1. Controller and Contact
The data controller for BasketTrainer is Fit4You s.r.o., Parkova 29, Slovakia ("BasketTrainer", "we", "us", or "our").
For privacy questions, data subject requests, and account deletion requests, contact us at bestbasketballtrainer@gmail.com.
2. Services Covered
This policy covers:
- the BasketTrainer public website at baskettrainer.com;
- the BasketTrainer web platform and admin workspace;
- the Basketball Trainer mobile app for iOS and Android;
- the Apple Watch and Wear OS companion apps;
- public trainer profile and public workout-plan pages;
- backend APIs, notification workers, file storage, and support operations.
3. Personal Data We Process
| Category | Examples | Where it comes from |
|---|---|---|
| Account and profile data | Name, email, nickname, avatar/provider photo, authentication provider, role flags, preferred language, public trainer context, public promotion profile. | You, your sign-in provider, your trainer, team staff, or an administrator. |
| Team, trainer, and roster data | Team, country, gender context, category, roster membership, trainer-player assignments, guest players without accounts, tags, invites, QR/deep-link context. | You, coaches, team trainers, team administrators, or invite links. |
| Training and workout data | Assigned trainings, plans, exercise parameters, daily schedule, training library items, workout completion, source device, attempts, records, statistics, trend views, print PDFs, QR exercise links. | You, your coach/team staff, the app, watch companion, backend calculations, or imported public plans. |
| Health, fitness, testing, and body-composition data | Performance metrics, test results, recovery notes, body-composition forms, InBody PDF or image imports, muscle/records views, workout runtime state, Apple Watch HealthKit workout session state. | You, assigned staff, uploaded files, the app/watch, or automated extraction requested by the user. |
| Messages, journal, audio, and attachments | Trainer-player chat, journal entries, training snapshots, voice notes, audio transcripts, AI-processed notes, files, images, journal PDF exports. | You or your assigned trainer/team staff. |
| Calendar, billing, and payment metadata | Trainer calendar slots, attendance status, billing type, report totals, match schedule, public plan pricing, Stripe Connect account ID, checkout/payment status metadata. | You, trainer/team staff, administrators, or Stripe checkout status callbacks. |
| Device, app, and diagnostics data | Device platform, push token, notification preferences, watch connectivity state, app version, environment, request IDs, IP address, user agent, crash logs, performance logs, error reports. | Your device, browser, backend infrastructure, Firebase, Sentry, and app runtime logs. |
| Media and content templates | Exercise images, videos, public profile images, plan landing images, rich descriptions, YouTube links, generated or uploaded exercise media. | Users, trainers, administrators, public catalogs, or third-party media links selected by users. |
4. Purposes and Legal Bases
| Purpose | Typical legal basis under GDPR | Examples |
|---|---|---|
| Provide the product and user accounts | Performance of a contract or steps requested before a contract. | Login, role-based workspace, profiles, team membership, training library, app/web/watch sync. |
| Deliver coaching, training, testing, and body-composition features | Performance of a contract; explicit consent where health or other special category data is processed. | Workout sessions, records, testing metrics, body-composition forms, InBody imports, Apple Watch workout runtime. |
| Communication between players and trainers | Performance of a contract; legitimate interests in operating a secure coaching workflow; explicit consent for voice or sensitive content where required. | Chat, journal notes, voice notes, attachments, training context snapshots, journal exports. |
| Public trainer profiles and promoted plans | Performance of a contract and consent or user direction to publish public content. | Public coach profile, public plan pages, Join Me links, workout request links, profile images. |
| Payments and billing support | Performance of a contract, legal obligation, and legitimate interests. | Stripe checkout status, trainer calendar billing reports, invoice-support metadata. |
| Security, fraud prevention, diagnostics, and reliability | Legitimate interests and legal obligation where applicable. | Crash reports, request IDs, logs, abuse prevention, authentication checks, Sentry events, server monitoring. |
| Notifications and reminders | Consent where required by device platform; performance of a contract for requested reminders. | Workout reminders, trainer assignment alerts, coach updates, push tokens. |
| Legal compliance and rights handling | Legal obligation and legitimate interests. | Data subject requests, account deletion, tax/accounting records, dispute handling, store policy compliance. |
5. Health, Fitness, and Sensitive Data
BasketTrainer can process training, fitness, body-composition, testing, recovery, and Apple Watch workout-session information. In the EU, some of this can be special category data. We use it only to provide training, coaching, records, reporting, and user-requested support features. We do not sell health or fitness data, use it for advertising, or share it with insurers, employers, credit providers, or unrelated third parties.
Health and fitness data may be visible to the assigned player, assigned trainers, assigned team trainers, team administrators, and administrators according to the product role model and team setup. If a player belongs to a club or team workflow, the organization should make sure it has the correct notices, consents, and guardian permissions for minor athletes.
6. AI-assisted Features
BasketTrainer includes optional AI-assisted features, including AI Builder training generation, coach-description transcription, journal voice-note transcription and cleanup, and InBody PDF/JPG body-composition import. When these features are used, relevant prompts, selected catalog context, audio, image, PDF, or text inputs can be sent to OpenAI API services for processing.
AI output is an assistant tool for coaches and users. It can be wrong or incomplete and must be reviewed by a qualified coach, trainer, medical professional, parent/guardian, or responsible user before it is used in training decisions.
7. Recipients and Processors
We share personal data only where needed to provide and secure the service, comply with law, complete a user-requested transaction, or support the role-based coaching workflow. Recipient categories include:
- AWS services for hosting, database, storage, queues, backups, and logs.
- Firebase and Google services for authentication, push messaging, analytics, crash/diagnostic tooling, and provider profile data.
- Apple services for Sign in with Apple, app distribution, Apple Watch connectivity, and HealthKit workout-session handling on Apple Watch.
- Algolia for authenticated search over exercises, groups, trainings, plans, and test groups.
- Sentry for crash reporting, error diagnostics, performance monitoring, and release observability.
- OpenAI API services for requested AI-assisted generation, transcription, cleanup, and import workflows.
- Stripe for public plan checkout, connected account handling, and payment status metadata.
- YouTube or YouTube-nocookie embeds when users open YouTube exercise videos.
- App stores and platform providers where required for distribution, review, crash reports, or account login.
Coaches, team trainers, teams, and administrators may also receive personal data inside the product where their role grants access to the relevant player, roster, training, message, test, journal, calendar, or plan data.
8. International Transfers
BasketTrainer is operated from the EU and uses cloud and platform providers that may process data in the EU/EEA and other countries. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, platform data processing terms, and provider security controls where available.
9. Retention
We keep personal data only as long as necessary for the purpose for which it was collected, unless a longer period is required for legal, accounting, security, backup, dispute, or abuse-prevention reasons. Typical retention rules are:
- Account, profile, role, team, and trainer relationship data: while the account or organization workflow is active, then as needed for deletion, audit, legal, or dispute handling.
- Training plans, workouts, testing, records, journal, chat, and body-composition data: while needed for the training/coaching relationship or until deletion is requested and no exception applies.
- Public trainer profile and plan content: while published or until removed by the owner/administrator.
- Push tokens and device preferences: while the device/account is active or until notifications are disabled, the token expires, or the account is deleted.
- Diagnostic logs, request logs, crash reports, and security events: for limited operational periods based on the relevant system configuration.
- Payment and accounting metadata: as long as required by payment, tax, accounting, and dispute obligations.
- Backups: until overwritten or expired under the applicable backup cycle.
10. Your GDPR Rights
Subject to legal conditions and exceptions, EU/EEA users may have the right to access, rectify, erase, restrict, object to processing, receive a portable copy of their data, withdraw consent, and lodge a complaint with a supervisory authority.
To exercise these rights, contact bestbasketballtrainer@gmail.com. We may need to verify your identity and may ask for the account email or other information needed to find the relevant account.
11. Account and Data Deletion
Users can request account and data deletion through the public deletion page: https://baskettrainer.com/legal/account-deletion.html. Deletion requests should include the BasketTrainer account email and the request type. We will delete or anonymize eligible account data and ask service providers to delete relevant data where applicable.
Some information may need to be retained where required for legal, security, fraud-prevention, accounting, payment, dispute, backup, or legitimate operational reasons.
12. Children and Minors
BasketTrainer can be used by youth teams and athletes. Coaches, teams, clubs, schools, and guardians are responsible for ensuring that the use of BasketTrainer with minors is lawful, transparent, age-appropriate, and supported by any required parental or guardian consent. Minor athletes should not create or use accounts without appropriate permission from a parent, guardian, club, school, or responsible organization.
13. Device Permissions
The app requests permissions only when needed for a feature:
- Camera: scan trainer/team/exercise QR codes.
- Microphone: record voice notes and coach voice briefs when the user chooses to do so.
- Photo library/files: attach journal files and import InBody PDF/JPG documents or images.
- Push notifications: training reminders, coach updates, assignment events, and operational alerts.
- Apple HealthKit on Apple Watch: keep workout or timer sessions active during watch workouts.
- Wear OS vibration and watch data layer: haptic feedback and phone-watch sync.
14. Security
We use technical and organizational measures designed to protect personal data, including HTTPS/TLS in transit, cloud access controls, authentication checks, role-based access paths, secret-managed deployments, monitoring, and backups. No internet service can be guaranteed to be completely secure.
15. Cookies and Local Storage
The public product site uses local storage for language preference. The authenticated web app and third-party login providers may use cookies, local storage, and similar technologies for authentication, security, preferences, app state, diagnostics, and embedded media. See the Cookie and Local Storage Notice.
16. Changes
We may update this policy when the product, law, providers, or store requirements change. The current version is posted at this URL with its last-updated date.