Privacy Policy
1. Introduction
Welcome to Peak Shape Training ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Peak Shape Training mobile application ("the App").
By creating an account and using the App, you agree to the practices described in this policy.
2. Information We Collect
2.1 Account & Identity Information
When you register or accept a coach invitation, we collect:
- Full name (first and last)
- Email address
- Password (stored as a one-way bcrypt hash — we never store your plaintext password)
- Terms of Service acceptance date and version
If you sign in with Apple or Google, we receive a unique identifier from those services (not your password) and, where available, your name and email address.
2.2 Health & Fitness Data
When you use the App to train, we collect:
- Body weight and preferred weight unit (lbs/kg)
- Date of birth (for athlete profile)
- Workout sessions — exercises performed, sets, reps, and weight lifted
- Lift history — a complete log of every set you have recorded
- Personal records — your heaviest lift, estimated 1-rep max, and volume records per exercise, calculated automatically from your logs
This data is used solely to power your workout tracking and progress features.
2.3 Device Information
- Push notification token — collected when you grant notification permissions, used only to deliver workout reminders and coach messages to your device
2.4 Communications
- Coach-to-athlete messages sent through the in-app messaging feature
- Exercise notes — notes exchanged between you and your coach during a workout session
- Community posts, comments, and reactions posted to your gym's feed
2.5 Relationship Data
- Coach-athlete link — the association between your account and your coach's account
- Invitation records — when a coach invites an athlete by email, we temporarily store the invitee's email address and invitation status until the invitation is accepted or expires (72 hours)
3. How We Use Your Information
We use the information we collect only to operate and improve the App:
| Purpose | Data Used |
|---|---|
| Account creation and authentication | Name, email, password hash |
| Workout tracking and progress visualization | Workout sessions, lift history, PRs, body weight |
| Coach-athlete communication | Messages, exercise notes |
| Sending transactional emails | Email address (welcome, password reset, invitations) |
| Push notifications | Notification token |
| Community feed | Posts, comments, reactions |
| Platform integrity (admin actions) | Audit log of account changes |
We do not use your information for advertising, sell it to third parties, or use it to build advertising profiles.
4. Third-Party Services
We work with the following third-party services to operate the App. Each has its own privacy policy.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Apple Sign-In (Apple Inc.) | Social authentication | apple.com/legal/privacy |
| Google Sign-In (Google LLC) | Social authentication | policies.google.com/privacy |
| Railway (Railway Corp.) | Cloud hosting and database | railway.app/legal/privacy |
| Gmail SMTP (Google LLC) | Transactional email delivery | policies.google.com/privacy |
We do not use Google Analytics, Facebook SDK, advertising networks, or any tracking technology.
5. Data Storage and Security
- All data is stored in a PostgreSQL database hosted on Railway's cloud infrastructure.
- Data is encrypted in transit using TLS/HTTPS on all connections.
- Passwords are hashed using bcrypt (cost factor 12) and are never stored in recoverable form.
- Authentication uses short-lived JWT access tokens (15 minutes) and rotating refresh tokens (7 days).
- We implement rate limiting on all authentication endpoints to protect against brute-force attacks.
- Apple identity tokens are cryptographically verified against Apple's published public keys before any account action is taken.
6. Data Retention
We retain your data for as long as your account is active. When you delete your account:
- Your user record, profile, workout sessions, lift history, and all associated data are permanently deleted.
- Deletion is irreversible and cannot be undone.
Invitation records expire automatically after 72 hours if not accepted.
7. Your Rights
Delete Your Account
You can permanently delete your account and all associated data directly within the App: Profile → Delete Account
Export Your Data
You can request a copy of your personal data by contacting us at support@peakshapetraining.com or by using the in-app data export feature (Profile → Export My Data).
Correction
If any information we hold about you is inaccurate, you can update it through the App (Profile → Edit Profile) or contact us directly.
Opt Out of Push Notifications
You can disable push notifications at any time through your device's system settings (iOS: Settings → Notifications → Peak Shape Training; Android: Settings → Apps → Peak Shape Training → Notifications).
8. Children's Privacy
Peak Shape Training is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@peakshapetraining.com and we will delete it promptly.
9. Colorado Privacy Rights
If you are a Colorado resident, you may have additional rights under the Colorado Privacy Act (CPA), including the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of the sale of personal data. We do not sell personal data. To exercise your rights, contact us at support@peakshapetraining.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will notify you via the App or by email. Continued use of the App after changes take effect constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us:
Peak Shape Training
Email: support@peakshapetraining.com
Website: peakshapetraining.com