Privacy Policy
Controller
Adam Koch, Weißensteinstr. 44, 58093 Hagen, Deutschland — kontakt@trainhub.fit
Data we process
- Account: name, e-mail, and (for Google sign-in) your Google account identifier.
- Health & fitness data: body measurements, progress photos, and — via Health Connect — steps, heart rate and sleep. Health Connect data is read on your device; a workout heart-rate summary, and a readiness summary (your sleep duration and resting heart rate), are sent to your trainer only if you explicitly choose to share them.
- Training data: workout/nutrition plans and logged sessions.
- Communication: chat messages with your trainer.
- Technical: push notification token and basic logs (security/operation).
Purposes and legal bases (GDPR)
Providing the service — Art. 6(1)(b) (contract). Health/special-category data and progress photos — Art. 9(2)(a) (your explicit consent). Security and abuse prevention — Art. 6(1)(f) (legitimate interest).
Health data & consent
Steps are read on your device via Health Connect and never leave it. From the same on-device data we derive two summaries that are sent to our server — and shown to your trainer — only with your explicit consent: (1) a per-workout heart-rate summary (average/min/max) when you finish a session, and (2) a readiness summary (a score together with your sleep duration and resting heart rate). You decide each time whether to share, and you can withdraw consent at any time; withdrawing deletes the shared readiness from our server.
Sharing and processors
We share data with: your trainer (within the service), Hetzner (hosting and file storage, EU/Germany), Google/Firebase (sign-in and push notifications), Zoho (sending invitation e-mails). We do not sell your data.
International transfers
Files and the database are hosted in the EU (Germany). Google/Firebase may process data outside the EU under appropriate safeguards (Standard Contractual Clauses).
Retention
We keep your data while your account is active and delete it when you delete your account.
Your rights
Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may lodge a complaint with a supervisory authority (e.g. the data protection authority of North Rhine-Westphalia, Germany, or your local authority).
Account and data deletion
In the app: Profile → Delete account. See also our account deletion page.
Children
The service is not intended for persons under 16.
Changes
We may update this policy; the current version is always available here.
Contact
Adam Koch, Weißensteinstr. 44, 58093 Hagen, Deutschland — kontakt@trainhub.fit
Live sessions. When you join a live session with your trainer and connect a Bluetooth heart-rate strap, your heart rate (health data) is sent to our server in real time and shown live to your trainer for the duration of the session. While the session runs, a foreground-service notification keeps the connection active even when your screen is off. After the session we store a heart-rate summary (average and peak heart rate, time spent in heart-rate zones and an estimated calorie burn) as part of the session record. You give consent before connecting the strap each time and can disconnect it at any moment; deleting your account removes this live-session data.