Privacy Policy

Last updated: 10 October 2025

This privacy policy explains how Efort Systems SL (“Efort”, “we”, “us”) collects, uses and protects personal data when you use our websites and mobile applications.

Efort Systems SL is a company registered in Spain at CALLE BESALU 109 – P. 0, 08026 Barcelona.

For questions about this policy or to exercise your data rights, please email info@efortcoach.com.

1 – Types of data we collect

We collect only the data needed to operate our services:

• Account and profile data – name, email address, role (coach/athlete) and authentication details (hashed password or your third‑party sign‑in token). Providing a valid email and authentication data is required to create an account; without it you cannot use our services.‍
• Coaching content (coach‑managed) – data that you and your athletes share with each other for training purposes. This includes chat messages, videos, images, audio notes, blocks, workouts, tracs, bodyweights, notes, competitions and forms. This information is supplied voluntarily by your athletes and you and is not mandatory.‍‍
• ‍Service and diagnostic data – device and browser information, IP address, timestamps, crash/error logs and basic usage events. We collect this automatically to monitor errors, secure the platform and improve user experience.‍
• Communications – messages or feedback you send to us via email, instagram or in‑app channels.‍
• Billing status – your subscription plan and status. We never store payment card details; payments are processed directly by Stripe.

We do not collect or infer sensitive data beyond the training information your athletes voluntarily share with you.  As a coach, you are responsible for ensuring any necessary consents when training minors or when processing data that could be considered health‑related.

Responsibility for third‑party data. As a coach, you are responsible for the lawfulness of any personal data that you obtain, publish or share about your athletes or other individuals on our platform.  You must ensure that you have the necessary consent or other legal basis before collecting, uploading or sharing that data.

2 – How and why we use personal data

We process personal data only for the following purposes and under the lawful bases listed below:

Provide the service‍

To create and manage accounts, authenticate users (including third‑party sign‑in), host and sync coaching content, facilitate coach–athlete collaboration and manage subscriptions.  The legal basis is performance of our contract with you.

‍Reliability and security

‍To monitor errors and crashes, secure accounts, prevent misuse and protect the rights and safety of users.  The legal basis is our legitimate interests in maintaining a reliable and secure service.

‍Onboarding and product messages

‍To send free‑trial and onboarding emails and other product communications.  We rely on consent obtained at the start of the free trial.  You can unsubscribe at any time via the link in each email.

‍Legal obligations

‍To comply with laws, respond to lawful requests and enforce our terms.  The legal basis is compliance with a legal obligation.

We do not sell your personal data and we do not use it for targeted advertising or profiling.  We also do not reuse your coaching content for marketing, research or product training without separate explicit consent.  Diagnostic and analytics data are aggregated and used only to improve reliability and user experience.

3 – How we process and store data

• Security measures. We use a combination of technical and organisational measures to protect personal data. These include encryption in transit and at rest (provided by our cloud provider), strict access controls and least‑privilege authorisation, and weekly backups with the ability to recover modified or deleted data from the last seven days. Two‑factor authentication is available when you sign in with a Google account.
• Where data is stored. All databases and storage buckets reside in the European Union. Because we provide services worldwide, support or maintenance may involve limited access from outside the EEA/UK. Any cross‑border access is protected by Standard Contractual Clauses or other lawful safeguards, and by the same security measures we apply in the EU.
• Who can access the data.
  • You and the other coaches from your team (if applicable) can access the coaching content shared in your coaching relationships with athletes.
  • Organisation individuals have access only when needed to operate the service, assist with support requests or fulfil legal obligations.
  • Service providers: we engage trusted third parties to deliver parts of the service. We only disclose data that is necessary for them to perform their tasks, and we contractually require them to protect it. These include:
    • Database and storage provider (Google Firebase/Cloud Storage) for hosting and storage;
    • Authentication provider for sign‑in;
    • Analytics and diagnostics providers for error monitoring and product analytics;
    • Email service provider for sending transactional and marketing emails; and
    • Stripe for processing payments (we do not see or store your card details).
    • Some essential providers may act as independent controllers for purposes such as security and fraud prevention under their own privacy terms.

4 – Data retention and deletion

• Account deletion. You and your athletes can delete your respective accounts at any time via the Settings menu. When an account is deleted, we remove personal data from active systems straight away. Deleted data may remain in backups for up to seven days, after which it is overwritten. Backups are used only for disaster recovery.
• Coaching relationship ends. When an athlete stops being coached by a specific coach, the following applies:
  • Kept: the athlete’s blocks, tracs, bodyweights, notes and basic user information are retained so they can maintain their training history.
  • Deleted: all chat messages, audio messages, images, videos, competitions and forms related to that coach–athlete relationship are deleted immediately (subject to the seven‑day backup window).
  • Data for other active coaching relationships is not affected.
• Other data. We keep technical logs and support communications only as long as necessary for security, compliance and service quality. We may retain data longer where required by law or to protect our rights, and we may need to keep aggregated analytics data to improve the service.

5 – Cookies and analytics

• Cookies and similar technologies. On the web, we use only essential cookies and non‑advertising analytics cookies to understand usage and improve the service. You can control cookies through your browser settings. Within the mobile apps we use non‑advertising analytics and crash diagnostics SDKs; device settings may allow you to limit analytics collection.
• No targeted advertising. We do not track you across third‑party sites or serve targeted ads based on your behaviour. Our analytics is limited to measuring app performance and user experience.

6 – Marketing emails

We send onboarding and promotional emails if you opt in at the start of your free trial.  You can unsubscribe at any time by clicking the unsubscribe link in each email.  Transactional emails (such as client invitations and account notices) are necessary to provide the service and are sent regardless of marketing preferences.

7 – Your rights

If you reside in the European Union or United Kingdom, you have the following rights regarding your personal data:

• Access. Request a copy of the data we hold about you.
• Rectification. Ask us to correct inaccurate or incomplete data.
• Erasure. Request deletion of your data (the “right to be forgotten”), subject to certain exceptions such as our legal obligations and backup retention.
• Restriction. Ask us to temporarily stop processing certain data.
• Objection. Object to processing based on our legitimate interests. We will either comply with your request or explain why we cannot.
• Portability. Receive your data in a structured, commonly used and machine‑readable format and transfer it to another provider where technically feasible.
• Withdraw consent. Withdraw your consent for marketing at any time. Withdrawing consent does not affect prior lawful processing.

To exercise these rights or to ask any questions, please email info@efortcoach.com.  We may need to verify your identity before responding.  We will respond as soon as possible. You may also file a complaint with your local supervisory authority (in Spain, the AEPD).

8 – Minors and coach responsibility

We do not set a minimum age for using the service.  Coaches are responsible for ensuring any required parental or guardian consent when working with minors and for using an appropriate legal basis for processing minor data.  We act as a processor on the coach’s behalf for the coaching content, and we do not process that data for our own purposes.

9 – Additional information and legal actions

• Legal use. We may use your personal data to protect our rights and the rights of others, including in court proceedings or to comply with requests from public authorities.
• System logs and maintenance. For operation and maintenance, this website and our providers may collect logs and technical data such as IP addresses.
• Changes to this policy. We may update this privacy policy from time to time. When we make material changes we will notify you via in‑app notice or email, and we will always display the latest version and its “Last updated” date on this page.

If you require more detailed information about a specific service or data‑processing activity, please contact us using the details above.