Legal

Privacy Policy

Last updated: February 24, 2026

1. Who We Are

DigitAquos is operated by OARA TECH S.R.L., a company registered in Romania (CUI: 53927238), located in Cluj County, Romania. We provide a software platform for swimming club management, individual training, health monitoring, and performance tracking.

For any privacy-related inquiries, contact us at razvanoara@digitaquos.com.

2. Data We Collect

We collect different categories of data depending on how you use DigitAquos:

Account Data

Full name, email address, username, password (hashed), country, club name (for coaches), swimming level (for individual swimmers).

Swimmer Profile Data

Date of birth, gender, training group, attendance records, performance times, personal bests, goals, and training preferences.

Health & Medical Data

Medical certificate status and expiry dates, height, weight, body metrics. For swimmers with connected wearables: heart rate, heart rate variability (HRV), resting heart rate, sleep data (stages, duration, score, SpO₂), stress levels, body battery, respiration rate, and swim activity metrics (SWOLF, stroke count, pace, laps, distance).

Wearable Data

When swimmers connect a Garmin device, we receive physiological data through the Garmin Connect API via OAuth2 webhooks. This is a one-way data flow — we receive data from Garmin but do not send any personal data back to Garmin.

Training Data

Workouts created or generated, training plans, session completions, performance metrics, and coach feedback. For AI-powered features, this includes data generated by AI services on your behalf (training plans, workout suggestions, session feedback).

Payment Data

When you subscribe to a paid plan, payment processing is handled by Stripe. We receive confirmation of payment status, subscription tier, and billing period. We do not store credit card numbers, CVVs, or full payment credentials on our servers. Invoices are generated through Oblio for Romanian e-invoicing compliance.

Usage Data

We do not use analytics trackers, cookies for advertising, or any third-party tracking tools. We may collect basic server logs (IP address, request timestamps) for security and debugging purposes only.

3. How We Use Your Data

We use your data exclusively to provide and improve the DigitAquos platform:

  • Providing club management, training planning, and health monitoring features
  • Generating readiness scores, recovery insights, and performance analytics
  • Powering AI features: generating personalized training plans, workouts, session feedback, and daily check-ins based on your profile, goals, and wearable health data
  • Adjusting workout intensity and volume based on recovery, sleep quality, and readiness metrics
  • Enabling communication between coaches and swimmers
  • Managing registrations, medical compliance, and GDPR consent tracking
  • Processing payments and generating invoices
  • Sending platform-related notifications (schedule changes, announcements)
  • Maintaining platform security and preventing abuse

We do not use your data for advertising, profiling, or any purpose unrelated to the swimming platform.

4. AI Data Processing

DigitAquos Pro includes AI-powered features that generate personalized training plans, workouts, session feedback, and coaching insights. To provide these features:

  • Certain personal data is sent to Google (Gemini API) for processing. This includes: your swimming level, goals, training schedule, recent workout history, and wearable health metrics (readiness score, sleep quality, heart rate, recovery status).
  • Data is transmitted securely over encrypted connections (HTTPS/TLS).
  • Google processes the data solely to generate your requested content and does not store your data beyond the duration of the API request.
  • Google does not use your data to train their AI models.
  • No identifying information (full name, email, exact date of birth) is sent to the AI provider — only anonymized training and health context necessary for content generation.
  • You can opt out of AI features at any time by not using them or by downgrading to the Basic plan. No data will be sent to AI services unless you actively use an AI-powered feature.

For more information on Google's data practices, see Google's Privacy Policy.

5. Legal Basis for Processing (GDPR)

  • Contract performance — Processing necessary to provide you with the DigitAquos platform and its features, including AI-powered features included in your subscription.
  • Consent — For health and medical data processing, wearable device connection, AI data processing via third-party services, and for minors' data (parental consent required for users under 16).
  • Legitimate interest — Platform security, preventing fraud, and service improvements.
  • Legal obligation — Generating invoices and maintaining financial records as required by Romanian law.

6. Children's Data

DigitAquos serves swimming clubs that include minors of all ages. We take the protection of children's data seriously.

  • There is no minimum age to have an account, provided a parent or legal guardian creates, manages, and assumes full responsibility for the account.
  • Users under 16 require parental or guardian consent for all data processing, including health data and wearable integration.
  • Club coaches are responsible for ensuring proper parental consent is obtained for all minors registered under their club.
  • Medical and health data for minors receives the highest level of protection and encryption.
  • AI-powered features for minor accounts require explicit parental consent for third-party data processing.
  • Parents or guardians may request access to, correction of, or deletion of their child's data at any time.

7. Data Sharing

We do not sell, rent, or share your personal data for advertising or marketing purposes.

We share limited data with the following third-party services, solely to provide platform functionality:

  • Garmin Connect API — One-way inbound integration. We receive wearable data from Garmin when a swimmer authorizes the connection. We do not transmit personal data to Garmin.
  • Google (Gemini API) — Anonymized training and health context is sent to generate AI-powered content (training plans, workouts, feedback). No identifying information is shared. Data is not stored by Google beyond the API request.
  • Stripe — Payment information is processed by Stripe for subscription management. Stripe operates under their own privacy policy. We do not store credit card details.
  • Oblio — Invoice data (name, email, subscription details) is sent to Oblio for Romanian e-invoicing compliance (e-Factura / ANAF).

No other third parties receive your data. We do not use analytics services, advertising networks, or data brokers.

8. Data Storage & Security

  • All data is stored on Hetzner Cloud servers in Germany (European Union).
  • Data is encrypted in transit (TLS/SSL — Grade A+ certified) and at rest.
  • Passwords are securely hashed — we cannot see or recover your password.
  • The platform has passed OWASP security testing.
  • Access to production infrastructure is restricted to authorized personnel only.
  • AI API communications use encrypted connections. No personal data is stored by AI providers beyond request processing.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your personal data will be permanently deleted within 30 days.
  • Anonymized, aggregated data (e.g., club statistics with no personal identifiers) may be retained.
  • Data required by law (e.g., financial records, invoices) may be retained for the legally required period (typically 10 years for financial records in Romania).
  • AI-generated content (plans, workouts) associated with your account will be deleted with your account.

10. Your Rights (GDPR)

As a user in the European Union, you have the following rights:

  • Access — Request a copy of your personal data.
  • Rectification — Correct inaccurate or incomplete data.
  • Erasure — Request deletion of your data (“right to be forgotten”).
  • Restriction — Limit how we process your data.
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to data processing based on legitimate interest.
  • Withdraw consent — Revoke consent at any time (e.g., disconnect wearable, revoke medical data consent, stop using AI features).
  • Object to AI processing — You have the right to opt out of AI-powered data processing at any time by not using AI features or by contacting us.

To exercise any of these rights, email us at razvanoara@digitaquos.com. We will respond within 30 days.

You also have the right to file a complaint with the Romanian data protection authority (ANSPDCP — www.dataprotection.ro).

11. Cookies

DigitAquos uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics tools.

12. International Data Transfers

Your data is stored within the European Union (Germany). When AI-powered features are used, anonymized data may be processed by Google, whose servers may be located outside the EU (United States). This transfer is conducted under appropriate safeguards including:

  • Data minimization — only anonymized, non-identifying context is transmitted.
  • No data retention by the AI provider beyond request processing.
  • Encrypted transmission (TLS/HTTPS).
  • Google's compliance with applicable data protection frameworks.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our platform, third-party services, or legal requirements. Significant changes will be communicated through the platform. The “Last updated” date at the top of this page will always reflect the most recent revision.

14. Contact

OARA TECH S.R.L.
Cluj County, Romania
CUI: 53927238
Email: razvanoara@digitaquos.com

Terms of Service →Contact Us →