Updated in February 2026
Aware of the importance of ensuring the confidentiality of your data, SMASH is strongly committed to the protection of personal data.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR") and French Law No. 78-17 of 6 January 1978 in its latest version in force, we wish to inform you about how we collect, use and disclose your personal data in connection with the services we provide to you via the NOA mobile application (hereinafter the "Application").
SMASH reserves the right to modify this privacy policy at any time. In the event of a substantial modification, you will be informed by notification in the Application.
Personal data is collected by SMASH, a société par actions simplifiée (SAS), registered with the Trade and Companies Register of Paris under number 942 968 934, whose registered office is located at 128 rue La Boétie, 75008 Paris, France, represented by Shreyas Rajagopalan (hereinafter "SMASH", "we", "us", "our"), in its capacity as data controller.
SMASH collects the personal data necessary to provide the Application Services. Data collection is limited to the list set out below. For each category of data, we indicate the purpose of the processing and the applicable legal basis.
If you choose not to provide the mandatory personal data (marked with an asterisk in the forms), we may not be able to provide you with all or part of the Services. Non-mandatory data is collected through your spontaneous communication (via customer service or the Application's communication spaces).
| Type of data | Purpose | Legal basis |
|---|---|---|
| Pseudonym | Account creation and management | Performance of the contract |
| Email address | Authentication, communication, dispute management | Contract execution |
| Password (encrypted) | Authentication and secure access to Services | Contract performance |
| Type of data | Purpose | Legal basis |
|---|---|---|
| Personal information provided in the profile (identity, age, gender, etc.) | Personalisation of the user experience and recommendation of a suitable Coach | Performance of the contract |
| Responses to the initial orientation questionnaire (sports objectives, level, preferences, availability) | Selection and recommendation of a Coach suited to the User's profile | Execution of the contract |
| Selected coach and history of coach changes | Management of contact with the Coach and provision of training schedule | Execution of the contract |
| Training preferences (including preparation time before the start of a session) | Personalisation of the user experience | Contract execution |
| Notification preferences (acceptance or refusal of notifications from the Coach) | Sending notifications relating to training schedules and programmes | Consent |
| Discipline(s) practised (yoga, fitness, cardio, etc.) | Recommendation of Coaches by discipline and personalisation of content | Contract performance |
| Type of data | Purpose | Legal basis |
|---|---|---|
| History of training sessions completed | Tracking of the User's progress and display in the dashboard | Performance of the contract |
| Exercise performance and statistics | Progress tracking and personalised recommendations | Contract execution |
| Fitness goals set and results achieved | Progress tracking and improvement of user experience | Contract performance — Legitimate interest (improvement of the quality of Services) |
| Training schedule accessible in the dashboard | Provision of personalised coaching service | Performance of the contract |
| Type of data | Purpose | Legal basis |
|---|---|---|
| Browsing data in the Application (features used, videos viewed, session duration) | Improvement of user experience, measurement of satisfaction, statistical studies and segmentation | Legitimate interest (improvement of product and service quality) |
| IP address | Technical administration of the Application, security | Legitimate interest (securing the Platform) |
| Device type (smartphone or tablet), operating system and Application version | Technical administration and optimisation of Application compatibility | Legitimate interest (proper functioning of the Application) |
| Technical identifiers (session ID, authentication tokens) | Authentication and securing access to Services | Performance of the contract |