Legal

Privacy policy.

Last updated · July 2026

01

Who we are

This Privacy Policy explains how Ewan Norrie, a sole trader trading as GainPT, based in the United Kingdom ("GainPT", "we", "us") collects, uses, and protects personal data when you use gainpt.com and the GainPT platform. For any privacy question, or to exercise your rights, contact us at support@gainpt.com. GainPT is the "data controller" for the personal data described in this policy, except where we act as a "data processor" on behalf of a personal trainer (see section 02).
02

Who this policy covers — trainers and their clients

GainPT is used by two kinds of people, and our role differs for each. Personal trainers (our account holders): when you sign up as a trainer, we are the controller of your account data. Clients of those trainers: when a trainer adds a client and records their test results, measurements, nutrition, or wearable data, the trainer is the controller of that client's data and GainPT acts as their processor — we store and process it on the trainer's instructions to provide the platform. Trainers are responsible for having a lawful basis (including any necessary consent) to put their clients' data into GainPT. If you are a client and want your data corrected or removed, contact your trainer first; you can also contact us at support@gainpt.com.
03

The data we collect

Account & profile — name, email address, and authentication details (via Google Firebase Authentication); business details; your subscription status. Client records — information trainers enter about their clients: name, date of birth, contact details, fitness-test results, body measurements, and training/nutrition information (some of this is health-related data — see section 04). Wearable & activity data — where a trainer or client connects a device (Garmin, Strava, or Apple Health), we import activity and health metrics such as resting heart rate, heart-rate variability, steps, active minutes, energy, distance, sleep, and workouts. Nutrition & body data — weight logs, calorie/macro targets, and meal information where the nutrition features are used. Payment data — when you subscribe, payment is handled by our payment provider (Stripe / Lemon Squeezy); we receive confirmation of your subscription and status; we do not receive or store your full card details. Usage data — basic technical and analytics data to keep the service secure and improve it.
04

Health, fitness and wearable data (special category data)

Fitness-test results, body measurements, and wearable/activity data can constitute health data — a "special category" of personal data under UK GDPR that gets extra protection. Wearables (Garmin / Strava / Apple Health): we only import this data after you explicitly connect the device and authorise it, and only the metrics needed for the feature. We use it for one purpose: to display your activity and fitness metrics to you and your trainer inside GainPT, alongside your test results. We do not sell your activity or health data to anyone. We do not use it for advertising. We share it only with the infrastructure providers needed to run the service (section 06). You can disconnect a device at any time, which stops further import; you can ask us to delete imported data (section 09). Our lawful basis for processing special-category data is your explicit consent, which you can withdraw at any time.
05

How we use your data and our lawful bases

We use personal data to: create and run your account; provide the testing, programme, nutrition, booking, and wearable features; process your subscription; send you service-related messages; keep the platform secure; comply with our legal obligations; and improve the service. Our lawful bases under UK GDPR are: performance of our contract with you; your consent (for wearable/health data and any marketing emails); our legitimate interests (to secure, maintain, and improve the platform, balanced against your rights); and legal obligation (e.g. tax and accounting records).
06

Who we share data with

We share data only with service providers ("sub-processors") who help us run GainPT, under contracts that require them to protect it: Google Firebase (authentication and database hosting); Vercel (application hosting); Cloudflare (content delivery, security, and supporting data services); Stripe / Lemon Squeezy (payment processing); Garmin, Strava, Apple Health (only the wearable data you authorise, imported at your request); Resend (transactional email delivery). We may also disclose data where required by law, or to protect our rights or the safety of others. We do not sell your personal data.
07

International transfers

Some of our providers (e.g. Google Firebase, hosted in the United States) process data outside the UK. Where data is transferred internationally, we rely on appropriate safeguards such as the UK's International Data Transfer Agreement or Standard Contractual Clauses to keep it protected to UK standards.
08

How we keep data secure

We protect personal data with technical and organisational measures, including encryption in transit (HTTPS/TLS) and encryption at rest, access controls, and authentication. Sensitive credentials such as third-party access tokens are additionally encrypted at the field level. No system can be guaranteed 100% secure, but we work to protect your data and to notify you and the regulator of any breach where the law requires.
09

How long we keep data

We keep personal data for as long as your account is active and as needed to provide the service. If you close your account or a trainer deletes a client, we delete or anonymise the associated data within a reasonable period, except where we must retain some information to meet legal, tax, or accounting obligations.
10

Your rights

Under UK GDPR you have the right to: access your data; correct inaccurate data; erase your data; restrict or object to processing; data portability; and to withdraw consent at any time (including disconnecting wearables). To exercise any right, email support@gainpt.com — clients should also contact their trainer, who controls their data. You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO) — ico.org.uk — though we'd appreciate the chance to resolve any concern first.
11

Cookies

We use essential cookies to run the platform (e.g. keeping you signed in) and limited analytics to understand usage and improve the service. You can control cookies through your browser settings; disabling essential cookies may stop parts of the platform working.
12

Children

GainPT is intended for personal trainers and their adult clients. It is not directed at children. Trainers must not enter data about anyone under 18 without an appropriate lawful basis and any consent required from a parent or guardian.
13

Changes to this policy

We may update this policy from time to time. We'll change the "last updated" date above and, for significant changes, take reasonable steps to let you know.
14

Contact

Questions, requests, or complaints about your data: support@gainpt.com. Ewan Norrie, sole trader trading as GainPT · United Kingdom.