OpenTrainFlow ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. It applies to the OpenTrainFlow website and applications (collectively, "the Service").
Account information: When you register, we collect your email address and the name you choose to provide. We do not require your legal name.
Workout and health data: Data you voluntarily log, including workout sessions, exercises, sets, reps, weight, duration, distance, body weight measurements, and heart rate information.
Usage data: Information about how you interact with the Service, such as pages visited, features used, and error logs. This data is used to improve the Service and diagnose issues.
Payment information: We do not store your payment details. All payments are processed by Paddle.com Market Limited. We receive only a transaction reference and subscription status from Paddle.
Device information: Browser type, operating system, and IP address, collected automatically for security and analytics purposes.
We do not use your workout or health data for advertising purposes, and we do not sell your personal data to third parties.
Your data is stored on Supabase (PostgreSQL), hosted on infrastructure provided by Amazon Web Services. Data is encrypted in transit (TLS) and at rest. We apply role-based access controls so that only your account can access your personal data.
While we take reasonable technical and organisational measures to protect your data, no system is completely secure. We encourage you to use a strong, unique password for your account.
We use the following third-party services to operate the platform:
These services may process your data in accordance with their own privacy policies. We select services that meet adequate data protection standards.
We use strictly necessary cookies and local storage tokens for session management and authentication. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but doing so may prevent you from logging in.
We retain your account and workout data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g. billing records, which Paddle retains per their legal obligations).
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
Our infrastructure providers may process data in countries outside your own, including the United States. Where such transfers occur, we rely on appropriate safeguards (such as Standard Contractual Clauses) to ensure your data remains protected.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.
For privacy-related questions or requests, contact us at [email protected].