Ist Gain wirklich kostenlos zum Starten?

Ja! Du kannst bis zu 3 Athleten komplett kostenlos coachen, ohne Zeitlimit oder Funktionseinschränkungen. Keine Kreditkarte oder Zahlungsdaten nötig — einfach registrieren und loslegen. Alle Funktionen sind in jedem Plan verfügbar.

Welche Plattformen unterstützt Gain?

Die Coach Web-App funktioniert auf jedem modernen Browser (Chrome, Safari, Firefox, Edge). Die Athleten-App ist für iOS und Android verfügbar.

Wie funktioniert die Abrechnung?

Du wirst monatlich basierend auf der Anzahl aktiver Athleten abgerechnet. Die ersten 3 Athleten sind immer kostenlos — keine Zahlungsdaten nötig, bis du einen 4. Athleten hinzufügst. Die Preisgestaltung ist gestaffelt — jede Stufe gilt nur für Athleten in diesem Bereich. Zum Beispiel zahlst du bei 25 Athleten nichts für die ersten 3, 7 EUR pro Athlet für Athlet 4–20 und 5 EUR pro Athlet für Athlet 21–25.

Kann ich jederzeit kündigen?

Absolut. Es gibt keine Verträge oder Verpflichtungen. Du kannst jederzeit kündigen, und deine Athleten haben bis zum Ende des Abrechnungszeitraums weiterhin Zugang.

Wie bekommen meine Athleten die App?

Du sendest ihnen einen Einladungslink von deinem Dashboard aus. Sie laden die Gain-App aus dem App Store oder Google Play herunter, geben den Code ein und sind sofort mit dir verbunden.

Sind meine Daten sicher?

Ja. Wir verwenden branchenübliche Verschlüsselung und sichere Authentifizierung. Wir sind vollständig DSGVO-konform.

Privacy Policy — Coach Web Application

Name: Gain
Author: Gain

Effective Date: May 3, 2026
Data Controller: Gain. Fitness GmbH, Kelchweg 3, 8048 Zurich, Switzerland
Contact: privacy@gain-app.com

1. Introduction

Gain. Fitness GmbH ("we," "us," or "our") operates the Gain coach web application ("the Platform").

This Privacy Policy explains how we collect, use, store, protect, and transfer personal data when you use the Platform as a coach.

We comply with:

The EU General Data Protection Regulation (GDPR)
The Swiss Federal Act on Data Protection (FADP)
The California Consumer Privacy Act (CCPA/CPRA)

2. Role and Data Protection Responsibilities

Gain. Fitness GmbH acts as the data controller for all personal data processed within the Platform, including client data accessed by coaches.

Coaches are authorized users of the Platform and may access client data solely for the purpose of delivering coaching services within the scope of the Platform functionality.

Coaches are contractually obligated to:

Access client data only for legitimate coaching purposes
Maintain strict confidentiality
Comply with applicable data protection laws
Not process client data outside the Platform unless independently authorized

Coaches do not acquire independent ownership of client data through use of the Platform.

3. Categories of Data We Collect

3.1 Coach Account Data

When you create a coach account via our authentication provider (Auth0), we collect:

Name
Email address
Profile picture
Unique user identifier (Auth0 ID)

3.2 Client Data Accessed by Coaches

As a coach, you access and manage client data to deliver coaching services. This includes:

Body weight measurements
Nutrition tracking data (protein, carbohydrates, fat, fiber)
Step counts
Sleep data
Training logs (exercises, weight, repetitions, RIR)
Form check photos and videos
Check-in data and coach feedback
Diet phase data
Nutrition targets
Rate of weight change
Coach notes
Custom tracking fields
Mesocycle and planning data

This data may qualify as health data under Art. 9 GDPR.

3.3 Technical & Diagnostic Data

We collect limited technical data via Sentry:

Exception class names
Stack traces
Performance traces
Allowlisted breadcrumb messages
Browser type and version
Operating system version
Anonymous user identifier (Auth0 ID)

No name, email, or IP address is stored in logs. (For the IP address processed during the conversion event transmission to Meta, see §3.4.)

Crash logs are retained for a maximum of 90 days unless required for security investigations.

Access to client data may be logged for security and compliance purposes.

3.4 Conversion Measurement Data

When you complete coach registration, we may transmit a one-time conversion event (a Lead event via the Meta Conversions API) to Meta Platforms, Inc. ("Meta") to measure the effectiveness of our advertising campaigns.

The event is only transmitted when attribution data is available. Specifically, at least one of the following must be present:

The Meta Pixel cookie _fbp set by Meta's fbevents.js script in your browser (only set after you have accepted analytics/measurement cookies via the cookie banner), or
The Meta Pixel cookie _fbc set by fbevents.js, or
A metaFbclid entry in your sessionStorage containing the Meta click identifier captured from a fbclid URL parameter when you opened the application (see §10.1)

If none of these signals are available — for example, you declined the cookie banner and did not arrive via a Meta ad click — no conversion event is transmitted.

When the event is transmitted, the following data is shared with Meta:

A SHA-256 hash of your email address (the raw email never leaves our servers)
Your IP address (observed by our server, not stored on our side beyond the request)
Browser user agent
The page URL where registration completed
A randomly generated event ID (used solely to deduplicate against any browser-side Pixel event)
The Meta browser identifier (_fbp) and/or click identifier (_fbc), where available

This data is used solely to attribute your registration to the corresponding advertising campaign and to measure conversion rates. It is not used for personalized advertising, profiling, retargeting, or automated decision-making.

Meta acts as an independent controller for the data it receives and processes it under its own Data Policy and Business Tools Terms.

We rely on legitimate interest (Art. 6(1)(f) GDPR) for this measurement, supported by a documented Legitimate Interest Assessment. The notice on the registration screen informs you of this transfer at the moment it occurs. You have the right to object to this processing at any time on grounds relating to your particular situation (Art. 21 GDPR) by contacting privacy@gain-app.com; see §9.

4. Legal Bases for Processing (GDPR)

Legal Basis	Data	Purpose
Art. 6(1)(b) – Contract	Coach account data	Provide access to the Platform
Art. 6(1)(b) – Contract	Client data	Provide coaching functionality within the Platform
Art. 6(1)(f) – Legitimate Interest	Technical data	Ensure platform stability, security, and fraud prevention
Art. 9(2)(a) – Explicit Consent	Client health data	Processing of special category data within the coaching service
Art. 6(1)(f) – Legitimate Interest	Conversion measurement data (see §3.4)	Measuring the effectiveness of our advertising campaigns (see §3.4 for detail and Art. 21 right to object)

You may withdraw consent where consent is the legal basis. Withdrawal does not affect processing prior to withdrawal.

5. How We Use Data

We use personal data to:

Provide and maintain the coaching platform
Enable client management and coaching workflows
Authenticate users
Maintain system security
Diagnose and fix technical issues
Protect against unauthorized access

We do not:

Sell personal data
Use personal data for personalized advertising, ad targeting, or retargeting
Engage in profiling
Conduct automated decision-making with legal or similarly significant effects

We do transmit a limited, one-time conversion event to Meta when you complete coach registration and attribution data is available (see §3.4). This is used solely to measure advertising effectiveness — not to target ads to you.

6. Third-Party Service Providers (Data Processors)

We use carefully selected processors under Data Processing Agreements (Art. 28 GDPR):

Service	Purpose
Auth0 (Okta Inc.)	Authentication
AWS (Amazon Web Services)	Secure cloud hosting & storage
Sentry	Error monitoring and crash reporting

All processors act solely on our behalf and under contractual safeguards.

6.1 Other Recipients (Independent Controllers)

Recipient	Purpose	Data Shared
Meta Platforms, Inc.	Conversion measurement for our advertising campaigns	See §3.4

Meta is an independent controller for the data it receives and processes it under its own data policy.

7. International Data Transfers

Data is stored on servers in the United States.

Transfers from the EEA/Switzerland are safeguarded by:

Standard Contractual Clauses (SCCs)
Additional technical and organizational safeguards

8. Data Retention

Active accounts: retained while account is active
Account deletion: data permanently deleted upon deletion request
Backup systems: overwritten within 30 days
Technical logs: deleted after 90 days
Inactive accounts: may be deleted after 24 months of inactivity
Conversion event records (see §3.4): the randomly generated event ID is retained for up to 90 days for deduplication purposes; the hashed email, IP address, and user agent in the event payload are transmitted to Meta only and are not retained on our servers

Upon termination of a coach account, access to client data is immediately revoked.

Browser-stored data is handled as described in §10.1.

9. Your Rights

Under GDPR/FADP:

Access — request a copy of personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of personal data
Restriction — request that we limit processing
Portability — request data in a machine-readable format
Objection (Art. 21 GDPR) — object at any time to processing based on legitimate interest, including the conversion measurement described in §3.4. We will stop the relevant processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Contact: privacy@gain-app.com

EEA residents may lodge a complaint with their national supervisory authority. Swiss residents may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

10. Data Security

We implement:

Encryption in transit (TLS 1.2+)
Encryption at rest (AWS server-side AES-256)
HTTPS enforcement
Content Security Policy (CSP) headers
X-Frame-Options headers preventing clickjacking
Strict referrer policy (strict-origin-when-cross-origin)
Strict role-based access controls
Time-limited presigned upload URLs

Coaches are contractually bound to maintain strict confidentiality regarding all client data accessed through the Platform.

10.1 Browser Storage

The Platform stores the following data locally in your browser:

localStorage: Authentication tokens (via Auth0), UI preferences (theme, language, sidebar state), view settings, and your cookie banner choice. UI preferences and your cookie banner choice persist across browser sessions.
sessionStorage: Temporary authentication redirect paths, onboarding data, and — if you arrive at the application via a Meta advertising link — a metaFbclid entry containing the Meta click identifier from the URL (fbclid) and the time of the click. This entry is used at registration time only, to attribute your signup to the corresponding ad (see §3.4), and is automatically cleared when the browser tab is closed.

Authentication tokens and session-scoped entries are cleared upon logout. UI preferences and your cookie banner choice are preserved so that your settings are remembered on next sign-in.

10.2 Cookies

The Platform uses the following cookies:

Strictly necessary (set without consent):

Auth0 authentication cookies

Analytics / measurement (set only after you accept the cookie banner):

_fbp — Meta Pixel browser identifier. Set by Meta's fbevents.js script when the Meta Pixel is initialized in your browser, which only happens after you have accepted analytics/measurement cookies via the cookie banner (and only on production deployments). Used together with the Conversions API event (see §3.4) to deduplicate the registration event between browser and server. Lifetime: 90-day rolling (resets on each visit where the Pixel is active). You can decline this by rejecting the cookie banner; you can withdraw consent at any time by clearing your browser storage.
_fbc — Meta click identifier. Set by Meta's fbevents.js when you arrive via a link containing the fbclid URL parameter (and only after analytics/measurement cookie consent). Used to attribute your registration to the originating ad click. Lifetime: 90-day rolling.

If you decline the cookie banner, neither _fbp nor _fbc is set. The conversion event in §3.4 may still be transmitted at registration on the basis described there, but without these cookie values.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have the following rights (subject to verification and applicable exceptions):

Right to know — Request details about the personal information we collect, use, and disclose
Right to delete — Request deletion of personal information, subject to legal exceptions
Right to correct — Request correction of inaccurate personal information
Right to opt-out of sale/share — We do not sell personal information. We may transmit a limited, one-time conversion event to Meta at registration as described in §3.4, which under California law may qualify as "sharing" for cross-context behavioral advertising purposes. You can prevent this transmission by declining to complete registration after seeing the notice on the registration screen, or by declining the cookie banner and not arriving at the application via a Meta ad click. Already-registered coaches may contact us at privacy@gain-app.com to request deletion of any conversion event records we still retain (event ID and request metadata are retained for up to 90 days; see §8). We will respond to verifiable requests within 15 business days.
Right to non-discrimination — We will not discriminate against you for exercising your rights

To exercise your rights, contact us at privacy@gain-app.com.

12. Children’s Privacy

The Platform is not intended for individuals under 16.

We do not knowingly collect data from children under 16.

13. Automated Decision-Making

We do not perform automated decision-making with legal or similarly significant effects.

14. Changes to This Policy

We may update this policy. Material changes will be communicated via the Platform.

15. Contact

Gain. Fitness GmbH
Kelchweg 3
8048 Zurich
Switzerland

privacy@gain-app.com