1. Scope
This policy covers 37 Training accounts, mobile app features, website pages, coaching workflows, messaging, uploads, support, subscriptions, AI-assisted programming, and related backend services.
Coaches and organizations are responsible for the client information they choose to enter, invite, upload, message, or submit to AI-assisted features through the service.
2. Information we collect
Account and identity information: name, email address, user ID, role, account status, verification status, pending email changes, invite details, authentication metadata, and account deletion status.
Coach profile and business information: display name, business name, bio, contact email, website URL, branding, logo, header image, accent color, plan, subscription status, billing email, and roster limits.
Client and coaching information: client names, email addresses, invite codes, coach-client relationships, assigned programs, exercise libraries, templates, workout presets, sessions, set logs, RPE, pain feedback, notes, adherence signals, history, and coach notes.
Messaging and support information: direct messages, group or announcement messages, attachments, message reports, blocks, support tickets, support messages, internal support notes, bug reports, safety reports, and related context.
Media and files: profile images, branding images, support attachments, message attachments, and form review videos, including file type, size, storage path, download URL, and related session or exercise metadata.
AI information: prompts, source text, uploaded or pasted program material, generated drafts, validation reports, summaries, warnings, usage records, token or credit counts, job status, and AI draft history.
Billing and purchase information: plan, billing interval, subscription provider, product identifiers, entitlement identifiers, renewal status, billing issue flags, subscription period dates, purchase or restore status, and credit grants. We do not store full payment card numbers.
Device, usage, and technical information: device platform, app version, push notification tokens and preferences, logs, error information, timestamps, security signals, server request data, and usage patterns needed to operate and protect the service.
Website and contact information: information submitted through website forms, support email, deletion requests, and basic technical information created when pages are requested.
3. How we collect information
We collect information directly from users, from coaches or organizations that invite or manage clients, from app and website activity, from support communications, from uploaded files and media, from subscription providers, and from service providers that help us operate the service.
4. How we use information
We use information to create and secure accounts, verify email addresses, connect coaches and clients, show assigned training, save workout logs, display history, support messages, process uploads, provide support, send service communications, manage subscriptions, calculate AI credits, and operate account deletion.
We also use information to prevent abuse, enforce rules, troubleshoot bugs, maintain audit records, improve product reliability, respond to legal requests, and protect users and the service.
5. AI processing
When you use AI-assisted programming, relevant prompts, source text, program structure, exercise details, conversation history, files, and context may be sent to an AI provider to generate, validate, summarize, or repair output.
AI providers process this information on our behalf to provide the feature, comply with law, enforce safety policies, and prevent abuse. OpenAI states that customer content submitted through its business services is not used to develop or improve OpenAI services unless the customer explicitly agrees.
Do not include sensitive client information in AI prompts unless it is necessary for the coaching task and you have the right and consent to use it.
6. Service providers
We use providers for cloud hosting, authentication, database, storage, serverless functions, push notifications, transactional email, support, messaging, subscriptions, in-app purchases, AI processing, analytics, security, app distribution, and operational tooling.
Current or planned providers may include Google Firebase and Google Cloud, OpenAI, RevenueCat, Apple, Stream, Intercom, Resend, Expo, and related infrastructure providers. Providers may process information as needed to provide their services to us, comply with law, and protect their systems.
7. How information is shared
Coaches can see information about clients connected to their workspace, including client profile details, assigned training, logs, notes, pain feedback, messages, and uploaded media. Clients can see their own training, logs, messages, and relevant coach or workspace information.
Support or admin users may access account, billing, support, message, media, report, and audit context when needed to provide support, investigate abuse, enforce terms, debug the service, or protect users.
We may share information with service providers, comply with law or legal process, protect rights and safety, investigate fraud or abuse, complete business transfers, or act at your direction or with your consent.
We do not sell personal information and do not use personal information for third-party advertising tracking.
8. Health and fitness information
Workout logs, pain notes, RPE, form videos, coach notes, and related content may reveal health or fitness information. 37 Training is not intended to be used as a HIPAA-covered medical record system unless we have signed a separate written agreement that expressly permits that use.
Coaches are responsible for getting any consent required to enter, upload, message, or process client health, fitness, injury, or minor-related information.
If 37 Training experiences a security incident involving health-related information, we will evaluate applicable breach notification obligations, including federal and state requirements that may apply to health apps or personal health records.
9. Children and minors
37 Training is not directed to children under 13. Do not create an account for a child under 13 or submit information collected directly from a child under 13 unless a legally valid exception or consent process applies.
Coaches and organizations are responsible for obtaining any required parent, guardian, school, team, or client consent before inviting minors or entering information about them.
If you believe a child provided information without required consent, contact us so we can review and delete it where appropriate.
10. App permissions and privacy labels
The app may request permissions such as photos, camera, files, or notifications only when needed for app features such as profile images, branding, support attachments, message attachments, form review videos, or service alerts.
Apple requires developers to disclose data collection practices, including data collected by integrated third-party partners. 37 Training should disclose all collected data types accurately in App Store Connect and keep those answers current as features or providers change.
Messaging, free-form notes, uploaded images and videos, workout data, health or fitness details, purchases, identifiers, diagnostics, and support content may require App Store privacy label disclosure depending on how each feature is enabled.
11. Retention
We keep account, trainer, client, program, workout, message, support, billing, AI usage, and audit records while needed to provide the service, comply with law, resolve disputes, maintain security, and support business operations.
Form review videos are designed for short-term review and are currently scheduled for deletion after 14 days. AI draft history is limited and currently pruned after 30 days or 50 records per trainer where implemented.
Account deletion starts a 30-day recovery period. After that, deletion may remove or de-identify account data and associated app records unless retention is needed for legal, billing, security, fraud-prevention, audit, dispute, backup, or operational reasons.
Backups and provider logs may retain limited information for a period after deletion until they expire under normal retention cycles.
12. Security
We use technical and organizational safeguards including authenticated access, role-aware permissions, Firebase security rules, server-side functions, storage limits, audit records, logging, and provider security controls.
No online service is perfectly secure. You are responsible for using a strong password, protecting your device, limiting who can access your account, and limiting what you submit to the service.
13. Notifications and communications
We may send account verification codes, password reset codes, support replies, billing notices, service messages, security notices, and optional push or email notifications. You can adjust supported notification preferences in the app.
Some transactional messages are required for account security or service operation and may still be sent even if optional notifications are disabled.
14. Your choices and rights
You may request access, correction, export, deletion, or support by using in-app account tools or contacting 37trainingsupport@gmail.com. Available rights depend on your location and applicable law.
You can schedule account deletion in the app. You can also request deletion through the website deletion page or support email. We may need to verify your identity before completing certain requests.
If you bought a subscription through Apple, account deletion does not cancel your App Store subscription. Manage cancellation through your Apple account subscription settings.
15. International use
The initial launch is intended for the United States. If you use the service from another region, your information may be processed in the United States and other locations where we or our providers operate.
16. Changes
We may update this Privacy Policy as the product, providers, data practices, or legal requirements change. Updated versions will be posted with a new effective date.
17. Contact
Privacy questions and requests can be sent to 37trainingsupport@gmail.com.