Privacy Notice

This Privacy Notice explains how FitTrainr Inc. ("FitTrainr", "we", "us", or "our") collects, uses, discloses, and protects information about you when you use the FitTrainr coaching platform (the "Service"), including the website at https://web.fittrainr.com, the web application at https://fittrainr.com, and our mobile apps.

We have two things we want you to take away from this document:

• We do not sell your personal data. We do not rent it. We do not share it with advertisers.
• We access only what is required to operate the platform you are paying for.

1. Information We Collect

1.1 Account information

When you sign up — as a coach, sub-coach, or client — we collect your name, email address, role, and authentication identifiers (such as the unique ID returned by your single sign-on provider). If you set a password, it is hashed before being stored; we never see or store your plaintext password.

1.2 Profile information

Optional profile fields you choose to add: a profile photo, biography, timezone, preferred units, contact preferences, and (for coaches) professional details such as certifications and specialties.

1.3 Wellness and fitness data

For clients, the Service stores the wellness data you log: body weight, body fat percentage, body measurements, progress photos, nutrition entries, workout completions, and similar metrics. Coaches store the plans and content they create for their clients.

These records are wellness data, not medical records. FitTrainr is not a HIPAA-covered entity and does not collect Protected Health Information (PHI). See our Wellness Disclaimer for the full statement.

1.4 Coaching messages and content

Messages exchanged between coaches and clients (including 1-1 chats, group chats, file attachments, and voice notes if/when introduced) are stored to deliver the Service. We do not review, screen, or index the contents of these messages for any purpose other than operating the platform, complying with law, or responding to abuse reports.

1.5 Payment information

Payments are handled by Stripe. Card numbers and bank details never touch our servers. We store the limited tokens Stripe returns to us (such as a customer ID and the last four digits of the card) so we can show your billing history and invoices.

1.6 Technical and usage data

When you use the Service we collect standard server logs (IP address, user agent, request path, response status, timestamp). We also collect minimal product analytics — events like "user signed in", "coach created plan" — without third-party trackers or advertising IDs. We do not use third-party analytics, advertising pixels, or social-media tracking scripts on the public website or in the app.

2. How We Use Information

• To provide, maintain, and improve the Service.
• To authenticate you and protect your account.
• To deliver coach-to-client communications and store the records of those communications on behalf of the parties involved.
• To bill you (for coaches) and to power admin/support tooling.
• To detect, prevent, and respond to fraud, abuse, and security incidents.
• To comply with legal obligations.

3. How We Share Information

We share information only in the limited circumstances below.

3.1 Between coaches and their clients

The Service exists to enable coaching. By signing up as a client and accepting a coach's invitation, you authorise us to share the wellness data you log with that coach (and, where applicable, the coach's organisation and any sub-coach delegated to your account).

3.2 Service providers (subprocessors)

We use a small set of vetted third parties to operate the Service. See our subprocessors list for the current set, including the data each one processes and the regions where they operate.

3.3 Legal and safety

We may disclose information if required by law, by valid legal process, or where we have a good-faith belief that disclosure is necessary to prevent harm or to protect the rights, property, or safety of FitTrainr, our users, or the public.

3.4 Business transfers

If FitTrainr is acquired, merged, or undergoes a similar transaction, information may transfer to the successor entity. We will notify affected users in advance and ensure the successor is bound by terms no less protective than those in this Notice.

4. Data Retention

The simple version:

• Account and profile data: retained while your account is active, plus 30 days after deletion (so we can recover from accidental deletions and process disputes).
• Wellness logs and messages: retained for the life of the account, deleted on the same 30-day cycle as account data.
• Server logs: retained for 365 days for security, debugging, and compliance.
• Backups: retained for 30 days, after which they are overwritten.
• Financial records: retained as required by tax and accounting law (typically 7 years), even after account deletion. These records are kept in restricted-access systems.

5. Your Rights

You have the right to access, correct, export, and delete your personal data. Most of these are self-service from inside the app.

• Access: see all of your data from your profile and history pages.
• Correct: update profile fields, logs, and content directly in the app.
• Export: request a structured export of your data via support@fittrainr.com.
• Delete: see Account Deletion. This page is publicly accessible without signing in, as required by mobile app store policies.

Residents of jurisdictions with additional rights — including the EU/EEA (GDPR), the United Kingdom (UK GDPR), California (CCPA/CPRA), and other US state privacy laws — may have further rights such as the right to object to processing, to lodge a complaint with a supervisory authority, or to opt out of certain processing activities. To exercise any of these, contact support@fittrainr.com.

6. Children

FitTrainr is not intended for, and we do not knowingly collect data from, anyone under 16 years old. If you believe a child under 16 has provided us with personal information, please contact support@fittrainr.com and we will delete the information promptly.

7. Cookies and Similar Technologies

We use only the cookies necessary to keep you signed in, to remember your preferences, and to protect against cross-site request forgery. We do not use advertising cookies or third-party tracking pixels. See our Cookie Policy for the complete list.

8. International Transfers

FitTrainr's primary infrastructure is hosted in the United States, in the Google Cloud Platform us-central1 region (Iowa). If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

For users in the EU/EEA and the UK: this transfer relies on the applicable Standard Contractual Clauses with our subprocessors and on supplementary safeguards (encryption in transit and at rest, access controls, audit logging). You may request a copy of the applicable SCCs by emailing support@fittrainr.com.

9. Security

We protect your data with the controls described on our security page: encryption in transit, encryption at rest, IAM-based database authentication, dependency scanning, audit logging, two-factor authentication for admins, and regular backups. No security program is perfect; if you believe your account has been compromised, please email support@fittrainr.com immediately.

10. Changes to this Notice

We may update this Notice from time to time. Material changes will be communicated by email to your account address at least 30 days before they take effect, and the version and effective date in the header above will be updated. The full version history lives in our legal changelog.

11. How to Contact Us

For privacy questions, requests, or complaints, email support@fittrainr.com or support@fittrainr.com. Postal address available on request.