BETA Version — Draft

Privacy Policy

What we collect, what we do with it, and what we don't do. No dark patterns.

1. Who We Are

PT Lab (“we,” “us,” “our”) is an AI-assisted exercise programming platform operated by PT Lab App. This policy describes how we collect, use, and protect information when you use the PT Lab web application at ptlabapp.com.

Questions about this policy? Email [email protected].

2. Information We Collect

2.1 Coach accounts

  • Name, email address, password
  • Gym or business name
  • AI coaching preferences (tone, approach, favorite exercises)

2.2 Client profiles (entered by coaches)

  • Client name and email address
  • Age range (approximate, e.g., “mid-30s” — not date of birth)
  • Sex, occupation, activity level
  • Training goal (free text)
  • Problem areas (body regions with brief notes, e.g., “shoulder — tight”)
  • Movement restrictions (free text, e.g., “avoid overhead pressing”)
  • Available equipment

2.3 Self-coached profiles (entered by the user)

  • Same fields as client profiles, entered by the user during onboarding
  • Self-coached routines are auto-generated by AI without human review and auto-approved upon generation

2.4 Training data (generated through use)

  • Exercise routines and workout logs
  • Exercise history and progress tracking
  • Daily check-ins (soreness, mood, sleep quality, notes, optional photos)
  • Messages between coach and client (text and file attachments)
  • Workout completion records

2.5 Media uploads

  • Images and videos uploaded by coaches or clients (subject to size and storage limits)

2.6 Basic technical information

We record limited technical information (such as your login session and basic request details) needed to operate the service, keep your account secure, and investigate abuse.

2.7 AI-generated data

  • AI-drafted routines, coaching suggestions, and program plans (stored for coach review)
  • AI prompts and responses kept for a limited period as an audit trail

3. How We Use Information

We use the information collected to:

  • Provide the exercise programming and coaching platform
  • Generate AI-assisted routine suggestions for coach review
  • Enable client portal access (login, workout logging, check-ins, messaging)
  • Display “last time” exercise references to help clients track progress
  • Maintain audit trails for coach oversight of AI-generated content
  • Enforce rate limits and prevent abuse
  • Send service-related email (account verification, billing receipts, security alerts)

Messaging disclosure.Messages between coach and client are visible to the coach and may be used to personalize the client's programming. The last 10 messages are included in AI routine generation context.

We do not:

  • Sell personal information to third parties
  • Use personal information for advertising
  • Share client data with other coaches outside the client's organization
  • Send the client's name or email to the AI — only training context (goal, restrictions, problem areas, workout history, check-in data, recent messages)
  • Use analytics or tracking pixels to follow you around the web

4. Third-Party Services

We work with a small number of third parties to operate the platform:

  • AI service provider — for AI-assisted routine generation and suggestions. We send anonymized training context only: age range, sex, activity level, goal, restrictions, problem areas, workout history, check-in data, soreness trends, and recent messages. We never send client names or email addresses to AI providers.
  • Stripe— for payment processing when you subscribe to a paid plan. We never store your full credit-card number. Stripe's policy: stripe.com/privacy.
  • Cloud hosting provider — for running the servers and protecting against abuse. All platform data resides on servers we control.
  • Resend — for transactional email (verification, password reset, receipts). We send email addresses and message bodies only.
  • Cloudflare Turnstile — for bot protection on signup and waitlist forms. Cloudflare may collect basic telemetry to distinguish humans from bots, but this data is not shared with us for any other purpose.

We do not use advertising networks, social-media tracking pixels, Google Analytics, or any third-party analytics services.

5. Data Retention

We keep your data only as long as needed to provide the service. Active accounts and client records are kept while you're using the platform. When you cancel, your data is deleted on a fixed schedule. AI drafts and audit records are kept for a limited period and then removed or anonymized.

Coaches can request deletion of specific client records at any time. Specific retention periods can be provided upon valid request to [email protected]. See Section 8 for your rights.

6. Data Security

We take reasonable steps to keep your data safe. Your connection to PT Lab is encrypted, your passwords are securely stored (we can't see them), and sessions expire automatically. We limit how often requests can be made to prevent abuse, and we validate everything you upload.

No system is perfectly secure. We follow industry-standard practices for a platform of our size but can't guarantee absolute security. Additional details about our security practices can be provided upon valid request.

7. Cookies

We use a small number of essential cookies to keep you logged in. We do not use tracking cookies, analytics cookies, or advertising cookies.

8. Your Rights

8.1 For coaches

  • Access. View all your account data and client records through the platform.
  • Correction. Edit any information through the platform.
  • Deletion. Delete individual client records or request full account deletion by emailing [email protected].
  • Export. Request a full data export by emailing [email protected]. We'll send you a JSON archive within 14 days.

8.2 For clients and self-coached users

  • Access. View your routines, messages, workout history, and check-in history through your portal.
  • Correction. Edit your own profile from Settings, or contact your coach.
  • Deletion.Delete your account from Settings → Data & Privacy, or email us directly.
  • Revocation. Your coach can disable your portal access at any time; you can request this.

8.3 California residents (CCPA)

If you are a California resident, you have additional rights including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email [email protected].

8.4 EU/EEA residents (GDPR)

If you are located in the EU/EEA, you have additional rights under the General Data Protection Regulation including access, rectification, erasure, restriction of processing, data portability, and objection to processing. Our legal basis for processing is contract performance (you signed up, we deliver the Service) and legitimate interest (abuse prevention, audit logs). To exercise your rights, email [email protected].

9. Children

PT Lab is not intended for use by individuals under the age of 18. We do not knowingly collect information from children. If we learn we've collected data from a minor, we'll delete it promptly.

10. International Transfers

PT Lab operates from the United States. If you use the Service from outside the US, you understand and consent to your information being transferred to and processed in the US, which may have different data protection laws than your jurisdiction.

11. Changes to This Policy

We may update this policy from time to time. We'll notify registered users via email of material changes at least 30 days before they take effect. Continued use of the platform after changes take effect means you accept the updated policy.

12. Contact

For privacy questions, data requests, or concerns: [email protected]
For general support: [email protected]

This Privacy Policy has not yet been reviewed by licensed counsel. Do not rely on any specific clause as legally enforceable until the review process is complete.

Terms of Service →