MorningMuscle Reset

Privacy Policy

Last updated: March 25, 2026

MI MI MI SAPUN EOOD, operating under the brand name MIMIMI ACTIVITY ("we," "us," or "our"), operates the website mimimiactivity.com and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in accordance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

Data Controller:
MI MI MI SAPUN EOOD
124A Vasil Aprilov Blvd
4027 Plovdiv, Bulgaria
Email: support@mimimiactivity.com

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, and password when you create an account.
  • Payment information: billing address and payment details processed securely through Paddle (our Merchant of Record). We do not store your full credit card number on our servers.
  • Profile information: optional details you add to your profile, such as profile photo, fitness goals, or preferences.
  • Communications: messages you send to us via email or support channels, including feedback and inquiries.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, course progress, time spent on the Service, and interaction patterns.
  • Device information: browser type and version, operating system, device type, screen resolution, and language settings.
  • Network data: IP address, approximate geographic location (city/country level), and referring URL.
  • Cookies and similar technologies: see our Cookie Policy for full details.

1.3 Information from Third Parties

  • Payment processors: Paddle (our Merchant of Record) may provide us with transaction confirmations, payment status, and limited billing information.
  • Analytics providers: aggregated usage data from analytics services we use to improve the Service.

2. How We Use Your Information

We use the personal data we collect for the following purposes:

  • Providing the Service: delivering courses, managing your account, processing subscriptions, and enabling access to content.
  • Payment processing: handling subscription payments, refunds, and billing inquiries through Paddle.
  • Communication: sending transactional emails (account confirmation, payment receipts, subscription updates), responding to inquiries, and providing customer support.
  • Service improvement: analyzing usage patterns to improve content, features, and user experience.
  • Personalization: tailoring course recommendations and content based on your preferences and usage history.
  • Marketing: sending promotional emails about new courses, features, or offers, only with your explicit consent. You can unsubscribe at any time.
  • Security and fraud prevention: detecting and preventing fraudulent activity, abuse, and security incidents.
  • Legal compliance: fulfilling our legal obligations, including tax and accounting requirements.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b)): processing necessary to provide the Service, manage your account, and fulfill your subscription.
  • Consent (Art. 6(1)(a)): processing based on your explicit consent, such as marketing communications and optional cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legitimate interests (Art. 6(1)(f)): processing necessary for our legitimate interests, including Service improvement, security, fraud prevention, and analytics, provided these interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)): processing required to comply with applicable laws, such as tax regulations and data retention requirements.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: retained for the duration of your account and up to 30 days after deletion, to allow for account recovery.
  • Payment records: retained for up to 7 years as required by EU tax and accounting regulations.
  • Usage data: aggregated and anonymized after 26 months. Raw usage data is deleted after this period.
  • Marketing data: retained until you withdraw consent or unsubscribe.
  • Support communications: retained for up to 3 years after resolution for quality assurance and legal purposes.

5. Your Rights Under GDPR

As a data subject in the EU, you have the following rights regarding your personal data:

  • Right of access (Art. 15): you have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
  • Right to rectification (Art. 16): you have the right to request correction of inaccurate personal data or completion of incomplete data.
  • Right to erasure (Art. 17): you have the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to data portability (Art. 20): you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to restriction of processing (Art. 18): you have the right to request that we limit how we use your data in certain circumstances.
  • Right to object (Art. 21): you have the right to object to the processing of your personal data based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: you have the right to file a complaint with your local data protection authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP).

To exercise any of these rights, please contact us at support@mimimiactivity.com. We will respond within 30 days as required by the GDPR.

6. Cookies

We use cookies and similar tracking technologies to operate and improve our Service. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

7. Third-Party Services

We share personal data with the following categories of third-party service providers, each acting as a data processor under appropriate data processing agreements:

  • Paddle (Payment processing / Merchant of Record): Paddle.com processes all payments, handles billing, tax compliance, and refunds on our behalf as our Merchant of Record. When you make a purchase, your payment data is collected and processed by Paddle directly.
  • Bunny.net (Content delivery): delivers video content and media files through a global CDN.
  • Analytics services: we use analytics tools to understand how users interact with our Service. These tools may collect anonymized usage data, device information, and approximate location.
  • Email service providers: we use third-party email services to send transactional and marketing communications.

We do not sell your personal data to any third party. We only share data with processors who need it to provide their services to us, under strict contractual obligations to protect your data.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU-US Data Privacy Framework: for transfers to certified US-based processors.
  • Standard Contractual Clauses (SCCs): EU-approved contractual clauses that provide adequate data protection guarantees.
  • Adequacy decisions: transfers to countries recognized by the European Commission as providing adequate data protection.

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected data from a child under 16, please contact us at support@mimimiactivity.com.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Regular security assessments and vulnerability testing.
  • Access controls limiting data access to authorized personnel only.
  • Secure payment processing through PCI-DSS compliant Paddle.

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you via email or a prominent notice on our Service before the changes take effect.
  • Where required by law, obtain your consent before applying changes that affect how we process your data.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries, you may also contact your local supervisory authority.