Privacy policy

HP Training Privacy Policy

Effective June 16, 2026Operator: Heeren Performance

1. Introduction

This Privacy Policy explains how Heeren Performance (“Heeren Performance”, “we”, “us”, “our”) collects, uses, shares and protects personal information about you (“you”, “your”) when you use the HP Training mobile application and related services (collectively, the “App”).

Heeren Performance is the operator of the App and is the data controller (or, where applicable, the “business”) responsible for your personal information. The App is built and operated on Heeren Performance’s behalf by a third-party technology provider, which acts as our data processor (or, where applicable, “service provider”) and provides the underlying app software, technology, hosting and back-end infrastructure.

2. Information we collect

We collect the following categories of personal information when you use the App:

  • Account and profile information — name, email address, password (stored only in hashed form), phone number (if provided), date of birth, gender, profile photo, time zone and locale.
  • Health, fitness and coaching data — body measurements, weight, photos you upload to track progress, workout logs, exercise performance, nutrition entries, habit completions, sleep and step counts, and answers to check-in questions.
  • Coaching communications — messages, voice notes, images and video you exchange with your coach inside the App.
  • Device and technical information — device model, operating system version, App version, IP address, language, crash logs and basic usage analytics.
  • Push notification tokens — to deliver notifications about messages, workouts and reminders.
  • Optional connected data — only if you grant permission, such as photos from your camera roll, contacts you choose to share, or data from health integrations you opt into.

Some of the information above — including your body measurements, weight, progress photos, nutrition, sleep and other coaching inputs — is health and fitness information and is treated as sensitive information. We collect and use it only to provide your coaching, and we rely on your consent to do so, which you give by entering this information and using the App’s coaching features. You can withdraw that consent at any time, as described in Section 7. We do not knowingly collect biometric identifiers, precise location, or medical diagnoses unless you choose to provide them yourself as part of your coaching.

3. How we use your information

We use the information we collect to:

  • provide the coaching, training, nutrition and habit-tracking features of the App;
  • let you communicate with your coach and let your coach communicate with you;
  • send transactional notifications, including reminders, messages and billing alerts;
  • improve the App, diagnose crashes, and measure aggregated, de-identified usage patterns;
  • protect the security of the App and our users (for example, fraud prevention, abuse detection and account recovery); and
  • comply with our legal obligations.

Where data protection law requires a legal basis for processing, we rely on: your consent (for your sensitive health and fitness information and any optional integrations you enable); performance of our contract with you (to deliver the coaching services and process payments); our legitimate interests (to secure, maintain and improve the App); and compliance with our legal obligations. Where we rely on consent, you can withdraw it at any time as described in Section 7.

We do not sell your personal information. We do not use your health, fitness or coaching data for advertising.

4. Service providers we share data with

To run the App, we share personal information with the following categories of service providers, each bound by contract to use the data only to provide their service:

  • Fitsly (technology provider) — provides the underlying app software, hosting, storage, messaging infrastructure, push notification services, and related backend systems required to operate the App.
  • Communications providers — deliver transactional emails and, if you have provided a phone number and opted in, SMS notifications.
  • Push notification services — deliver push notifications to your device (provided by the operating-system platforms).
  • Analytics and crash-reporting providers — provide aggregated and de-identified performance, crash and usage analytics used to improve the App.

We may also disclose personal information when required by law, to protect our or others’ rights, safety and property, or in connection with a business transaction (for example, a sale of our business), in which case we will require the recipient to honor the commitments in this Policy.

5. International transfers

The App’s back-end infrastructure is operated primarily from the United States. When you use the App from outside the United States, your personal information will be transferred to and processed in the United States and other countries where our service providers operate, which may have data protection laws that differ from those in your country. Where required by law, we rely on appropriate safeguards and transfer mechanisms (such as the EU Standard Contractual Clauses or the UK International Data Transfer Addendum) for those transfers, and we take reasonable steps to ensure your information remains protected.

6. Data retention

We retain your personal information for as long as your account with us is active. If you close your account, we delete or de-identify your personal information within a reasonable period, except where we are required to keep it for legal, tax, accounting, fraud-prevention or dispute-resolution purposes. Backups are rotated on a regular schedule and your data is removed from backups in the ordinary course of that rotation.

7. Your privacy rights

Depending on where you live, you may have the following rights with respect to your personal information: the right to access a copy of your data, the right to correct inaccurate data, the right to delete your data, the right to object to or restrict certain processing, the right to data portability, and the right to withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at kurt@heerenperformance.com. We will respond within the time frames required by applicable law (typically 30–45 days). We may need to verify your identity before acting on the request.

If you are not satisfied with how we have handled your personal information, you also have the right to lodge a complaint with the data protection authority or privacy regulator in your country or region.

8. Children

The App is not intended for children under 13 (or under 16 in the United Kingdom and the European Economic Area, or such higher age as applicable local law requires). We do not knowingly collect personal information from children below those ages. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Security

We use industry-standard administrative, technical and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration and destruction. Account passwords are stored only as salted hashes; data in transit is encrypted using TLS; and access to production systems is restricted to authorized personnel. No system is perfectly secure, however, and we cannot guarantee the absolute security of your information. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities where required by applicable law.

10. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the “Effective date” above and, for material changes, notify you in the App or by email before the changes take effect.

11. Contact us

If you have questions about this Policy or about how your personal information is handled, contact Heeren Performance at kurt@heerenperformance.com.