Last updated: 28 May 2026

Privacy Policy

Train with Ky ("we", "us", "our") provides a personal training and coaching platform. This Privacy Policy explains what data we collect, how we use it, and your rights under the UK GDPR and Data Protection Act 2018.

1. Data we collect

  • Account data: name, email address, password (hashed), role (coach or client).
  • Health & fitness data: body measurements, weight, progress photos, workout logs, nutrition logs, habits, menstrual cycle data (if provided), Apple Health imports.
  • Communications: messages exchanged between coaches and clients, check-ins.
  • Technical data: log data, device information, IP address.

2. Legal basis

We process your personal data on the basis of contract (to deliver coaching services you have signed up for) and your explicit consent for special category (health) data. You may withdraw consent at any time by contacting us.

3. How we use your data

  • Deliver personalised training programmes, nutrition targets and check-ins.
  • Allow your coach to review your progress.
  • Send service-related emails (account verification, password reset, notifications).
  • Improve the platform and troubleshoot issues.

4. Sharing

Your data is shared only with your assigned coach within the platform. We use trusted infrastructure providers (hosting, database, email delivery) who process data on our behalf under data processing agreements. We do not sell your data.

5. Open Food Facts

Nutrition lookups query the public Open Food Facts database. No personal data is sent — only the barcode or search term you enter.

6. Retention

We keep your data for as long as your account is active. You can request deletion at any time; we will erase your data within 30 days, except where we are legally required to retain it.

7. Your rights

You have the right to access, rectify, erase, restrict, port, and object to processing of your data. To exercise any of these rights, email us at hello@trainwithky.com. You may also lodge a complaint with the UK Information Commissioner's Office (ICO).

8. Security

Data is encrypted in transit (TLS) and at rest. Access is controlled by row-level security and role-based permissions. Passwords are hashed and checked against known breach databases.

9. Contact

Data controller: Train with Ky. Email: hello@trainwithky.com.