Logo
Sign inCreate account

Privacy Policy

Last updated: March 31, 2026

ToTrain ("we", "us", or "our"), registered under KVK number 80183719 in the Netherlands, operates the ToTrain mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service.

1. Data Controller

ToTrain is the data controller for your personal data. You can reach us at info@totrain.app.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • First and last name
  • Email address
  • Password (stored securely hashed)
  • Profile photo (optional)

2.2 Third-Party Authentication

If you sign in via Google or Apple, we receive your name, email address, and profile identifier from these providers. We do not receive or store your Google or Apple password.

2.3 Health & Fitness Data

With your explicit consent, we may collect:

  • Workout logs (exercises, sets, reps, weight)
  • Training plans and templates
  • Body measurements and progress data
  • Apple Health / Google Health Connect data (steps, active energy, workouts) — only when you grant permission on your device
  • Nutrition data (meals, macronutrients, calorie intake)

2.4 AI Coach Data

When you interact with our AI coaching features, we process your workout history, training preferences, and messages to generate personalized recommendations. This data is sent to Anthropic (our AI provider) for processing. Anthropic does not use your data for model training. See Anthropic's Privacy Policy for details.

2.5 Technical Data

We automatically collect:

  • Device type and operating system
  • IP address
  • Browser type (web)
  • App version
  • Crash reports and error logs

3. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Service
  • Personalize your training experience and AI coaching
  • Authenticate your account
  • Send transactional emails (verification, password reset)
  • Process payments for premium features
  • Ensure the security of the Service
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract performance — to provide the Service you signed up for
  • Consent — for health data collection, AI coaching, and optional features
  • Legitimate interest — to improve the Service and ensure security
  • Legal obligation — to comply with applicable laws

5. Data Sharing & Third Parties

We share your data only with the following service providers, who act as data processors:

ProviderPurposeLocation
SupabaseAuthentication, database, storageUnited States
AnthropicAI coaching featuresUnited States
Google (OAuth)Social sign-inUnited States
Apple (Sign in with Apple)Social sign-inUnited States

We do not sell your personal data. We do not use third-party analytics or advertising trackers.

6. International Data Transfers

Your data is stored and processed in the United States by our service providers. As ToTrain is based in the Netherlands, we ensure transfers to the US are protected by appropriate safeguards in compliance with GDPR, including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses where applicable.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Personal data is deleted within 30 days
  • Workout history and health data are permanently deleted
  • Anonymized aggregate data may be retained for analytics
  • Data required by law may be retained for the legally mandated period

8. Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time for consent-based processing

To exercise any of these rights, contact us at info@totrain.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Children's Privacy

The Service is intended for users aged 13 and older. In the European Economic Area, users under 16 must have verifiable parental or guardian consent to use the Service. We do not knowingly collect data from children under 13. If we learn we have collected data from a child under 13, we will promptly delete it.

10. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, secure password hashing, and access controls. However, no method of transmission over the Internet is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights, contact us at:

ToTrain
KVK: 80183719
Email: info@totrain.app