Privacy policy.

1. Who we are

Teshape is a fitness coaching platform connecting personal trainers with the people they coach. We operate a mobile app (iOS, Android), a web portal at app.teshape.com, and this marketing site at teshape.com. This policy covers all three surfaces.

If you have questions about anything in this policy, email support@teshape.com.

2. What we collect

2.1 Account data

When you create an account you give us an email address, a display name, and (optionally) a profile photo. If you sign in with Apple or Google, we receive only the email and name those providers choose to share. We never see your provider password.

2.2 Profile data you choose to add

Coaches and trainees can fill in profile fields: bio, goals, certifications, location, time zone, language. None of this is required — what you skip stays blank.

2.3 Training, nutrition, and progress data

If you use Teshape as a trainee, the app stores: workouts you log, meals you log, measurements (weight, body composition), progress photos, personal records, and check-in responses. If you connect a coach, the data you log is visible to that coach — that is the point of the product.

If you use Teshape as a coach, the app stores: plans you build (training, nutrition), messages you send to clients, your client roster, and your published profile.

2.4 Messages

Messages between you and your coach (or your clients) are stored on our servers so you can read them across devices. They are not end-to-end encrypted — we can read them if law-enforcement or a court order requires it. We do not read them otherwise, and we do not use message content for advertising or model training.

2.5 Payments

We do not process payments between coaches and trainees inside the app. If your coach charges for their services, they handle the transaction themselves (bank transfer, cash, or whatever method they prefer). We never see your payment details for those transactions.

For coach subscriptions to Teshape itself (the platform fee a coach pays us), we use RevenueCat, which in turn uses Apple’s App Store or Google Play. Apple/Google handle the card processing; we only receive the subscription status (active / lapsed / refunded) and the transaction ID.

2.6 Analytics

We use PostHog to understand which features people use and where they get stuck. PostHog receives a pseudonymous user ID (not your email), the events you trigger inside the app, and basic device info (OS, app version, screen size). You can opt out from Settings → Privacy inside the app.

The marketing site (this one) uses no third-party analytics — no Google Analytics, no Facebook Pixel, no Plausible. The only third party loaded here is Zoho SalesIQ for the support chat widget, which is gated and disabled by default until you actively start a chat.

2.7 AI features

When you use an AI feature inside the app (e.g. asking the assistant to draft a program), the relevant prompt is sent to OpenAI via our server. We do not send your email, your full message history, or any unrelated personal data — only the specific input needed for that single request. OpenAI does not use this data to train its models on our API tier.

2.8 Health data (optional)

If you opt in, the app can read step counts, heart rate, sleep, and workouts from Apple Health (iOS) or Google Fit (Android). This data is stored in your Teshape account and visible to your connected coach. You can revoke access at any time from your device’s health settings.

2.9 Technical data

Every request to our servers carries an IP address, a user-agent string, and a timestamp. We use this for security (rate-limiting, abuse detection) and to debug errors. We retain server logs for 30 days.

3. How we use your data

• To run the product — deliver workouts, sync progress, send messages.
• To keep your account secure and prevent abuse.
• To send you transactional emails (account verification, password reset, refund confirmation). You cannot opt out of these without closing your account.
• To send you product updates and tips, only if you opt in via the newsletter signup. You can unsubscribe from any newsletter email.
• To improve the product — understanding which features are used.

We do not sell your data. We do not share it with advertisers. We do not use your training or message content for any other purpose.

4. Who we share data with

We share data only with the service providers needed to run Teshape:

• Google Firebase (Authentication, Firestore database, Cloud Functions, Storage) — primary backend.
• RevenueCat — coach subscription state.
• Apple App Store / Google Play — subscription billing.
• OpenAI — AI feature requests, on a per-request basis.
• PostHog — product analytics (opt-out).
• Zoho Mail — transactional and support email delivery.
• Vercel — marketing-site hosting (you’re reading this page from Vercel right now).

We also share data with law-enforcement when required by a valid legal request, and with a future acquirer if Teshape is acquired (you’ll be notified and given a choice to export and delete your data first).

5. Where your data lives

Our primary database (Firestore) is hosted in Google’s europe-west region. If you sign up from outside Europe, your data still lives in that region.

6. How long we keep it

• Account data: until you delete your account.
• Training, nutrition, and progress data: until you delete it or close your account.
• Messages: until you or your conversation partner deletes them, or you close your account.
• Server logs: 30 days.
• Payment records: 7 years (legal requirement for accounting).
• Backups: 30 days. After you delete your account, your data lingers in backups for up to 30 days before being purged.

7. Your rights

Under GDPR, UK GDPR, and most other modern privacy frameworks, you can:

• Access — request a copy of everything we have on you. In-app: Settings → Privacy → Export my data.
• Correct — update anything that’s wrong. Most fields are editable in Settings → Profile.
• Delete — remove your account and all associated data. In-app: Settings → Account → Delete account. This is irreversible.
• Restrict / object — tell us to stop using your data for a specific purpose. Email support@teshape.com.
• Portability — get a machine-readable export. Same export path as Access above.
• Withdraw consent — opt out of analytics, marketing emails, health-data sync. Each is a separate toggle in Settings → Privacy.
• Complain — to your local data-protection authority. In the UK, that’s the ICO.

8. Children

Teshape is not intended for anyone under 16. If you’re a coach and a client under 16 wants to use the app, a parent or legal guardian must create and operate the account.

9. Cookies and similar technologies

The marketing site uses two cookies:

• ts_session — a presence flag set by the web portal when you log in, so the marketing site’s “Sign in” CTA can switch to “Dashboard”. Contains no personal data.
• Zoho SalesIQ chat cookies — set only after you actively open the support chat.

The web portal uses Firebase Authentication cookies to keep you signed in. The mobile app uses native Keychain (iOS) and EncryptedSharedPreferences (Android) for the same purpose.

10. Security

All connections are HTTPS. Passwords are hashed with Firebase Authentication’s scrypt implementation — we never see your plaintext password. Sensitive operations (account deletion, payment verification, AI calls) run on Cloud Functions with per-user authentication checks.

No system is perfect. If you discover a security issue, please email support@teshape.comwith the subject line “Security report”.

11. Changes to this policy

We’ll update this page when our data practices change. We’ll bump the “Last updated” date at the top. For material changes (new data category, new third-party processor), we’ll also notify you by email or in-app.

12. Contact

Questions, requests, or complaints: support@teshape.com. We aim to respond within one working day, and at most within 30 days for formal data-subject requests.