Privacy Policy for the mefilu App
1. Controller
The controller responsible for the processing of personal data in connection with the mefilu app is:
Ulbrich-Löffler-Ulbrich GbR
D3 4
68159 Mannheim
Germany
represented by its partners authorised to represent the company
Email: data@mefilu.de
2. Subject Matter of this Privacy Policy
This Privacy Policy applies to the currently published version of the mefilu app.
mefilu is an app with digital content relating to movement, nutrition, mental well-being, recovery, wellness and lifestyle. The content serves general health promotion and general informational and educational purposes.
The app does not provide medical, psychological, psychotherapeutic, physiotherapeutic, nutritional medical or other healthcare-related professional advice, diagnosis or treatment.
Use of the app does not replace an in-person examination, advice or treatment by appropriately qualified professionals.
The app may currently be used without a user account. At present, there is no registration, no login, no server-side user accounts, no push notifications and no in-app purchases.
In its current design, mefilu does not use advertising, profiling or audience measurement for marketing purposes. This does not affect technically required security, stability and error diagnosis services.
3. Use Without a User Account
At present, no user account is required in order to use the app.
mefilu currently does not create personal health profiles, medical case files or centrally managed training accounts.
Certain information, settings or content that you enter, select or configure within the app is stored exclusively locally on your end device in order to keep the app’s functions usable. This may include in particular:
- favourites
- information regarding available training equipment
- display and language settings
- technical version information
- locally stored exercise and translation data
- cache and temporary usage data
4. Categories of Data Processed
Depending on the specific use situation, we process in particular the following categories of data:
- technical connection and usage data (e.g. IP address, times of requests, device and app information, technical log data)
- locally stored settings and content data
- error, diagnostic and performance data for stabilising and improving the app
- data transmitted to integrated third-party providers when video or preview material is played
- data generated when external links are opened
- data generated when contact is made by email
5. Local Storage on the End Device
The app uses local storage mechanisms on your end device, in particular:
- SharedPreferences for settings and selection decisions, in particular favourites, training equipment, display options and technical version information
- a local SQLite database for exercise and translation data
- app-internal cache and file structures, insofar as this is necessary for the provision and updating of content
This local storage serves to provide the app in a functional, user-friendly and performant manner.
Insofar as the storage of or access to information on your end device is required, this is carried out on the basis of Section 25(2) No. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG). Insofar as personal data is processed in this context, processing is carried out on the basis of Article 6(1)(f) of the General Data Protection Regulation (GDPR).
Our legitimate interest lies in providing the app in a stable, technically functional and user-friendly manner.
6. Retrieval of Content via Google Firebase and Cloud Firestore
For the technical initialisation of the app and for the retrieval of configuration data, exercise content and translations, mefilu uses services provided by Google Firebase and Cloud Firestore.
In this context, the technical data required for the respective communication may be processed, in particular:
- IP address
- timestamps
- device and app information
- connection data
Firestore is used exclusively for the retrieval of content. At present, no registration or authentication of users takes place via these services.
The legal basis is Article 6(1)(f) GDPR.
Our legitimate interest lies in providing up-to-date content and ensuring the reliable technical functionality of the app.
7. Protection of the App Infrastructure Through Firebase App Check
To protect against abusive, automated or unauthorised access, mefilu uses Firebase App Check.
In this context, integrity, attestation and device information may be processed insofar as this is necessary to protect the app and connected backend services.
The legal basis is Article 6(1)(f) GDPR.
Our legitimate interest lies in protecting the app, its content and the technical infrastructure.
8. Error Analysis and Performance Monitoring with Sentry
For the detection, analysis and correction of technical errors and to ensure the stability and performance of the app, mefilu uses the Sentry service.
In particular, the following data may be processed:
- error and crash reports
- technical diagnostic and log data
- information regarding app state and accessed screens
- device, operating system and version information
- timestamps and performance data to the extent required
No user account exists. No internal app user identifier is transmitted to Sentry.
The legal basis is Article 6(1)(f) GDPR.
Our legitimate interest lies in the secure, stable and low-error provision of the app.
9. Exercise Clips from Wix-Hosted Media Sources
Short exercise clips are loaded as directly integrated media from Wix-hosted sources and played within the app using a native network player.
These exercise clips are automatically loaded and started when an individual exercise is opened. They show the respective exercise or individual movement sequences in short form.
When these contents are played, the technical data required for the delivery of the media files may be processed, in particular:
- IP address
- connection data
- device information
- times of retrieval
- technical log data
Playback takes place natively within the app and not via an embedded browser or WebView.
The legal basis is Article 6(1)(f) GDPR.
Our legitimate interest lies in providing the selected exercise content and in displaying the exercises properly within the app.
10. Explanation Videos and Preview Images via Vimeo
For explanation videos of exercises and related preview images, mefilu uses services provided by Vimeo.
A distinction must be made between two usage situations:
- Preview images of individual exercises may already be loaded in overviews.
- Explanation videos of exercises may be loaded and played within the app via an embedded In-App-WebView using the Vimeo player. Playback of the explanation videos is only started after active selection by the user.
In this context, the following data may in particular be processed:
- IP address
- connection data
- device information
- usage data relating to the video player
- WebView and browser information
- technical log data
When playback occurs via the embedded Vimeo player, Vimeo or associated technical services may use their own storage or recognition technologies.
Insofar as Vimeo processes data for its own purposes, this is carried out under Vimeo’s own responsibility under data protection law.
The legal basis is Article 6(1)(f) GDPR.
Our legitimate interest lies in providing the selected media content, displaying preview images in exercise overviews and enabling user-friendly playback of explanation videos within the app.
11. External Links, Social Media and Partner Offerings
The app may contain external links, in particular to:
- our websites https://www.mefilu.com, https://www.mefilu.de, https://www.mefilu.net and https://www.mefilu-app.de
- social media profiles
- partner or discount offers
- product and material pages
- email addresses (mailto:)
When opening external links, you leave the immediate area of responsibility of the app. The respective operators are solely responsible for the subsequent data processing.
When external links are opened, connection data, in particular your IP address and technical device information, may be transmitted to the respective recipient.
In the case of partner or discount links, the target provider may be able to recognise that access originated via a corresponding referral.
The legal basis is Article 6(1)(f) GDPR.
Our legitimate interest lies in providing supplementary information, contact options and external offerings.
12. Contact by Email
The app may contain email addresses or email links (mailto:). If you use an email link via the app, your email application will open.
If you use an email link via the app or contact us directly, we process the data transmitted by you, in particular your email address and the content of your message, in order to process your enquiry.
Processing is carried out:
- pursuant to Article 6(1)(b) GDPR, insofar as this is necessary for processing specific enquiries regarding the use of the app or for initiating a contractual relationship
- otherwise pursuant to Article 6(1)(f) GDPR for processing other enquiries
Our legitimate interest lies in the proper processing of enquiries and communication with users.
13. No Central Processing of Individual Health Profiles
mefilu currently does not create any server-side individual health profiles, medical case files or personal training histories in a user account and does not currently process such data centrally.
Locally stored favourites, exercise selections or information regarding training equipment may allow inferences about personal interests or training focuses. As a general rule, this information remains on your end device. However, when external services or links are accessed, independent data processing operations may be triggered by the respective providers.
14. Recipients of Personal Data
Recipients of personal data may in particular include, insofar as this is technically or organisationally necessary for the respective provision of services:
- Google Firebase and Cloud Firestore
- Firebase App Check
- Sentry
- Vimeo
- Wix-hosted media sources
- operators of external websites or platforms
- email service providers
- technical IT service providers, insofar as required for operation and maintenance
15. Transfers to Third Countries
When using certain services, personal data may be processed in countries outside the European Union or the European Economic Area, in particular in the United States.
This applies in particular to services such as Google Firebase, Cloud Firestore, Firebase App Check, Sentry, Vimeo, Wix-hosted media sources or external platforms.
Such processing takes place within the framework of the applicable data protection requirements pursuant to Articles 44 et seq. GDPR.
Where required, the respective providers rely on adequacy decisions of the European Commission, standard contractual clauses or other legally recognised safeguards.
The privacy information of the respective providers is authoritative for the specific structure and implementation of the processing.
16. Storage Period
Data stored locally on your end device generally remains there until you modify or delete it within the app, uninstall the app or reset your end device.
Locally stored content may be replaced or overwritten in the course of technical updates.
Insofar as data is processed by external providers such as Google Firebase, Sentry, Vimeo or Wix, their storage periods are determined by the respective privacy information of those providers.
We store data from contact enquiries only for as long as this is necessary to process your enquiry, for any follow-up communication, for safeguarding legitimate interests (in particular documentation, quality assurance and improvement of our information and support offering) or for fulfilling statutory obligations.
17. Your Rights
Subject to the applicable legal requirements, you are entitled in particular to the following rights:
- right of access (Article 15 GDPR)
- right to rectification (Article 16 GDPR)
- right to erasure (Article 17 GDPR)
- right to restriction of processing (Article 18 GDPR)
- right to data portability (Article 20 GDPR)
- right to object to processing based on Article 6(1)(f) GDPR (Article 21 GDPR)
- right to lodge a complaint with a data protection supervisory authority
18. Privacy Contact
If you have any questions regarding data protection, you may contact us at any time:
Ulbrich-Löffler-Ulbrich GbR
D3 4
68159 Mannheim
Germany
Email: data@mefilu.de
19. Updates to this Privacy Policy
We update this Privacy Policy where necessary due to technical changes, new functions or changed legal requirements.
The currently valid version made available within the app or on a legal information page linked from the app shall be authoritative.
Where legally required, we will provide separate information regarding material changes.
20. Language Versions
This Privacy Policy is provided in several languages. In the event of discrepancies between different language versions of this Privacy Policy, the German version shall prevail.
Version date: 09 May 2026