Legal

Privacy Policy

Effective date · January 1, 2026

This Privacy Policy explains how Ghost Fitness ("Ghost Fitness", "we", "us", "our") collects, uses, shares, and protects information when you use ghostfitness.app and related applications (the "Service"). By using the Service you agree to the practices described here.

1. Information We Collect

Account and profile data

When you create a coach account or accept a client invitation, we collect information such as your name, email address, password (stored hashed), language preference, time zone, profile photo, country, business name, and similar profile details you provide.

Coach and client fitness data

To deliver coaching workflows, the Service stores content created or submitted within a workspace, including programs, workouts, exercises, sets, reps, weights, durations, schedules, notes, check-ins, body metrics, photos, messages between coach and client, goals, and other training-related content.

Payment data

Payments for paid plans are processed by third-party payment providers (for example Paddle, Stripe, or similar). We do not store full card numbers or banking credentials on our own systems. We receive limited information from the payment provider such as your billing name, country, the last four digits of your card, transaction identifiers, subscription status, and invoice history.

Usage and device data

We automatically collect technical information when you use the Service, including IP address, browser type, device type, operating system, referring pages, pages viewed, actions taken, timestamps, and crash and diagnostic data.

Communications

If you contact us, we keep a record of the correspondence and any information you provide so we can respond and improve the Service.

2. How We Use Information

  • to provide, operate, and maintain the Service;
  • to authenticate users and secure accounts and workspaces;
  • to deliver coach programs and client experiences;
  • to process payments, manage subscriptions, and prevent fraud;
  • to provide customer support and respond to requests;
  • to send service-related notices, security alerts, and product updates;
  • to send marketing communications where permitted (you can opt out at any time);
  • to analyze and improve features, performance, and reliability;
  • to comply with legal obligations and enforce our Terms.

3. Cookies and Analytics

We and our service providers use cookies, local storage, and similar technologies to keep you signed in, remember preferences, secure the Service, and measure usage. We may use analytics providers to understand aggregate product usage. Where required by law we ask for consent before placing non-essential cookies. You can control cookies through your browser settings; disabling some cookies may affect Service functionality.

4. Sharing With Service Providers

We share personal data only as needed to operate the Service:

  • Coaches and clients in your workspace — data created in a workspace is shared between the coach who owns the workspace and the clients they invite, as required for coaching;
  • Infrastructure and hosting providers that store and serve data on our behalf;
  • Payment providers that process subscription payments;
  • Email, messaging, and analytics providers that help us deliver notifications and understand product usage;
  • Professional advisors and authorities when required by law, regulation, legal process, or to protect rights, safety, or property.

We do not sell personal data.

5. Data Retention

We keep personal data for as long as your account is active, as needed to provide the Service, and as required to comply with our legal and contractual obligations. When a workspace is closed or a Paid Plan is cancelled, we may retain associated data for a reasonable grace period to allow recovery and to meet legal, accounting, or fraud-prevention requirements, after which it is deleted or anonymized.

6. Security

We use administrative, technical, and physical safeguards to protect personal data, including encryption in transit, hashed credentials, access controls, and monitoring. No method of transmission or storage is 100% secure; you use the Service at your own risk and should keep your password and account safe.

7. Your Rights

Subject to applicable law, you may have the right to access, correct, export, restrict, or delete personal data we hold about you, to object to certain processing, and to withdraw consent where processing is based on consent. Coaches and clients can manage most of their data directly inside the Service. To make a rights request that you cannot complete in-product, contact o@ghostfitness.app. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.

Where Ghost Fitness processes client data on behalf of a coach, the coach is the controller of that data and you should contact them first for rights requests relating to that workspace.

8. Children's Privacy

The Service is not directed to children under 13 (or the equivalent minimum age in your country) and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it. Coaches must obtain verifiable parental or guardian consent before inviting a minor into a workspace where local law requires it.

9. International Users

Ghost Fitness is operated globally and the Service may be accessed from anywhere in the world. Personal data may be transferred to and processed in countries other than your own, which may have different data protection laws. Where required, we use appropriate safeguards for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" above and, where the changes are material, provide reasonable notice through the Service or by email.

11. Contact

For privacy questions or rights requests, contact us at o@ghostfitness.app.