Privacy Policy

Last updated: July 10, 2026

Who we are

CoachSync is a platform for personal trainers, coaches, and physiotherapists to manage clients, create training and nutrition plans, and track progress.

The data controller is CoachSync.

What we collect

We only collect data necessary to provide the service.

Account information

  • Email address
  • Full name
  • Password (stored securely as a one way hash)

Client profile

  • Year of birth, gender, height
  • Goals and experience level
  • Medical notes entered by your trainer

Health and fitness data

  • Body measurements
  • Workout logs
  • Nutrition plans

Uploaded files

  • Progress photos uploaded by trainees to track their physique. Stored privately and visible only to the trainee and their linked trainer.
  • Documents uploaded by trainers to share with clients (PDF, image, Word, plain text). Visible only to the trainer who uploaded them and the clients they choose to share with.
  • Trainer branding: an optional logo, business name, and accent color shown to that trainer's linked clients.

Messages

Messages exchanged within the app.

Contact form

Name, email, and message if you contact us.

Service and acquisition events

Error and request diagnostics, aggregate product event names, page locale, referrer hostname, and UTM source, medium, or campaign values when present in the URL. This telemetry does not contain message, plan, photo, or health content.

Why we collect it

  • Provide and operate the service
  • Manage accounts and authenticate users
  • Enable communication between users
  • Respond to support requests
  • Monitor service reliability and aggregate setup events

We do not sell your data or use it for advertising.

Legal basis

  • Contract: to provide the service
  • Consent: for health related data
  • Legitimate interest: for basic communication, security, service reliability, and aggregate product event measurement

Health data

Health related data, including progress photos, is processed with extra care:

  • Only visible to you and your trainer
  • Encrypted in transit
  • Stored in a private object store and served via short-lived signed URLs
  • Processed only with your consent

Third party services

  • Azure Communication Services for emails
  • Azure Blob Storage for uploaded files (progress photos, trainer documents, branding logos)
  • Azure Application Insights for service reliability and aggregate product event telemetry
  • Cloud hosting provider located in the EU

These providers act as data processors under contract.

We use limited operational telemetry to detect errors and count aggregate product events. We do not use advertising trackers or sell usage data.

International transfers

Data is stored in the EU. If data is transferred outside the EU, appropriate safeguards such as standard contractual clauses are used.

Cookies

We use a secure HTTP only cookie to keep you signed in. It is not used for tracking or advertising. Temporary session storage keeps campaign attribution in the current browser tab until registration starts; it contains no user identifier and clears when the tab session ends.

Data retention

Data is kept while your account exists. After deletion, data is permanently removed within a reasonable period unless required by law.

Your rights

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Request a copy of your data
  • Withdraw consent
  • Lodge a complaint with a data protection authority

Security

We use industry standard security practices including encryption and secure authentication. No system is completely secure.

Children

This service is not intended for users under 16. If such data is identified, it will be deleted.

Changes

We may update this policy. Significant changes will be communicated where possible.

Contact

For anything related to your data or this policy, use the contact form on our home page.