Privacy Policy

Effective Date: January 1, 2024

Last Updated: January 1, 2024

AI Trainer Assistant ("we," "our," or "us") operates the website https://trainersedge-fit.web.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered fitness training platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Authentication Data: Email address, password (encrypted), and authentication tokens
• Profile Information: Display name, profile picture (if provided via Google OAuth)
• Google OAuth Data: Name, email, and profile picture when you sign in with Google
• Account Activity: Login history, account creation date, and usage patterns

1.2 Trainer Business Information

To provide professional services, we collect:

• Business Details: Trainer/business name, email, phone number, business address, website
• Branding Assets: Business logos and images (stored as base64 data, maximum 5MB)
• Professional Settings: Training preferences, default settings, and customization options

1.3 Client Health and Fitness Data

We collect comprehensive client information to generate personalized AI plans:

• Basic Information: Name, email, phone number, date of birth, gender
• Physical Statistics: Current weight, goal weight, height, body fat percentage, body measurements
• Fitness Goals: Specific objectives, activity level, training frequency, workout duration preferences
• Health Information: Medical conditions, medications, dietary restrictions, emergency contact details
• Additional Notes: Personal preferences, special requirements, and trainer notes

1.4 Content and Usage Data

We collect information about your use of our platform:

• Favorite Content: Workout routines, meal plans, and instructional videos you save
• AI-Generated Plans: Workout and meal plans created by our AI system
• Usage Analytics: Feature usage, subscription limits, PDF generations, and performance metrics
• Communication Data: Emails and SMS messages sent through our platform
• Form Submissions: Data from client intake forms and feedback

1.5 Technical Information

We automatically collect certain technical information:

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, features used, and interaction patterns
• Log Data: IP addresses, access times, error logs, and performance data
• Cookies and Tracking: Session cookies, authentication tokens, and preference settings

2. How We Use Your Information

2.1 Service Provision

• Generate personalized AI-powered workout and meal plans
• Manage client relationships and communication
• Process payments and manage subscriptions
• Provide customer support and technical assistance
• Send important service notifications and updates

2.2 AI Content Generation

We use your data to power our AI system:

• Analyze client information to create personalized fitness plans
• Incorporate your favorite workouts and meals into AI recommendations
• Generate branded PDF documents with your business information
• Improve AI accuracy through machine learning and pattern recognition

2.3 Communication and Marketing

• Send transactional emails (confirmations, receipts, service updates)
• Deliver SMS notifications and form links to clients
• Provide marketing communications (with your consent)
• Send important legal and policy updates

2.4 Platform Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Conduct research and analytics (using anonymized data)
• Ensure platform security and prevent fraud

3. Information Sharing and Disclosure

3.1 Third-Party Service Providers

We share information with trusted third-party services essential to our platform:

Firebase (Google Cloud)

• Authentication: User account management and security
• Database: Secure data storage and real-time synchronization
• Cloud Functions: Backend processing and email verification
• Analytics: Usage tracking and performance monitoring

Stripe

• Payment Processing: Subscription billing and payment management
• Customer Data: Billing information and subscription status
• Financial Records: Transaction history and payment methods

OpenAI

• AI Processing: Client data and preferences for plan generation
• Content Creation: Workout and meal plan generation
• Data Format: Anonymized and structured data for AI analysis

Communication Services

• SendGrid: Email delivery and management
• Twilio: SMS delivery and phone number management

Content Platforms

• YouTube/Vimeo: Instructional video hosting and embedding

3.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, or safety, or that of our users
• Investigate potential violations of our Terms of Service
• Prevent fraud, abuse, or illegal activities

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit and at rest using TLS 1.3 and AES-256
• Access Controls: Role-based access with multi-factor authentication
• Firebase Security: Comprehensive security rules and authentication
• Regular Audits: Security assessments and vulnerability testing
• Secure Infrastructure: Google Cloud Platform with enterprise-grade security

4.2 Data Isolation

• User data is isolated and accessible only to authorized account holders
• Client data is protected by trainer-specific access controls
• Anonymous form access uses secure token-based authentication
• API keys and sensitive credentials are properly managed and rotated

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access: View and download your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your information

5.2 Communication Preferences

• Opt out of marketing emails (transactional emails will continue)
• Manage SMS notification preferences
• Control cookie settings through your browser
• Update notification preferences in your account settings

5.3 Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations and resolve disputes
• Improve our services and develop new features
• Prevent fraud and ensure platform security

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Certification under recognized privacy frameworks

7. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Equal service regardless of privacy choices

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

• Lawful Basis: We process your data based on contract performance, legitimate interests, and consent
• Data Protection Officer: Contact us for privacy-related inquiries
• Supervisory Authority: Right to lodge a complaint with your local data protection authority

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices in our application

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.