Data Handling

Understanding how we manage, secure, and process your fitness data

Data Collection and Processing

At Trainly, we handle app data with transparency and purpose limitation. This page explains how the current coaching platform processes account, workout, nutrition, measurement, media, message, notification, and optional health-sync data.

Current App Scope

The app supports assigned training plans, nutrition guidance, body measurements, progress photos, coach/admin messaging, reminders, local workout tracking, subscriptions, and optional health or step sync where users grant permission.

1. Types of Data We Handle

1.1 Account Data

  • Identity Information: Name, email address, username
  • Authentication Data: Encrypted passwords, device tokens
  • Profile Information: Profile photos, preferences, tenant or coach association
  • Contact Details: Phone number and support contact details where provided

1.2 Health and Fitness Data

  • Physical Metrics: Height, weight, body measurements, BMI
  • Fitness Goals: Weight loss, muscle gain, endurance targets
  • Activity Data: Workout sessions, exercise types, duration, intensity
  • Progress Tracking: Weight changes, strength improvements, endurance gains
  • Nutrition Data: Assigned nutrition plans, meal details, dietary preferences, notes
  • Media Data: Optional progress photos and profile images
  • Health Sync Data: Optional steps or activity data if you connect a supported health source

1.3 Technical Data

  • Device Information: Device model, OS version, app version
  • Usage Analytics: Feature usage and interaction patterns used to improve app reliability
  • Performance Data: App crashes, loading times, error logs
  • Notification Data: Push tokens and notification status used to deliver app reminders
  • Subscription Data: Store-provided purchase or subscription state used to unlock paid access

1.4 Tenant Customization Data

  • Branding: Tenant logo, primary and secondary colors, cover image, profile picture, intro video URL, and gallery images
  • Profile Copy: Tenant name, tagline, welcome message, biography, certifications, website, and social links
  • App Experience: Selected dashboard labels, feature availability, and tenant-specific app settings where enabled

2. Data Processing Principles

2.1 Lawful Basis

We process your data based on:

  • Consent: Optional permissions such as notifications, photos, camera, and health sync
  • Service Delivery: Processing needed to provide workouts, nutrition, coaching, progress tracking, subscriptions, and account access
  • Legitimate Interests: Improving app reliability, preventing abuse, and supporting users
  • Legal Obligations: Compliance, accounting, fraud prevention, and lawful requests where applicable

2.2 Data Minimization

We only collect and process data that is:

  • Necessary for providing our fitness services
  • Relevant to your fitness goals and preferences
  • Limited to what you explicitly provide or consent to
  • Updated regularly to maintain accuracy

3. Data Storage and Security

3.1 Storage Infrastructure

  • Cloud Infrastructure: Production backend services, database storage, and media storage
  • Backup Systems: Backups and retention controls designed to protect service continuity
  • Access Controls: Role-based access for users, coaches, tenants, administrators, and support operators
  • Local Storage: Some tokens, preferences, and workout progress may be stored on-device to keep the app responsive

3.2 Encryption Standards

  • Data in Transit: HTTPS/TLS for network communication
  • Stored Data: Cloud-provider protections and access controls for production data
  • On-Device Secrets: Secure storage is used for sensitive session data where supported
  • Operational Controls: Limited administrative access and environment-specific credentials

3.3 Security Measures

  • Separation of production and staging environments
  • Restricted access to production credentials and user data
  • Application logging and error monitoring for reliability
  • Security review for data-sensitive changes
  • Incident response and user notification procedures where required

4. Data Processing Activities

4.1 Personalization

We process your data to:

  • Display assigned workout and nutrition plans
  • Help coaches and authorized administrators support your program
  • Track measurements, progress photos, workout completion, and plan history
  • Send reminders and account messages when enabled

4.2 Progress Tracking

Your data helps us:

  • Monitor your fitness journey and achievements
  • Generate progress reports and analytics
  • Identify patterns and trends in your activity
  • Provide motivational insights and recommendations

4.3 App Improvement

We may analyze technical and aggregated data to:

  • Improve app performance and user experience
  • Develop new features based on user needs
  • Fix bugs and optimize functionality
  • Understand usage patterns and preferences

4.4 Tenant Customization

Tenant branding settings are used to make the app experience feel closer to the coach, trainer, or fitness business a trainee is working with. This can include branded login/profile visuals, app colors, welcome copy, profile media, social links, dashboard labels, and enabled feature areas.

5. Data Sharing and Third Parties

5.1 Service Providers

We work with carefully vetted third-party providers for:

  • Cloud Infrastructure: Hosting, database, media storage, and backup services
  • Analytics and Diagnostics: App performance, crash reporting, and usage reliability
  • Customer Support: Support communication and privacy request handling
  • Payment Processing: Subscription and purchase status through app-store systems
  • Notifications: Push delivery for reminders and account messages

5.2 Data Processing Agreements

All third-party providers must:

  • Use data only to provide contracted services
  • Apply appropriate security and access controls
  • Protect data from unauthorized access or disclosure
  • Support deletion, security, and compliance workflows where applicable

6. Your Data Rights

6.1 Access and Portability

  • View Your Data: Access all personal data we hold about you
  • Data Export: Request a copy of your account data by contacting support
  • Data History: View available workout, nutrition, and progress history in the app
  • Processing Activities: Information about how your data is processed

6.2 Control and Management

  • Update Information: Modify or correct your personal data
  • Delete Data: Request permanent deletion of your account and data
  • Restrict Processing: Limit how we process certain data types
  • Object to Processing: Opt out of specific data processing activities

6.3 Communication Controls

  • Control push notification permissions from your device settings
  • Contact support to update communication preferences
  • Disconnect optional health or media permissions through your device or app settings where available

7. Data Retention and Deletion

7.1 Retention Periods

  • Active Accounts: Data retained while account is active and for service provision
  • Inactive Accounts: Data may be retained while needed for account recovery, subscription, legal, or service records
  • Deleted Accounts: Data permanently removed within 30 days of deletion request
  • Legal Requirements: Some data may be retained longer if required by law

7.2 Deletion Process

When you delete your account:

  • Personal data is reviewed and marked for deletion
  • Data is removed from active systems within 30 days where legally and technically feasible
  • Backup copies expire through normal backup retention cycles
  • Legal, fraud-prevention, subscription, or security records may be retained where required
  • Anonymous, aggregated data may be retained for analytics

8. International Data Handling

8.1 Data Transfers

Your data may be processed in different countries to:

  • Provide global app functionality and performance
  • Ensure data redundancy and disaster recovery
  • Optimize app response times worldwide
  • Comply with local data residency requirements

8.2 Transfer Safeguards

We ensure international transfers are protected by:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions for countries with appropriate protection levels
  • Binding corporate rules and privacy frameworks
  • Regular assessments of transfer risks and protections

9. Incident Response

9.1 Security Incident Procedures

In case of a data security incident, we will:

  • Assess the scope and impact within 24 hours
  • Contain and remediate the issue immediately
  • Notify regulatory authorities within 72 hours if required
  • Inform affected users without undue delay
  • Provide support and guidance to affected users

9.2 Communication

We will communicate incidents through:

  • In-app notifications for immediate alerts
  • Email notifications with detailed information
  • Website updates and status pages
  • Direct communication for high-risk incidents

10. Contact and Support

10.1 Privacy Requests

For data protection inquiries, account deletion, or privacy questions, contact our privacy team:

  • Email: privacy@9xfitness.com
  • Subject Line: "Privacy Request - [Your Request]"
  • Response Time: Within 30 days for standard requests

10.2 User Support

For general data questions and account management:

  • Email: support@9xfitness.com
  • In-App Support: Available through the app settings
  • Response Time: Within 24-48 hours

Data Security Commitment

Your data security is a core operational priority. We invest in access controls, review, monitoring, and reliability work to protect personal, fitness, coaching, and tenant-branding data.

Questions about our data handling? Contact our team - we're here to help!