Privacy Policy of Ludus Magnus

Privacy Policy – Ludus Magnus

Latest update: January 2025

Owner and Data Controller

CWTI Ltd
24 Tax Suite 137b Westlink House 981 Great West Road
Brentford, TW8 9DN
UK
UTR 7166128503

Official app name: Ludus Magnus

Overview

  • Ludus Magnus is a mobile companion app for athletes that connects to the Ludus Magnus web platform.
  • User accounts and personal data are stored on our backend servers at ludusmagnus.fit, not locally on your device.
  • The app uses secure authentication (email/password and Google Sign-In) to access your account data.
  • We use third-party SDKs solely for basic analytics (e.g., app starts, sessions) and crash diagnostics.
  • Third-party services we integrate may process device identifiers and usage data. See “Third‑party services we use.”

Types of Data collected

Data stored on our servers

When you use Ludus Magnus, the following data is stored on our backend servers:

  • Account information (email address, name, profile picture)
  • Training data (training plans, sessions, weight measurements, statistics)
  • Gym membership information
  • Authentication tokens (stored securely)

This data is managed through your account on ludusmagnus.fit and is not stored locally in the mobile app.

Data collected automatically by third-party SDKs

Personal Data may be collected automatically by third-party SDKs integrated in the app. These may include:

  • Device information (e.g., device model, OS version, app version)
  • Usage Data (e.g., app opens, session duration, approximate location inferred from IP)
  • Crash data and diagnostics
  • Trackers and similar technologies used by third-party services

We do not directly collect names, email addresses, or other contact details through third-party SDKs—this data is only collected when you create an account and is stored on our servers.

Mode and place of processing

Methods of processing

Data processing is carried out using IT-enabled tools and organizational procedures strictly related to the purposes indicated below. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge (administration, legal, system administration) or external parties (e.g., third‑party technical service providers, hosting providers, analytics providers) appointed, if necessary, as Processors by the Owner.

Place

Processing occurs at the Owner’s operating offices and in any other places where the parties involved in the processing are located. Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. For details, see the privacy policies of the third‑party services referenced below.

Retention time

  • Account and training data stored on our servers is retained according to our data retention policy. You may request deletion of your account and associated data at any time.
  • Third‑party services retain Data according to their own retention policies. See their respective privacy policies.

The purposes of processing

  • Provide the Ludus Magnus service and sync your training data across devices
  • Monitor basic app usage for aggregate analytics
  • Improve stability and investigate crashes

Third‑party services we use

Analytics — Google Analytics for Firebase (Google)

Firebase Analytics provides aggregated app measurement (e.g., app opens, sessions). We do not configure custom event tracking for individual user interactions beyond basic app usage.

Personal Data processed: Trackers; usage data; device information; advertising identifiers (where available).

How Google uses data from partners

Crash reporting — Firebase Crashlytics (Google)

Crashlytics helps us understand crashes and stability issues.

Personal Data processed: crash data; diagnostics; device information; an app instance identifier.

How Google uses data from partners

Information on opting out

  • You can opt out of Firebase Analytics data collection by disabling analytics in your device settings or by contacting us.
  • Use device settings to limit or reset advertising identifiers and opt out of ads personalization. See: Google support
  • Where available, use a user‑enabled global privacy control (GPC). We will honor such requests in a frictionless manner where applicable.

Legal bases for processing (EEA/UK/CH)

Where required, we rely on consent for the use of analytics identifiers and cookies/Trackers for analytics. In limited cases, we may rely on legitimate interests (e.g., ensuring app stability via Crashlytics), provided such interests are not overridden by Users’ rights and interests.

For account and training data stored on our servers, processing is necessary for the performance of the contract (providing the Ludus Magnus service).

Children’s privacy

Ludus Magnus is intended for athletes and fitness enthusiasts. Users must be at least 13 years old to use the service. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with Personal Data, please contact us so we can take appropriate action.

“Do Not Sell or Share” and US state privacy disclosures

  • We do not sell Personal Information for money. We do not maintain a data marketplace or exchange your Personal Information for consideration beyond using standard third‑party services to operate the app.
  • However, under some US state privacy laws (e.g., California), certain disclosures of identifiers to analytics partners may be deemed a “sale” or “sharing.” Our use of Firebase Analytics could fall within these definitions.
  • Users can opt out of analytics data collection through the methods described above, and we honor user‑enabled Global Privacy Control signals where applicable.
  • We do not process Sensitive Personal Information for the purpose of inferring characteristics.

California (CCPA/CPRA) rights (and similar US state rights)

  • Know, access, and obtain a portable copy of specific pieces of Personal Information
  • Correct inaccurate Personal Information
  • Request deletion of Personal Information
  • Opt out of the sale or sharing of Personal Information and of targeted advertising
  • Limit use and disclosure of Sensitive Personal Information (where applicable)
  • Be free from discrimination for exercising your rights

To exercise your rights, contact us at [email protected]. We will verify your request and respond within the timeframes required by applicable law.

EEA/UK/Switzerland — your rights

Subject to conditions and exceptions, you have the rights to access, rectify, erase, restrict or object to processing, and data portability. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local supervisory authority.

Brazil (LGPD) — your rights

Brazilian Users may have rights including confirmation of processing, access, correction, anonymization, blocking, deletion, data portability, information about sharing, and revocation of consent, among others, as provided by law.

International transfers

Third‑party service providers may process data in multiple countries. Where required, such transfers occur subject to appropriate safeguards (e.g., Standard Contractual Clauses) as described in those providers’ policies.

Security

We take appropriate technical and organizational measures to prevent unauthorized access, disclosure, modification, or destruction of Data. Authentication tokens are stored securely on your device using secure storage mechanisms. No method of transmission or storage is 100% secure; we strive to protect your information but cannot guarantee absolute security.

Additional information about Data collection and processing

We may provide Users with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

Changes to this policy

We may update this policy to reflect operational or legal changes. We will post the updated policy within the app and/or on our website. Please check this page periodically and note the latest update date above.

Contact us

Owner and Data Controller: CWTI Ltd
Address: 24 Tax Suite 137b Westlink House 981 Great West Road, Brentford, TW8 9DN, UK
UTR: 7166128503

Notes:
– User accounts and training data are stored on our backend servers at ludusmagnus.fit, not locally in the app.
– The mobile app acts as a client that securely connects to your account on the web platform.
– Third‑party SDKs (Firebase Analytics, Crashlytics) may process certain identifiers and usage data to provide basic analytics and crash diagnostics.