limited period in backups, or longer where the law requires (for example, tax and accounting records).
Student deletion. Deleting a Student account erases that Student's Recordings, training history, messages, and the Coach feedback and annotations made about them, and removes the associated media from our storage. Coach deletion. Closing a Coach account removes the Coach's feedback content and ends their coaching relationships; Students keep the Recordings they created.
9. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased ("right to be forgotten");
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent at any time, where processing is based on consent.
To exercise any of these, contact support@fvrm.app. You also have the right to complain to a data protection authority. In Estonia that is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee), or you can contact the authority in your country of residence.
10. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and isolating each user's media in storage. No system is completely secure, but we work to protect your data and to respond promptly to any incident.
11. Children
The Service is for people aged 16 and over. Users aged 16–17 must have a parent or guardian's consent. We do not knowingly collect data from children under 16; if you believe a child has provided us data, contact support@fvrm.app and we will delete it.
12. Analytics and diagnostics
Product analytics run in our Coach web app and mobile app to help us understand how features are used; they are not used on our public marketing pages. Crash, error and bug reporting tools collect diagnostic information, which may include device details, IP address, and screenshots of an issue you report. In-app purchases are managed through our purchases provider using an anonymous identifier tied to your app-store account, not your FVRM account. You can limit some collection through your device and app-store privacy settings.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version here and update the "Last updated" date; for significant changes we will provide additional notice where required.
14. Contact
Wamao OÜ, trading as FVRM
Sepapaja 6, Tallinn, 15551, Estonia
support@fvrm.app