Legal

Privacy Policy

Effective date: February 24, 2026  ·  Last updated: February 24, 2026

1. Introduction

MyChom ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the MyChom Trainer app, the MyChom client app, and our website (collectively, the "Services").

Please read this policy carefully. By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

This policy applies to all users — both personal trainers and their clients — and covers all platforms on which MyChom operates (iOS, Android, and web).

2. Data We Collect

We collect information in the following categories:

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Profile photo (optional)
  • Role (trainer or client)
  • For trainers: business name, working hours, cancellation policies, and professional information

2.2 Health & Fitness Data

With your explicit permission, we may access the following from Apple Health or Google Health Connect:

  • Step count and distance
  • Heart rate and resting heart rate
  • Active and resting calories burned
  • Body weight and body mass index (BMI)
  • Sleep data
  • Exercise and workout records

Health data permissions are requested at the time of integration and can be revoked at any time through your device's privacy settings.

2.3 Session & Training Data

  • Scheduled and completed session records
  • Trainer notes and progress observations
  • Client measurements and progress milestones
  • Workout logs and performance data
  • Session attendance and cancellation history

2.4 Financial Data

  • Invoice records and payment status
  • Subscription billing information (processed by Apple App Store or Google Play — we do not store full payment card details)
  • Revenue data visible to trainer accounts

2.5 Device & Usage Data

  • Device type, operating system, and app version
  • Push notification tokens
  • In-app activity and feature usage (to improve the Services)
  • Crash reports and diagnostic data

2.6 Communications

  • Messages sent between trainers and clients within the app
  • Support requests sent to our team

3. How We Use Your Data

We use the information we collect to:

  • Provide the Services — create and manage your account, enable scheduling, invoicing, and progress tracking
  • Improve the Services — analyse usage patterns, identify bugs, and develop new features
  • Communicate with you — send session reminders, invoice notifications, account alerts, and product updates
  • Process subscriptions — manage trainer subscription billing and renewals
  • Ensure security — detect, prevent, and address fraud, abuse, and unauthorised access
  • Comply with legal obligations — respond to lawful requests from authorities where required

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Health & Fitness Data

We treat health data with the highest level of care. Specifically:

  • Health data is only accessed when you have granted explicit permission through your device's operating system
  • Health data is used exclusively to display your fitness metrics within the app and to provide context for your training programme
  • Health data is never sold, shared with advertisers, or used for marketing
  • Health data is never shared with your trainer without your knowledge — data visible to your trainer is clearly indicated within the app
  • You can revoke health data access at any time through iOS Settings → Privacy & Security → Health, or Android Settings → Privacy → Health Connect

MyChom's use of health data complies with Apple's HealthKit guidelines and Google's Health Connect requirements. Health data is not used for any purpose incompatible with these guidelines.

5. Data Sharing

5.1 Between Trainers and Clients

The MyChom platform is designed to facilitate a relationship between trainers and clients. As such, certain data is intentionally shared within this relationship:

  • Trainers can view their linked clients' session history, progress notes, measurements, and selected health metrics
  • Clients can view session schedules, trainer notes shared with them, and invoices issued by their trainer
  • Neither party can access data beyond what is shown within the app interface

5.2 Service Providers

We share data with trusted third-party service providers who help us operate the Services. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf. See Section 6 for a list of key providers.

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights or the safety of users or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and your choices regarding your data.

6. Third-Party Services

MyChom uses the following key third-party services to operate. Each has its own privacy policy:

Supabase Authentication and database infrastructure. Stores your account information and app data securely.
Apple HealthKit Health data integration on iOS. Governed by Apple's privacy practices and your iOS privacy settings.
Google Health Connect Health data integration on Android. Governed by Google's privacy practices and your Android privacy settings.
Firebase Cloud Messaging (FCM) Push notification delivery. FCM may process your device token to route notifications.
Apple App Store / Google Play Store App distribution and subscription billing. Payment processing is handled entirely by Apple or Google.

7. Push Notifications

MyChom uses push notifications to send session reminders, invoice alerts, and other time-sensitive information. Notification permissions are requested when you first use the app and can be managed through your device's notification settings at any time.

To deliver notifications, we store your device's push notification token. This token is associated with your account and is used solely for sending notifications. It is not used for tracking or advertising.

8. Biometric Data

MyChom offers biometric authentication (Face ID, Touch ID, fingerprint) as a convenient way to log in to your account. This feature is entirely handled by your device's operating system (iOS or Android).

MyChom never accesses, processes, stores, or transmits your biometric data. The app simply receives a pass/fail result from the OS-level authentication. All biometric data remains on your device at all times.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Services. Specifically:

  • Account data — retained while your account is active and for a reasonable period following deletion to comply with legal obligations
  • Session and training data — retained for the duration of the trainer-client relationship and available for export before account deletion
  • Invoice data — retained for a minimum of 7 years to meet standard financial record-keeping requirements
  • Health data — retained only while you have authorised the integration; revoked health permissions will result in deletion of associated data

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

10. Security

We take the security of your data seriously and implement industry-standard safeguards, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of data at rest
  • Secure authentication powered by Supabase with JWT tokens
  • Access controls limiting who within our organisation can access personal data
  • Regular security assessments and dependency updates

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify affected users as required by applicable law.

11. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request that we limit how we process your data in certain circumstances
  • Objection — object to our processing of your data where we rely on legitimate interests
  • Withdraw consent — withdraw any consent you have given at any time, including health data permissions

To exercise any of these rights, contact us at privacy@mychom.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

11.1 Data Export

The MyChom Trainer app includes a data export feature (CSV format) that allows trainers to export client and session data at any time. We encourage you to export your data before deleting your account.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that information promptly.

If you believe we may have collected information from a child, please contact us at privacy@mychom.app.

13. International Data Transfers

MyChom is operated from [Country]. Your personal data may be processed and stored in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place — such as standard contractual clauses or equivalent protections — to maintain the security and integrity of your data in accordance with applicable data protection laws.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that your data may be transferred to and processed in countries that may not provide the same level of data protection as your home country. We take steps to ensure your data receives an adequate level of protection wherever it is processed.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app, via email, or by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Services after any changes become effective constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

MyChom — Privacy Team

Email: privacy@mychom.app

Support: support@mychom.app

For data protection enquiries from EEA/UK residents, you may also contact your local data protection authority.