Privacy policy.

peak/performance ("we", "us", "our") provides an integrated coaching operating system for personal trainers, online coaches, studios, gyms, and corporate wellness providers. This policy applies to our website, web application, and related services (the "Service").

For any privacy-related questions or requests, contact us at info@peakperformance.to.

We collect only what we need to run the Service:

• Account data: name, email address, password (hashed), role, and profile details you provide.
• Payment data: billing details processed by Stripe. We never see or store full card numbers — only a token, the last 4 digits, and the brand for reference.
• Coaching data: content you upload such as workouts, programs, check-ins, progress photos, messages, and notes.
• Usage data: device, browser, IP address, pages visited, feature usage, and diagnostic logs, used to operate and improve the Service.
• Communications: messages you send us via email, forms, or in-app support.

• Provide, maintain, and secure the Service.
• Authenticate users and enforce access controls.
• Process payments and manage subscriptions.
• Send transactional emails (account, billing, security, product updates you opted into).
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our terms.
• Improve product quality through aggregated, de-identified analytics.

We do not sell your personal data and we do not use it to train third-party AI models.

Where GDPR applies, we rely on the following legal bases: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, product improvement), consent (where required, e.g. certain cookies or marketing), and legal obligation (tax, accounting, lawful requests).

We use carefully selected sub-processors to deliver the Service:

• Supabase — managed database, authentication, and storage hosting.
• Stripe — payment processing and subscription billing.
• Resend — transactional email delivery.

Each sub-processor is bound by data processing agreements and handles personal data only on documented instructions from us.

We keep personal data only as long as needed for the purposes described above. Account data is retained while your account is active. After deletion, we remove personal data within 30 days, except for records we must keep for legal, tax, or accounting reasons (typically up to 7 years for billing records) and minimal backup snapshots, which are purged on rolling schedules.

Depending on your jurisdiction (including GDPR for EU/EEA and UK residents), you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your account and personal data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email info@peakperformance.to. We respond within 30 days.

We use essential cookies to keep you signed in and to remember your preferences. We may use limited analytics cookies to understand product usage in aggregate. We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings; disabling essential cookies may break parts of the Service.

We apply row-level security in the database, encrypt sensitive files at rest, support multi-factor authentication, and monitor for brute-force and abuse. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

Our sub-processors may process data outside your country of residence. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy as the Service evolves. Material changes will be communicated by email or in-app notice before they take effect.

peak/performance · Dubai, UAE
Email: info@peakperformance.to