Trainloom app icon Trainloom Training app Download
Privacy

Privacy notice for Trainloom.

Last updated 20 April 2026.

Who we are

Trainloom is the controller of the personal data described in this notice for the Trainloom app and the public Trainloom website, unless we clearly say otherwise for a specific feature or service.

Privacy contact: [[EMAIL WILL BE ADDED HERE]]

What this notice covers

This notice explains what personal data Trainloom processes, why we process it, how long we keep it, who we share it with, and your rights under UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Trainloom is a local-first training app. Most data is stored on your device first. If you use an account and cloud features, only the supported sync data is also processed through our authentication and sync providers. Some data is processed only on your device and does not currently form part of cloud sync.

What we collect

Important: not everything listed below is sent to Supabase or included in cloud sync. Some data is processed only on your device as part of the app's local-first design.

1. Account and sign-in data

  • Email address.
  • Password handled through our authentication provider.
  • Display name and avatar emoji.
  • Authentication metadata such as account identifiers, session tokens, refresh tokens, and sign-in state.
  • Email confirmation and password reset flow data.

2. Profile and onboarding data

  • Age, age-check status, and the date your current age was verified.
  • If you enter your date of birth during onboarding, it is used for the age check and is not retained afterwards.
  • Name, gender selection, units, and preferences.
  • Height, weight, fitness goal, activity level, training experience, preferred training days, wake time, bed time, and resting heart rate.
  • Calculated targets such as calories, protein, fat, carbs, water, step goals, and sleep targets.
  • Optional baseline data such as waist baseline and typical daily steps.

3. Training, nutrition, and progress data

  • Workout plans, workout schedules, exercise templates, completed sessions, set logs, PRs, achievements, and related notes.
  • Daily check-ins including weight, waist, calories, protein, water, steps, sleep, habits, mood, energy, and free-text notes.
  • Meal templates, meal logs, macro totals, and nutrition adjustment history.
  • Body measurements and progress trends.

4. Local-only items not currently included in cloud sync

  • Photos you choose to take with the camera or pick from your photo library, stored locally on your device.
  • Photo category, timestamp, week number, and any notes linked to the photo, stored locally alongside the photo entry.
  • Progress photo files and their local photo entries are not currently included in cloud sync.
  • User-created goal entries and deadlines are also currently stored locally and not included in cloud sync.
  • Temporary cached photo files created only when you choose to preview or share a photo.

5. Optional device and health data

  • On iOS, if you grant permission, Trainloom can read your Apple Health step count.
  • On supported iOS devices, Trainloom can use device authentication such as Face ID, Touch ID, or passcode for App Lock.
  • On iOS, the app can show Live Activities for things like rest timers.

6. Barcode lookup and product search data

  • If you scan a barcode, the camera preview is processed on-device.
  • After a successful scan, the barcode number itself is sent to barcode lookup providers so we can find the product and nutrition data.
  • If you save the result, the product name, brand, and nutrition values are stored in your meal logs or templates.

7. Website and technical data

  • If you use the website, our hosting and delivery providers may process standard technical request data such as IP address, browser, device type, and timestamps to serve and secure the site.
  • The current website also requests typography from Google Fonts, which means Google may receive standard browser request data when the site loads.
  • Within the app, Trainloom also stores limited non-secret preferences such as display name, avatar, last sync time, app settings, and feature toggles.

Health-related and other sensitive data

Much of Trainloom’s core functionality involves health-related information. Depending on how you use the app, this can include weight, measurements, nutrition, step count, sleep, mood, energy, workout performance, resting heart rate, and progress photos. Under UK data protection law, some of this may be special category personal data because it concerns your health.

How we use your data

  • To create and manage your account, sign you in, keep you signed in, and help you reset your password.
  • To personalise the app using your onboarding choices and profile data.
  • To let you log workouts, meals, measurements, check-ins, photos, and goals.
  • To calculate targets, trends, readiness scores, weekly reviews, PRs, and other in-app summaries.
  • To provide local storage, export, import, and supported backup/sync functionality.
  • To let you scan barcodes and look up food data.
  • To support app security, account protection, rate limiting, debugging, and abuse prevention.
  • To comply with legal obligations and respond to lawful requests where required.

Our lawful bases

We rely on the following UK GDPR bases depending on the data and feature involved:

  • Contract: to provide the app and account features you ask us for, including sign-in, profile setup, core logging, sync, restore, exports, and account management.
  • Explicit consent: for health-related or other special category data that you choose to enter, sync, or enable in optional features, such as Apple Health step import and progress photos.
  • Legitimate interests: for service security, fraud prevention, abuse prevention, session integrity, product maintenance, and limited operational logging.
  • Legal obligation: where we must keep or disclose information to comply with applicable law.

If we rely on consent, you can withdraw it by deleting the relevant data, turning off the relevant permission, stopping use of the feature, or deleting your account. Withdrawal does not affect processing already carried out before withdrawal.

Important product-specific points

  • Trainloom currently requires an account to use the app.
  • Session tokens and similar secrets are stored in the device’s secure storage where available.
  • Current cloud sync stores one account-linked snapshot and replaces it when you sync again.
  • Current cloud sync covers profile, workouts, exercise logs, check-ins, measurements, PRs, meals, achievements, plan data, and nutrition adjustments.
  • Current cloud sync does not include progress photos, local photo entries, or user-created goal entries and deadlines.
  • Privacy law still applies to local-only data the app stores or uses on your device, even where that data is not sent to Supabase.
  • JSON and CSV export tools are provided in the app, but they are not guaranteed to be a complete mirror of every locally stored asset.

Who we share data with

  • Supabase: for authentication, password reset flows, email confirmation, and supported cloud backup/sync of the data categories listed above that are currently included in sync.
  • Open Food Facts and USDA FoodData Central: when you use barcode lookup.
  • Platform providers and operating system services: for permissions, secure storage, device authentication, share sheets, camera, photo picking, and similar device functionality.
  • Website infrastructure providers: for hosting, delivery, security, and font loading when you use the site.
  • Other recipients you choose: if you export or share data, files, or photos using your device’s native share tools.

We never sell your personal data. We do not use third-party advertising SDKs in the app.

International transfers

Some of our service providers or infrastructure providers may process personal data outside the UK. Where that happens, we intend to use appropriate safeguards required by UK data protection law, such as adequacy regulations or contractual safeguards.

How long we keep data

  • Account and cloud sync data is kept while your account remains active, unless a longer period is required by law.
  • Local app data stays on your device until you delete it, reset the app, or remove the app.
  • The current cloud sync snapshot is replaced when you sync again and is removed when your account is deleted.
  • Temporary share or export files stored in cache are intended to be deleted after sharing or during cache clean-up.
  • If you delete your account through the app, Trainloom is designed to delete your cloud account and cloud backup, and then clear local data on that device.

Security

We use a mixture of local app storage, secure storage for secrets where supported, account authentication, and service-side access controls to protect personal data. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

Automated calculations and in-app guidance

Trainloom generates calculations and suggestions such as calorie targets, macro targets, readiness scores, workout guidance, and weekly review summaries. These features are intended for fitness tracking and self-management. Trainloom does not currently use solely automated decision-making that has legal or similarly significant effects on you.

Your rights

Depending on the circumstances, you may have the right to:

  • be informed about how your data is used;
  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data;
  • request restriction of processing;
  • object to certain processing based on legitimate interests;
  • request portability of data you provided to us; and
  • withdraw consent where we rely on consent.

To exercise these rights, contact us using the details published on this page. We may need to verify your identity before acting on a request.

Complaints

Please contact us first using the details on this page if you have a privacy concern. If you are unhappy with our response, you can complain to the UK Information Commissioner’s Office (ICO).

Children

Trainloom is intended only for adults aged 18 and over. The app includes an age gate during onboarding and is not designed for children.

Changes to this notice

We may update this notice from time to time. When we do, we will update the date shown at the top of the page.