RGT Coaching
Back

Privacy Policy

Effective date: 18 April 2026 · Version 2026-04-18

1. Who We Are

This Privacy Policy is issued by RGT Coaching (“we”, “us”, “the Coach”), operating online at this domain, based in Ireland. We are the Data Controller for all personal data processed through this platform under the EU General Data Protection Regulation (GDPR) 2016/679 and the Irish Data Protection Acts 1988–2018.

Contact for all data matters: robsgaintrain@gmail.com

2. What Data We Collect

Identity & Account Data

  • Full name, email address, date of birth, gender
  • Profile photo (avatar), timezone, phone number

Health & Fitness Data (Special Category under GDPR Article 9)

  • Body weight, body fat percentage, and body measurements (chest, waist, hips, thighs, biceps, and others)
  • Progress photographs (front, side, and back poses)
  • Daily wellness scores: mood, sleep quality, nutrition compliance, stress levels, training quality
  • Water intake, daily steps, training sessions completed, alcohol consumption, smoking status
  • Sleep duration patterns
  • Injuries, pain, and movement limitations
  • Medical conditions and health history
  • Medications that affect energy, appetite, or recovery
  • Supplement use

Coaching & Programme Data

  • Consultation form responses (goals, lifestyle, preferences, equipment access)
  • Weekly check-in submissions and coaching reviews
  • Coaching notes and professional observations made by the Coach
  • Meal plans, nutritional targets, training plans and exercise prescriptions
  • Habit and goal records

Communications Data

  • Direct messages exchanged between you and the Coach
  • Email notifications (including message previews up to 200 characters, sent via Resend)

Technical Data

  • Login timestamps and session data, last active timestamp, IP address at consent events

3. Why We Collect This Data and Our Legal Basis

Data TypeLegal Basis
Identity & account dataArt. 6(1)(b) — contract performance
Health & fitness dataArt. 9(2)(a) — your explicit consent
Progress photographsArt. 9(2)(a) — your explicit consent
Coaching & programme dataArt. 6(1)(b) — contract performance
Direct messagesArt. 6(1)(b) — contract performance
Technical / session dataArt. 6(1)(f) — legitimate interest (platform security)

We rely on explicit consent for all health data under GDPR Article 9(2)(a). You may withdraw this consent at any time from your Account Settings. Withdrawal does not affect processing before withdrawal, but means we cannot continue delivering health coaching services that depend on that data.

4. Third-Party Processors

We use the following services, each bound by a Data Processing Agreement:

ProcessorPurposeLocation
Supabase, Inc.Database, authentication, file storageEU region
Vercel, Inc.Web hosting and CDNGlobal (SCCs in place)
Resend, Inc.Transactional email notificationsUS (SCCs in place)
Stripe, Inc.Payment processing and subscription managementUS (SCCs in place)

We do not sell your data to any third party. We do not use your health data for advertising.

5. International Data Transfers

Where processors operate outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Retention Periods

Data TypeRetention Period
Account & identity dataDuration of coaching + 12 months
Health data (weight, measurements, scores)Duration of coaching + 12 months
Progress photographsDuration of coaching; deleted within 30 days of contract end on written request
Consultation form dataDuration of coaching + 12 months
Direct messages24 months from date of message
Check-in historyDuration of coaching + 12 months
Coaching notesDuration of coaching + 24 months
Technical / session logs90 days
Consent records6 years from date of consent (legal obligation)

7. Your Rights Under GDPR

You may exercise any of the following rights at any time by contacting robsgaintrain@gmail.com or using Account Settings:

  • Right of Access (Art. 15) — receive a copy of all data we hold within 30 days
  • Right to Rectification (Art. 16) — correct inaccurate data
  • Right to Erasure (Art. 17) — request deletion of your account and data
  • Right to Portability (Art. 20) — receive your data in JSON format
  • Right to Restrict Processing (Art. 18) — pause processing while a dispute is resolved
  • Right to Object (Art. 21) — object to processing based on legitimate interest
  • Right to Withdraw Consent — withdraw health data consent at any time (will terminate coaching services)
  • Right to Complain — lodge a complaint with the Data Protection Commission (DPC), Ireland

We respond to all data rights requests within 30 days.

8. Data Security

We implement the following technical and organisational measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS) on all connections
  • Authentication via Supabase Auth with industry-standard password hashing
  • Session security via httpOnly secure cookies
  • Database-level access controls ensuring you can only access your own data
  • Private storage for progress photographs with access restricted to your account and the Coach

9. Cookies

This platform uses only technically necessary session cookies required for authentication and security. No tracking, advertising, or analytics cookies are used. See our Cookie Policy.

10. Children

This platform is not intended for persons under 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy. You will be notified by email and prompted to review changes at next login. For material changes to health data processing, fresh explicit consent will be requested.

12. Contact

Data Controller: RGT Coaching
Email: robsgaintrain@gmail.com
Data Protection Commission of Ireland