Workoutmanager Plus respects your privacy. This privacy statement explains which personal data we process, for what purposes, and how we protect it.
1. Who we are
Workoutmanager Plus is a web-based platform for storing, viewing, and analysing workout data.
Organisation: Workoutmanager Plus
Country: The Netherlands
Contact: privacy@workoutmanagerplus.com
Workoutmanager Plus acts as the data controller for all personal data processed through this platform.
2. Intended audience
Workoutmanager Plus is intended for individual consumers who want to manage and analyse their own workout data.
The platform is available worldwide. Privacy protection under the General Data Protection Regulation (GDPR) is applied as the baseline standard.
3. Personal data we process
We only process personal data that is necessary for the platform to function.
3.1 Account data (mandatory)
- Email address
- Password (stored as a secure hash, never in plain text)
No additional profile data is currently collected.
3.2 Workout data
Workout data may include:
- Workouts and exercises
- Sets, repetitions, and related training metrics
Workout data is provided by the user:
- Via manual input
- Via direct API connections
- Via file uploads
We do not collect medical data, injury data, or other health-related information.
3.3 Technical data
- No IP addresses are stored.
- No device or browser identifiers are stored.
- Limited application logs are kept for technical and security purposes.
For authentication and security purposes, temporary data may be processed during login sessions, such as verification timestamps and one-time authentication codes.
These data are used solely to secure access to the platform, are not reused for any other purpose, and are retained only for the minimum time required.
4. External platforms
Users may connect external fitness platforms, such as:
- Speediance
- Garmin (planned)
Connections to external platforms are explicitly configured and authorised by the user.
- Data is imported only on user action
- No automatic or continuous synchronisation is performed
External platforms remain responsible for their own data processing practices.
5. Purpose and legal basis
Personal data is processed exclusively for the following purposes:
- Creating and managing user accounts
- Storing and displaying workout data
- Importing workout data at the user’s request
- Ensuring technical operation and security
The primary legal basis for processing is the performance of a contract (providing the service requested by the user).
6. Data storage and retention
- Data is hosted in the Netherlands.
- All data is stored within the European Union.
- No personal data is transferred outside the EU.
Personal data is retained for as long as the user account exists.
Upon account termination, users may request:
- Pseudonymisation of their data
- Full deletion of their data
7. Data sharing
- No personal data is sold.
- No personal data is shared with third parties.
- No advertising or profiling takes place.
8. Cookies and Device Recognition
Workoutmanager Plus does not use tracking or marketing cookies.
The platform uses strictly necessary first-party cookies for authentication and security purposes.
- Session cookies are used to maintain an active login session and expire when the browser session ends.
- If a user selects “Trust this device for 24 hours”, an additional security cookie is stored.
- This security cookie is used solely for authentication purposes and allows temporary skipping of email-based two-factor authentication.
- The cookie expires automatically after 24 hours.
- The cookie contains no personal information and cannot be accessed via client-side scripts (HttpOnly).
- The cookie is transmitted securely (Secure flag).
- Limited device-related metadata may be stored server-side, including user identifier, expiration timestamp, browser user-agent string, and IP address for security monitoring purposes.
- This information is used exclusively for account security and fraud prevention and is not used for tracking, profiling, or marketing.
- Because these cookies are strictly necessary for secure authentication, no cookie consent banner is required under applicable EU legislation.
This may change if platform functionality changes in the future.
9. Your rights
You have the right to:
- Access your personal data
- Request deletion of your account and associated data
Requests can be submitted via: privacy@workoutmanagerplus.com
10. Security measures
- Encrypted connections (HTTPS)
- Secure password hashing
- Authentication and access controls
- Multi-factor authentication using a one-time passcode
Multi-factor authentication is implemented by sending a one-time passcode to the email address associated with the user account after successful login with email and password.
This code must be verified within five minutes. Only after successful verification is access to Workoutmanager Plus granted.
11. Changes to this statement
This privacy statement may be updated as the platform evolves. The latest version will always be available on this website.
12. Last updated
This privacy statement was last updated on 22 February 2026 to reflect changes in platform security, including the implementation of multi-factor authentication and optional trusted-device recognition for enhanced account security.