Privacy Policy

Effective Date: March 14, 2026

Last Updated: March 14, 2026

1. Introduction

Trainary Inc. ("Trainary," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"), website at trainary.fit (the "Website"), and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you register for, or use, our Services, including:

• Account Information: Name, email address, and authentication credentials (via Apple Sign-In).
• Profile Information: Role selection (coach or client), fitness goals, and profile preferences.
• User-Generated Content: Workout programs, exercise definitions, workout notes, custom exercises, body measurements, and other content you create within the App.
• Coach-Client Data: Invitation codes, connection data, workout assignments, workout results, and session logs exchanged between coaches and clients.
• Body Measurements: Weight, chest, waist, arm circumference, and other body composition data you voluntarily enter, including BIA (Bioelectrical Impedance Analysis) data.
• Communications: Information you provide when contacting our support team.

2.2 Information Collected Through Photo Import

When you use the photo import feature, images you capture or select are processed to extract workout program data (exercises, sets, reps). Images are processed using third-party AI services and are not stored permanently on our servers after processing is complete. We do not use imported images for any purpose other than extracting workout data at your request.

2.3 Health and Fitness Data (Apple HealthKit)

With your explicit permission, Trainary integrates with Apple's HealthKit framework to:

• Read: Workout data, heart rate, active energy burned, and related health metrics to display analytics and insights within the App.
• Write: Workout data (start time, end time, calories burned, duration) to HealthKit when you complete a workout in Trainary, so your Activity Rings and health records are updated.

Apple HealthKit Data Protections:

• HealthKit data is never used for advertising, marketing, or data mining purposes.
• HealthKit data is never sold, shared with, or disclosed to third parties, including advertising platforms, data brokers, or information resellers.
• HealthKit data is never used to determine insurance eligibility, lending decisions, or for any purpose other than providing health and fitness functionality within the App.
• HealthKit data is stored only on your device and in your secure, authenticated cloud account. It is not stored in any third-party analytics or advertising system.

2.4 AI-Processed Data

Trainary uses artificial intelligence to generate session reports and extract workout data from photos. When AI features are used:

• Your workout data (sets, reps, weight, RPE, tempo) may be sent to third-party AI service providers for processing.
• AI-generated reports are based solely on your session data and are provided for informational purposes only.
• We do not use your data to train AI models.
• AI-generated content should not be considered medical, nutritional, or professional health advice.

2.5 Automatically Collected Information

We automatically collect certain information when you use our Services:

• Device Information: Device model, operating system version, unique device identifiers, and mobile network information.
• Usage Data: App interaction metrics (screens visited, features used, buttons tapped), session duration, and frequency of use.
• Crash Data: Crash logs, stack traces, and diagnostic information to help us improve App stability.
• Log Data: IP address, browser type, access times, and referring URLs when you visit our Website.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide you with the Services you requested (account management, workout tracking, coach-client features).
• Consent: Processing based on your explicit consent (HealthKit integration, photo import, AI features). You may withdraw consent at any time.
• Legitimate Interests: Processing necessary for our legitimate business interests (analytics, App improvement, security), provided these interests do not override your fundamental rights.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, maintain, and improve the Services.
• Facilitate the coach-client relationship, including workout assignment, session logging, and progress tracking.
• Generate AI-powered session reports and workout insights.
• Process photo and spreadsheet imports to extract workout data.
• Sync your data across devices using Firebase Authentication and Cloud Firestore.
• Monitor and analyze usage trends and preferences to improve user experience.
• Detect, prevent, and address technical issues, fraud, and security incidents.
• Communicate with you regarding your account, updates, security alerts, and support.
• Comply with legal obligations and enforce our Terms of Usage.

5. Coach-Client Data Relationship

Trainary facilitates a coach-client relationship where coaches create and assign workout programs to clients:

• Coaches can view their connected clients' workout results, body measurements, progression data, and session summaries. This data sharing is necessary for the coaching functionality and is consented to by the client when they accept a coach's invitation.
• Clients can disconnect from a coach at any time, which will revoke the coach's access to their future data.
• Coaches are responsible for their own use of client data and must comply with all applicable privacy laws in their jurisdiction.
• Trainary acts as a data processor on behalf of coaches (data controllers) with respect to client workout and health data managed through the coaching relationship.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: We share data with trusted third-party service providers who assist us in operating the Services, subject to confidentiality obligations:
  • Google/Firebase: Authentication (Firebase Auth), database hosting (Cloud Firestore), analytics (Firebase Analytics), and crash reporting (Firebase Crashlytics). Google's privacy policy: policies.google.com/privacy.
  • Apple: Authentication (Sign in with Apple) and health data sync (HealthKit). Apple's privacy policy: apple.com/privacy.
  • AI Service Providers: For processing photo imports and generating session reports. Data sent to AI providers is limited to the minimum necessary for the specific feature.
• Coach-Client Sharing: Workout data, measurements, and session results are shared between connected coaches and clients as part of the core Service functionality.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the App before your information becomes subject to a different privacy policy.
• With Your Consent: We may share your information for any other purpose with your explicit consent.

7. Data Storage, Security, and International Transfers

Your personal data is stored on Google Cloud Platform (Firebase) servers. These servers may be located in the United States or other countries outside your country of residence.

If you are located in the EEA, UK, or Switzerland, your data may be transferred to and processed in countries that may not provide the same level of data protection as your home country. In such cases, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions by the European Commission for certain countries.
• Your explicit consent where applicable.

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/SSL) and at rest.
• Firebase Security Rules restricting data access to authenticated users.
• Apple Sign-In for secure authentication without password storage.
• Regular security reviews and monitoring.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

• Account Data: We retain your personal data for as long as your account is active or as needed to provide you with our Services.
• Workout and Session Data: Retained for the duration of your account to provide progression tracking and historical analytics.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for product improvement purposes.
• Photo Import Data: Images submitted for photo import are processed in real-time and are not retained after the extraction is complete.
• After Deletion: When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal disputes). Backup copies may persist for up to 90 days before being purged.

9. Your Rights and Choices

9.1 All Users

Regardless of your location, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Delete your account and associated data via the "Delete Account" option in the App's Profile settings or by emailing us.
• Withdraw Consent for HealthKit integration at any time via your device's Settings.
• Opt Out of analytics data collection by contacting us.

9.2 EEA, UK, and Swiss Residents (GDPR)

In addition to the rights above, you have the right to:

• Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Restrict Processing: Request restriction of processing of your personal data under certain circumstances.
• Object to Processing: Object to processing based on legitimate interests.
• Lodge a Complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at support@trainary.fit. We will respond to your request within 30 days.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You may request correction of inaccurate personal information.

To submit a request, email us at support@trainary.fit. We will verify your identity before processing your request and respond within 45 days.

10. Children's Privacy

Our Services are not intended for individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected personal information from a child under the applicable age, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with personal information, please contact us at support@trainary.fit.

11. Cookies and Tracking Technologies

Our Website may use cookies and similar tracking technologies to enhance your experience. These include:

• Essential Cookies: Necessary for the Website to function properly.
• Analytics Cookies: Help us understand how visitors interact with the Website (Firebase Analytics).

You can control cookie preferences through your browser settings. Disabling cookies may affect Website functionality.

12. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no industry standard for compliance. However, we do not engage in cross-site tracking of our users.

13. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

14. Data Breach Notification

In the event of a data breach that compromises the security of your personal data, we will:

• Notify affected users via email and/or in-App notification without undue delay and within 72 hours of becoming aware of the breach (as required by GDPR where applicable).
• Notify the relevant supervisory authority where required by law.
• Provide details about the nature of the breach, the data affected, and the steps we are taking to address it.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify you via email or in-App notification for material changes.
• Where required by law, obtain your consent before applying changes to the processing of your data.

Your continued use of the Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Trainary Inc.
Email: support@trainary.fit

For GDPR-related inquiries, you may also contact your local data protection authority.