Skip to content

Legal document

Privacy Policy

Effective: May 8, 2026Last updated: May 8, 2026

Your privacy matters. This document explains what data we collect, why, and how we protect it. We aim to be specific — no boilerplate.

1. Who we are

Trely is operated by Rexly s.r.o., based in Bratislava, Slovak Republic.

Contact: support@trely.eu

Web: https://trely.eu

2. Data we collect

When you create an account, we collect:

• Name, email (authentication) • Phone number (optional) • Profile photo (optional) • Role (trainer or client)

During use, we additionally process:

• Training data — bookings, sessions, progress photos, measurements, intake questionnaire answers, chat messages • Support data — support messages, account data, and technical context needed to resolve an issue • Payment data — when online payments are enabled, a payment processor handles them; we only store transaction IDs, amounts, and status (Trely never sees your card number) • Subscription — RevenueCat purchase ID (for trainers) • Technical data — IP address, device type, language, time zone • Crash reports — when the app crashes, we send anonymized technical details to Sentry

3. Support and admin access

Trely is not an end-to-end encrypted service. Authorized Rexly s.r.o. support or administration team members may access the data needed to provide support, keep the service secure, prevent abuse, or diagnose technical issues. This can include intake questionnaire answers, chat messages, profile and account data, public profile data, leads, and support communications.

We limit access to what is needed for those purposes and do not sell this data to third parties for marketing.

4. Why we collect data

We process data on the following legal bases (GDPR Art. 6):

• Performance of contract (Art. 6(1)(b)) — to provide the service • Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, debugging • Consent (Art. 6(1)(a)) — for marketing notifications (you can withdraw anytime) • Legal obligation (Art. 6(1)(c)) — tax and accounting records for subscriptions and enabled online payments

5. Who we share data with

We do not sell or share your data for marketing. We use the following processors to operate the service:

• Supabase (Frankfurt, Germany) — database and authentication • Stripe Payments Europe (Ireland) — online payments when enabled • RevenueCat (USA, Standard Contractual Clauses) — subscription management • Sentry (USA, SCC) — error tracking • Vercel (USA, SCC) — website hosting • Apple Push Notification Service / Google Firebase Cloud Messaging — push notifications

All processors have signed Data Processing Agreements per GDPR Art. 28.

6. How long we keep data

• Account and profile — for the duration of your account + 30 days after deletion • Training data — for the duration of your account; you can export anytime • Payment records — 10 years (Slovak tax obligation) • Crash reports (Sentry) — 90 days • Push tokens — until you disable notifications

After account deletion, personal data is removed; only anonymized payment records remain in our accounting system.

7. Your rights

Under GDPR, you have these rights:

• Right of access — request a copy of your data • Right to rectification — correct inaccurate data • Right to erasure ("right to be forgotten") • Right to restrict processing • Right to data portability — export your data in structured form • Right to object to processing based on legitimate interest • Right to withdraw consent (where consent is the basis) • Right to lodge a complaint with the supervisory authority (Office for Personal Data Protection of the Slovak Republic)

To exercise rights, email support@trely.eu. We respond within 30 days.

8. Cookies and tracking

The trely.eu website uses minimal cookies:

• Functional — language preferences (stored locally) • Analytics — Vercel Analytics (anonymous, no fingerprinting)

The mobile app does not use cookies. Sentry collects anonymized crash data only.

9. Security

We protect your data with industry standards:

• Encryption in transit (TLS 1.3) • Encryption at rest (AES-256) • Row-level security in the database • Regular security audits • Access limits and audit logging

If a breach affects your data, we will notify you within 72 hours.

10. Children

Trely is intended for users 16 and older (GDPR limit for Slovakia). Younger users must have parental consent. If we learn we collected data from a child without consent, we will delete it.

11. Changes

We may update this policy. For material changes (new processing purposes, new sub-processors), we will email you. The current version is always at trely.eu/privacy with the last-updated date.

12. Contact

Privacy questions: support@trely.eu

Rexly s.r.o. Bratislava, Slovak Republic

Rexly s.r.o.May 8, 2026
Privacy Policy · Trely