Privacy Policy

Welcome to CorePT ("we," "our," or "us"). We are committed to protecting your privacy and providing you with a secure experience. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using CorePT, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use our services.

2.1 Information You Provide

2.2 Information Collected Automatically

When you use our platform, we automatically collect certain information:

• IP address and approximate location
• Device type, operating system, and browser
• Date and time of access
• Pages viewed and features used
• Referring website or source
• Actions taken within the application

2.3 Information from Third Parties

We may receive information from:

• Authentication providers: If you sign in using Google or other social login
• Payment processors: Transaction status and payment confirmations from Stripe
• Trainers: If you are a client, your trainer may add information about you

We use your information for the following purposes:

3.1 Service Delivery

• Providing, maintaining, and improving our services
• Processing transactions and managing your account
• Facilitating communication between trainers and clients
• Tracking workout progress and generating reports
• Personalizing your experience

3.2 Communication

• Sending service updates and notifications
• Responding to your inquiries and support requests
• Sending marketing communications (with your consent)

3.3 Security & Compliance

• Protecting against fraudulent or unauthorized activity
• Monitoring for security threats
• Complying with legal obligations
• Enforcing our Terms of Service

3.4 Legal Basis (GDPR)

For users in the European Economic Area (EEA) and UK, we process your data based on:

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Trainer-Client Relationship

When a client accepts a trainer's invitation, we share relevant fitness data and profile information between the trainer and client to facilitate the training relationship. Trainers can see their clients' workout logs, progress, and profile information.

Important: Trainers are independent professionals and act as separate data controllers for their clients' personal data. Trainers are responsible for their own compliance with data protection laws and for obtaining any necessary consents from their clients. CorePT provides the platform but is not responsible for how trainers use or protect client data beyond the security measures we implement.

4.2 Service Providers

We use trusted third-party services to operate our platform:

4.3 Legal Requirements

We may disclose your information if required by law, such as:

• To comply with a legal process or government request
• To protect our rights, privacy, safety, or property
• To enforce our Terms of Service
• In connection with an investigation of suspected fraud

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice before your information is transferred and becomes subject to a different privacy policy.

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

We implement appropriate technical and organizational measures to protect your personal information:

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities in accordance with legal requirements. We will provide information about the nature of the breach, the data affected, and steps we are taking to address it. Notifications will be made without undue delay and, where required by law, within 72 hours of discovery.

6.2 Security Best Practices

We recommend that you:

• Use a strong, unique password for your account
• Enable two-factor authentication when available
• Keep your login credentials confidential
• Log out when using shared devices
• Report any suspected security issues to us immediately

We use cookies and similar tracking technologies to enhance your experience on our platform.

7.1 Types of Cookies We Use

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our platform.

7.3 Do Not Track

Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals, but we limit tracking to what is necessary for our services.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

9.1 Where We Process Data

Our primary data processing occurs in the European Union and United States through our service providers. We ensure appropriate safeguards are in place for international transfers.

9.2 Safeguards

For transfers from the EEA/UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to third countries
• Data Processing Agreements (DPAs) with our service providers that meet GDPR requirements
• Adequacy decisions where applicable
• Additional security measures and transfer impact assessments as appropriate

A list of our current subprocessors and their locations is available upon request by contacting dpo@corept.app.

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16.

If you become aware that a child has provided us with personal information, please contact us at privacy@corept.app, and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification for significant changes

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any modifications indicates your acceptance of the updated policy.