Last updated: January 2025
Athlete Assistant ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service"). Please read this policy carefully.
1. Information We Collect
Information you provide directly
- Account information: When you register, we collect your name and email address.
- Password: Your password is securely hashed using bcrypt and is never stored in plain text.
- Booking requests: When you submit a booking request, we collect the gym name, service tier selected, any notes you provide, and optional discount codes.
Information collected automatically
- Session data: We use session cookies to keep you logged in. Session identifiers are stored in our database and expire automatically.
- Usage data: We may collect information about how you interact with the app, such as gyms viewed and features used, for the purpose of improving the Service.
Information we do NOT collect
- Payment card numbers or bank account details (payments are processed via an external payment link)
- Precise GPS location (the app uses your location only for map display on device; we do not store your coordinates)
- Contacts or media from your device
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Process and fulfil your booking requests
- Send you booking confirmations and service updates via email
- Respond to your support inquiries
- Improve and personalise the Service
- Comply with legal obligations
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
3. How We Share Your Information
We may share your information in the following limited circumstances:
Service providers
- Resend (email delivery): We use Resend to send booking notification emails to our team. Your email address and booking details are transmitted to Resend solely for this purpose. Resend's privacy policy is available at resend.com.
- Neon (database hosting): Our database is hosted by Neon, a PostgreSQL cloud provider. Your data is stored securely in their infrastructure.
- Payment processing: Payments are handled via an external payment link (sendd.store). We do not receive or store your payment card information. Please review sendd.store's privacy policy for details on payment data handling.
Legal requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on Neon's secure cloud infrastructure. We implement industry-standard security measures including:
- Password hashing with bcrypt (industry-standard, salted)
- HTTPS encryption for all data in transit
- Session-based authentication with server-side session storage
- Database credentials stored as environment secrets, not in code
While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your account information for as long as your account is active. Booking request records are retained for operational purposes. If you request deletion of your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your account and associated data
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing of your data in certain circumstances
To exercise any of these rights, please contact us at the address below.
7. Children's Privacy
Athlete Assistant is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete that information promptly.
8. Cookies and Tracking
We use a single session cookie to maintain your login state. This cookie is essential to the operation of the Service and does not track you across other websites. We do not use advertising or analytics tracking cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes your acceptance of the revised policy.
10. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: