Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 1, 2025

This Privacy Policy explains how PeakCoach ("we", "us", or "our"), operated by Florian Schaal as a sole proprietor based in the Netherlands, collects, uses, and protects your personal data when you use our mobile application and related services.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Florian Schaal
Operating as PeakCoach
Email: privacy@peakcoach.app
Website: https://peakcoach.app

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

• Email address (for authentication and communication)
• Full name (optional, for personalization)
• Profile picture (optional)

2.2 Fitness and Health Data

• Age and body weight (for workout personalization)
• Training experience level and fitness goals
• Workout history (exercises, sets, reps, weights)
• Difficulty feedback and perceived exertion
• Pain or discomfort notes
• Body measurements (if provided)

2.3 App Preferences

• Selected coach personality
• Notification preferences and schedules
• Voice prompt settings
• Available training equipment

2.4 Technical Data

• Device information and app version
• Usage analytics (feature usage, screen views)
• Error logs and crash reports

3. How We Use Your Data

We process your personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Providing the workout tracking service	Contract performance
Generating personalized voice coaching	Contract performance
Syncing data across your devices	Contract performance
Sending workout reminders and notifications	Consent
Sending marketing emails about PeakCoach	Consent
Improving our app and services	Legitimate interest
Processing subscription payments	Contract performance

4. Third-Party Services

We share your data with the following third-party service providers who process data on our behalf:

4.1 Supabase (Database & Authentication)

We use Supabase to store your account and workout data securely. Supabase processes data in accordance with GDPR requirements.

Privacy Policy: https://supabase.com/privacy

4.2 PostHog (Analytics)

We use PostHog to understand how users interact with our app. We collect anonymized usage data and feature flag assignments. We do not track individual touches or automatically capture screen views.

Privacy Policy: https://posthog.com/privacy

4.3 OpenAI (Voice Prompt Generation)

We use OpenAI to generate personalized coaching text and convert it to speech. Workout context (exercise names, weights, reps) is sent to OpenAI to create relevant coaching messages. No personally identifiable information beyond your first name is shared.

Privacy Policy: https://openai.com/privacy

4.4 Loops (Email Marketing)

If you join our waitlist or subscribe to our newsletter, your email is stored with Loops for sending product updates and marketing communications.

Privacy Policy: https://loops.so/privacy

4.5 Canny (Feature Requests)

If you submit feature requests or feedback through Canny, your name and email may be stored there.

Privacy Policy: https://canny.io/privacy

4.6 Apple (Payments & Watch Connectivity)

Subscription payments are processed through Apple's App Store. We do not have access to your payment card details. Apple Watch connectivity is used to sync workout data between your iPhone and Watch.

Privacy Policy: https://www.apple.com/privacy

5. Data Storage and Security

5.1 Local Storage

Your workout data is stored locally on your device in an SQLite database. This allows the app to work offline. Local data is not encrypted at rest but is protected by your device's security features (passcode, Face ID, etc.).

5.2 Cloud Storage

Your data is synced to our cloud database (Supabase) to enable multi-device sync and backup. Data in transit is encrypted using TLS. Row-level security ensures you can only access your own data.

5.3 Data Retention

We retain your personal data for as long as your account is active. After account deletion:

• Personal data is deleted within 30 days
• Workout data may be anonymized and retained for analytics purposes (this anonymized data cannot be linked back to you)
• Billing records are retained for 7 years as required by Dutch tax law

6. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at privacy@peakcoach.app. We will respond to your request within 30 days.

7. Data Export

You can request a full export of your personal data by emailing privacy@peakcoach.app. We will provide your data in a commonly used, machine-readable format (JSON or CSV) within 30 days.

8. Cookies and Tracking

Our mobile app does not use cookies. Our website may use essential cookies for functionality. We use PostHog for analytics, which may use local storage to track anonymous usage patterns.

9. Children's Privacy

PeakCoach is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at privacy@peakcoach.app.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for OpenAI and PostHog services). These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Service providers' compliance with data protection frameworks

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice in the app
• Sending an email to your registered address
• Updating the "Last Updated" date at the top of this policy

12. Complaints

If you have concerns about how we handle your data, please contact us first at privacy@peakcoach.app. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: https://autoriteitpersoonsgegevens.nl

13. Contact Us

For any privacy-related questions or requests, please contact: