Privacy policy

1. Introduction

At TrainerPlan we take the protection of your personal data seriously. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, how long we keep it and the rights you have under applicable data protection laws, including the GDPR.

2. Data Controller

Name: Bruno Felicio
Entity: TrainerPlan
Address: Colmenar Viejo, Madrid, Spain
Contact Email: info@trainerplan.co

We process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and national data protection laws.

3. Categories of Data We Process

We may collect and process the following categories of personal data:

  • Identity and contact data (name, email, phone, address);
  • Account information (username, hashed password, profile details, preferences);
  • Payment and billing data (payment method, billing address, invoices) where applicable;
  • Usage data (logs, analytics, device, IP address, cookies and similar technologies);
  • Health or sport-related data provided by users or coaches (training history, performance metrics) when voluntarily supplied;
  • Purchase and transaction data when you buy training plans through the marketplace (billing name and address, country, VAT status, payment-method metadata, and purchase and invoice history);
  • Seller and payout data when you list training plans for sale (legal name, fiscal address, tax identification number, VAT status, bank account or other payout details, identity-verification documents, and self-billed invoice records).

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and legal grounds:

  • Provision of services: to provide and operate the Platform and perform the contract with you (contractual basis).
  • Payments and billing: to process payments and comply with tax and accounting obligations (contractual & legal obligation).
  • Communications: to send transactional messages, service updates and marketing communications where you have consented (consent or legitimate interest).
  • Improvements and analytics: to analyze, improve and personalize our services (legitimate interest).
  • Legal compliance and fraud prevention: to comply with legal obligations and protect the Platform (legal obligation & legitimate interest).

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform (necessary cookies), to analyze usage (analytics cookies) and to present targeted offers (marketing cookies). For full details on cookies and how to manage them, see our Cookies Policy (if available on the Platform) or contact us at info@trainerplan.co.

6. Recipients and Data Transfers

We may share personal data with:

  • Service providers: processors who provide hosting, payment processing, analytics and support services;
  • Authorities: when required by law or to respond to lawful requests from public authorities;
  • Third parties: only with your consent or where otherwise necessary for the performance of our services.

Some service providers may be located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA we will ensure adequate protections are in place, such as standard contractual clauses or other lawful transfer mechanisms.

When you use our AI-assisted features, your inputs are additionally shared with OpenAI, L.L.C. (United States) as a sub-processor. See Section 13 (AI Features and Automated Processing) for details.

For marketplace transactions, TrainerPlan acts as the merchant of record (issuing the invoice to the buyer and remitting any applicable VAT). Payments and trainer payouts are processed by Stripe Payments Europe, Ltd. (Ireland) for users in the European Economic Area and by Stripe, Inc. (United States) for cross-border processing, fraud prevention and Stripe Connect onboarding. Stripe processes payment data as our sub-processor for transaction execution and as an independent controller for fraud-prevention and regulatory purposes.

7. International Transfers

If we transfer your personal data to countries outside the EEA, we will ensure that such transfers are made in compliance with applicable data protection laws. We will use appropriate safeguards such as Standard Contractual Clauses or rely on an adequacy decision where available.

8. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy and to comply with legal obligations. Typical retention periods are:

  • Account data: while the account is active and for up to 7 years after termination for billing and legal purposes;
  • Support and communications: up to 5 years;
  • Analytics data: aggregated or anonymized indefinitely; raw logs for up to 2 years;
  • Marketplace tax invoices, self-billed seller invoices, payout records and seller verification data: at least 6 years (Spanish accounting and tax requirements), or longer where required by law.

Specific retention periods may vary by jurisdiction and legal requirements.

9. Data of Minors

The Platform is intended for users aged 18 or over. We do not knowingly collect personal data from children under 16 without parental consent. If you become aware that a child has provided us with personal data without consent, contact us and we will take steps to delete that data.

10. Your Rights

Under applicable law you may have the right to:

  • Access your personal data;
  • Request correction of inaccurate data;
  • Request deletion of data where there is no legal reason to retain it;
  • Request restriction of processing;
  • Object to processing based on legitimate interest;
  • Request data portability;
  • Withdraw consent where processing is based on consent;
  • Object to AI-assisted processing and disable AI features at any time (see Section 13).

To exercise any of these rights, contact us at info@trainerplan.co. You also have the right to lodge a complaint with a supervisory authority, such as the Spanish Data Protection Agency: www.aepd.es.

11. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, secure backups, and vulnerability management. However, no system can be guaranteed 100% secure.

12. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Please consult their privacy notices before providing personal information.

13. AI Features and Automated Processing

The Platform offers optional AI-assisted features (workout summaries, AI workout generation, AI training plan generation, and an AI assistant) that rely on a third-party large-language-model provider, OpenAI, L.L.C. ("OpenAI"). The following terms apply when you use these features:

  • What data is sent: training history, workout structure, performance metrics, athlete profile attributes you have provided (such as age, sport, goals and experience level) and any free-text prompts you submit. We do not send account credentials, payment data or contact details to OpenAI.
  • Sub-processor: OpenAI, L.L.C., based in the United States. OpenAI processes the data on our behalf as a sub-processor under a Data Processing Addendum.
  • Legal basis: your explicit consent (Article 6(1)(a) GDPR, and Article 9(2)(a) GDPR for any health- or fitness-related data). You can withdraw consent at any time in your account settings.
  • International transfer: data is transferred to the United States under the EU–U.S. Data Privacy Framework, supplemented by Standard Contractual Clauses where applicable.
  • Retention by OpenAI: data sent through the OpenAI API is not used to train OpenAI's models. OpenAI may retain API inputs and outputs for up to 30 days for abuse monitoring, after which they are deleted.
  • Retention on our side: generated outputs (summaries, workouts, plans) and chat history are stored in our database so you can revisit them; you can delete them from your account at any time.
  • No purely automated decisions: AI outputs are suggestions only and do not produce legal or significant effects within the meaning of Article 22 GDPR. A coach or athlete must review and approve any AI-generated workout or plan before applying it.
  • Right to opt out: you can disable AI features at any time in your account settings or by contacting us at info@trainerplan.co. Opting out will stop any further data being sent to OpenAI and will not affect your ability to use the rest of the Platform.

14. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on the Platform and indicate the date of the latest revision.

15. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at: info@trainerplan.co