Privacy Policy

App: Train With Omar
Last updated: 27 April 2026
Effective date: 27 April 2026

This Privacy Policy explains how Train With Omar ("we", "us", "the app", "the service") collects, uses, stores, and protects your personal information when you use our mobile application available on the Google Play Store and Apple App Store.

By creating an account or using the app, you agree to this Privacy Policy. If you do not agree, please do not use the app.

1. Who We Are

Train With Omar is a personal fitness coaching application operated by Omar Tarek (the "Coach"), based in the United Arab Emirates. The app provides clients with personalized training plans, nutrition plans, progress tracking, and direct messaging with the coach.

2. Information We Collect

2.1 Information You Provide

Account information: full name, email address, phone number, password (hashed and stored by our authentication provider).
Onboarding profile: age, gender, height, weight, training goals, expected timeline, training history, daily activity, training days per week, preferred location.
Health & lifestyle: injuries, health issues, medications, food allergies, meals per day, eating pattern, favorite/refused foods, water intake, sleep pattern, biggest obstacle.
Photos & files: InBody scan, progress photos (front, side, back), and any additional files you choose to upload.
Messages: the content of messages you send to or receive from the coach.
Payment records: amount, due date, status, and notes for subscription/coaching fees. Payments are processed outside the app — we do not collect or store credit card numbers, CVVs, or banking credentials.

2.2 Information Collected Automatically

Device push token: a token issued by Apple/Google so we can deliver notifications. It is not personally identifying on its own.
Authentication session tokens: short-lived tokens issued by our auth provider to keep you logged in.
App language preference (English / Arabic).

2.3 Information We Do NOT Collect

We do not collect your precise GPS location.
We do not collect contacts, calendar, or microphone data.
We do not store your password locally on your device.
We do not use third-party advertising SDKs or tracking pixels.

3. How We Use Your Information

To create and maintain your account.
To allow your coach to design appropriate training and nutrition plans for you.
To enable messaging between you and your coach.
To track your progress over time.
To send push notifications related to your plan, messages, or session reminders.
To send password reset codes when you request them.
To process subscription/coaching payment records.
To comply with legal obligations.

We do not sell your personal data, and we do not use it for advertising or marketing by third parties.

4. Legal Basis for Processing

We process your data on the following legal bases:

Contract: to deliver the coaching service you signed up for.
Consent: for sensitive health-related information you voluntarily provide during onboarding.
Legitimate interest: to keep the app secure and prevent fraud.
Legal obligation: when required by applicable law.

5. Data Storage and Security

Your data is stored securely on Supabase infrastructure, which uses industry-standard security practices including encryption in transit (TLS) and at rest. We apply the following safeguards:

Row-Level Security (RLS): the database enforces that you can only read and write your own data.
Hashed passwords: passwords are never stored in plaintext.
Biometric login: when you enable biometric sign-in (Face ID / Touch ID / Fingerprint), only a short-lived refresh token is stored in your device's secure enclave/keystore — never your password.
Secure storage: sensitive tokens use the OS-provided secure storage (iOS Keychain / Android Keystore).
Access controls: only the coach you are working with can see your profile and progress.

6. Third-Party Services

We use a small number of trusted third-party services to operate the app. Each is bound by its own privacy policy:

Supabase — backend, database, authentication, file storage. supabase.com/privacy
Expo — push notifications and app build infrastructure. expo.dev/privacy
Apple Push Notification Service / Firebase Cloud Messaging — to deliver push notifications to your device.
Google Play / Apple App Store — for app distribution and (where applicable) crash reports.

7. Data Retention

We retain your data for as long as your account is active. If you request deletion (see Section 9), your account is marked for deletion immediately, and all personal data — including onboarding answers, photos, messages, and payment records — is permanently removed within 30 days, except where applicable law requires us to retain certain records (e.g., tax/financial records) for a longer period.

8. Children's Privacy

The app is intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can remove it.

9. Your Rights

You have the right to:

Access the personal information we hold about you.
Correct inaccurate information directly inside the app, or by contacting us.
Delete your account and all associated data. You can do this at any time directly inside the app: Profile → Delete Account.
Withdraw consent at any time by deleting your account.
Export a copy of your data — contact us and we will provide it in a machine-readable format.
Object to or restrict processing in certain circumstances.
Lodge a complaint with your local data protection authority.

10. International Data Transfers

Our backend infrastructure may store data in regions outside your country of residence (typically European or US data centers operated by our cloud provider). By using the app, you consent to this transfer. We rely on the standard contractual clauses and security commitments of our infrastructure provider to safeguard such transfers.

11. Push Notifications

If you grant permission, we send you push notifications related to your plan, new messages from your coach, and session reminders. You can disable push notifications at any time from your device settings.

12. Cookies and Tracking

The mobile app does not use cookies. We do not use any third-party analytics, advertising, or tracking SDKs.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the app or by email and update the "Last updated" date at the top of this page. Continued use of the app after the change constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or your data, please contact us:

Train With Omar
Email: trainwithomarfit@gmail.com
Country: United Arab Emirates