Privacy Policy

Last updated: 31 May 2026

Your data is yours. This policy explains what we collect, how we protect it with encryption, who can access it, and the control you have.

1. Who we are

TrainTogether ("we", "us") provides a fitness coaching platform: a mobile app for clients and a web portal for personal trainers. This policy explains what personal data we process and why, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

Questions or requests: support@traintogetherfit.com.

2. Data we collect

Account data: name, email, authentication identifiers, and (for trainers) profile details you choose to publish.

Health & fitness data: workouts and logged sets, nutrition and food logs, body measurements, weight, progress photos, cardio and wellness metrics (steps, water, sleep). This is special-category data and we treat it with extra care.

Coaching data: the trainer–client relationship, the consent settings you choose, messages between you and your coach, and reviews you submit.

Payments: trainer subscriptions are processed by the Apple App Store, Google Play and RevenueCat. We receive subscription status, not your card details.

Technical data: device and diagnostic information needed to run the service and keep it secure.

3. How we use your data

To provide the service — store and display your training data, connect you with your coach, process subscriptions, and send service communications.

To keep the platform safe and working — security, fraud prevention, debugging and abuse moderation.

We do not sell your personal data, and we do not use your health data for advertising.

4. Encryption & security

Sensitive health data (workouts, nutrition, body measurements and progress photos) is encrypted at rest using envelope encryption with keys held in a managed key service — not derivable from public identifiers.

When a trainer views a client’s data on the web, decryption happens server-side through an access-controlled bridge; the browser never receives encryption keys, and every access is checked against your consent settings and recorded in an audit log.

5. Your control over coach access

You decide what each trainer can see. Sharing is granular and per-trainer — you can grant or withdraw access to categories such as nutrition, body measurements and photos at any time, and these choices are enforced on our servers.

6. Sharing with third parties

We use trusted processors to run the service: Google Firebase (authentication, database, storage, cloud functions), RevenueCat and the app stores (subscriptions), and an email delivery provider for transactional email. Processors act on our instructions under data-processing terms.

We may disclose data if required by law or to protect the rights and safety of users.

7. Retention & deletion

We keep your data while your account is active. You can delete your account from the app, which removes your personal data subject to any limited records we must retain for legal or accounting reasons.

8. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict or object to processing of your data, and to data portability. To exercise these, contact support@traintogetherfit.com. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).

9. Children

TrainTogether is not intended for children under 16. We do not knowingly collect data from children under 16.

10. Changes

We may update this policy; material changes will be reflected here with a new "last updated" date. Continued use after an update means you accept the revised policy.