Privacy Policy

Last updated: January 1, 2025

Controller

Trainerflow LTD (UK) – 86-90 Paul Street, London, EC2A 4NE

Contact: contact@thetrainerflow.com

Who We Are and How to Contact Us

  • Trainerflow LTD is the data controller for personal data processed through the platform.
  • If you are a Client, your Trainer may be an independent controller for personal data they collect in the course of providing coaching.
  • For privacy questions, you can contact us at the address or email above.

Scope

  • This Privacy Policy applies to personal data collected and processed through the Trainerflow Client App, Trainer Interface, websites, and support channels.
  • It explains what personal data we collect, how we use and share it, and your rights under UK data protection law.

Personal Data We Collect

  • Account & Identity Data: We collect information you provide for your account, such as name, email address, hashed login credentials, and whether you are a Trainer or Client.
  • Fitness & Health Data (Special Category): If you choose to input it, we collect health-related data like weight, body measurements, heart rate, blood pressure, nutrition and training logs, and similar metrics. This is treated as sensitive data under UK law.
  • Health & Medical History (Special Category): Information from PAR-Q forms or fitness consent forms, family health history, and other health-related records provided in the app.
  • Media: Photos and videos you upload (e.g., progress photos, exercise form videos).
  • Communications: Messages between you and your Trainer, and any support inquiries or communications you send to us.
  • Data Collected Automatically: We automatically collect device and usage data, including device type, operating system, app version, IP-based location, timestamps of activity, crash logs, performance metrics, and interaction events within the app.
  • Future Data (If Enabled): If you connect third-party services, we may collect activity, sleep, and related data from wearable integrations. If biometric unlock is used, no biometric templates are shared with us.

How We Use Your Personal Data (Purposes and Legal Bases)

We process personal data only when we have a legal basis:

  • Contractual Necessity: To provide the Services and fulfill our contract with you. This includes account creation, authentication, enabling Trainer–Client features, storing and displaying logs and progress, and providing customer support.
  • Legitimate Interests: For security and improvement of our platform, such as preventing fraud, investigating security incidents, and improving our products (in aggregated or pseudonymized form). These interests are balanced against your privacy rights.
  • Legal Obligations: To comply with UK legal requirements, such as accounting/tax laws or responding to lawful requests from authorities.
  • Consent (Special Category Data): For processing health and fitness data, we rely on your explicit consent. You can withdraw this consent at any time; without it, we may not be able to provide certain health-tracking features.

Trainer Data Roles

  • When you use Trainerflow with a Trainer, your Trainer typically acts as an independent controller for the data they collect about you, and Trainerflow generally acts as a processor providing the platform.
  • Trainers must ensure they have a lawful basis (usually your consent) to use your data and must inform you how they use it.
  • We may require Trainers to sign a Data Processing Addendum (DPA). If signed, that DPA governs how Trainerflow and the Trainer handle your data together.

How We Share Your Personal Data

We do not sell your personal data. We only share data as follows:

  • Between Trainers and Clients: Your Trainer (and any staff they authorize) will have access to your profile, workout logs, metrics, and media as necessary to provide coaching.
  • Service Providers: We use trusted third-party vendors to support the platform (e.g., cloud hosting on AWS UK, email delivery services, analytics and crash reporting tools, support tools, and payment processors like Stripe or PayPal). These providers only access the data needed for their service and are contractually obligated to secure it.
  • Legal and Safety: We may disclose personal data if required by law (e.g., subpoenas, court orders) or to protect the rights, safety, or security of our users, ourselves, or others.
  • Business Transfers: If Trainerflow is merged, acquired, or sells assets, your data may be transferred to the new owner, subject to confidentiality requirements and notice to you.

International Data Transfers

  • We primarily store and process your data in the UK (AWS data centers in the UK). We may also use servers or services in other countries as needed.
  • If personal data is transferred outside the UK/EEA to a country without an adequacy decision, we will put in place appropriate safeguards (such as the UK International Data Transfer Addendum or standard contractual clauses) to protect your data.

Data Retention

We keep personal data only as long as necessary for the purposes above and to comply with legal obligations. For example:

  • Active account data is retained while your account is active.
  • If your account is closed or inactive, we may retain data for up to 24 months for potential reactivation, dispute resolution, or legal reasons.
  • Support tickets and communications are retained for up to 24 months after resolution.
  • Security logs and monitoring data are typically kept for 6–12 months (or longer if needed for an investigation).
  • Financial records (e.g., future payments) are retained for up to 6 years for tax and accounting compliance in the UK.
  • Health and coaching data: We minimize retention of sensitive health details. Only the information needed for ongoing coaching is kept.
  • Deletion upon Request: You can request deletion of your data through the app or by contacting us. We will verify your request and delete or anonymize your personal data (except data we are legally required to keep). If your Trainer is a separate controller, you may also need to contact them to delete any data they hold.

Security Measures

  • We implement appropriate technical and organizational safeguards, including encryption of data in transit (TLS/HTTPS) and at rest (where supported), strict access controls, and secure network architecture.
  • Our systems are monitored for unauthorized access, and we maintain incident response procedures.
  • Only authorized personnel with specific needs have access to personal data, and staff receive training on data protection.
  • While we strive to protect your data, no system can be 100% secure, so we encourage you to protect your own credentials and devices.

Your Privacy Rights (UK)

Under UK GDPR, you have certain rights regarding your data:

  • The right to access your personal data.
  • The right to correct inaccurate or incomplete data.
  • The right to delete (erase) your data, subject to legal limitations.
  • The right to restrict or object to certain processing of your data.
  • The right to data portability, where applicable.
  • The right to withdraw consent at any time (where we rely on consent).

To exercise these rights, you can use any available in-app tools or email us at contact@thetrainerflow.com. We will respond to your request within one month (or two months if the request is complex).

Withdrawal of Consent

  • You may withdraw consent for processing special category data at any time by contacting us or via the app. Withdrawal doesn’t affect processing done before withdrawal.
  • If you withdraw consent to process health data, certain coaching features may be disabled.

Automated Decision-Making

  • We do not use any automated decision-making or profiling that produces legal or similarly significant effects. If we introduce such features in the future, we will update this policy and provide additional information.

Cookies (Website Only)

  • Our website may use essential cookies necessary for its function, and basic analytics cookies to improve the site.
  • You can control cookies via your browser settings at any time.

Children’s Data

  • The Services are not intended for individuals under 18. We do not knowingly collect personal data from anyone under 18.
  • If we learn we have collected data from a minor under 18, we will promptly delete it.

Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time. We will post the revised policy with a new “Last updated” date at the top.
  • If there are significant changes, we will notify users in the app or by email.

Complaints

  • If you are in the UK and believe we have mishandled your data, you may file a complaint with the Information Commissioner’s Office (ICO).
  • We will make every effort to address your concerns.

Contact

Power Moves Only.

© TrainerFlow Ltd. All rights reserved.

TrainerFlow and its content are protected by intellectual property laws. You may not copy, reproduce, distribute, or use any part of the platform for commercial purposes without written permission