Privacy Policy

Last updated: 12 May 2026

1. Who We Are

R&B Fitness ("we", "us", "our") is a personal training business based in the United Kingdom. We operate the R&B Coach OS application (the "App") to deliver personal training services, workout programming, nutrition guidance, and progress tracking to our clients.

Contact details:
R&B Fitness
Bedford, Bedfordshire, United Kingdom
Email: [email protected]

For the purposes of UK data protection law, R&B Fitness is the data controller responsible for your personal data.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Identity data: your name, date of birth, profile photo
  • Contact data: email address, phone number
  • Health and fitness data: medical history (via PAR-Q), injuries, medications, body composition measurements, weight, body fat percentage, progress photos, workout logs, and performance data
  • Nutrition data: dietary preferences, food logs, calorie and macronutrient intake
  • Wearable and device health data: if you choose to connect a wearable device or health platform (such as Google Fit via Health Connect, or Apple Health), we may collect step count, heart rate, resting heart rate, heart rate variability (HRV), sleep duration and quality, active energy burned, and other fitness metrics. This data is only collected with your explicit permission and can be disconnected at any time
  • Payment data: billing information processed through Stripe (we do not store your full card details)
  • Technical data: device type, browser, IP address, login timestamps
  • Communication data: messages sent through the App, feedback, and check-in responses
  • Community data: posts, comments, and photos shared in community features

3. Why We Collect Your Data

We use your personal data for the following purposes:

  • Service delivery: to provide personalised training programmes, nutrition plans, and coaching
  • Programme design: to create and adjust workout and nutrition plans based on your goals, abilities, and progress
  • Progress tracking: to monitor your body composition, workout performance, and overall progress over time
  • Communication: to send you session reminders, check-in prompts, programme updates, and respond to your enquiries
  • Payment processing: to manage membership payments, invoices, and receipts
  • Safety: to assess health risks through your PAR-Q and medical information, ensuring exercises are safe and appropriate
  • Wearable insights: to provide a more complete picture of your health and recovery by incorporating data from connected wearable devices and health platforms into your coaching experience
  • Service improvement: to improve and develop the App and our coaching services
  • AI-assisted coaching: to provide personalised programme suggestions, form analysis, and coaching insights using artificial intelligence tools (see Section 7 for details on third-party AI providers)

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases to process your data:

  • Contractual necessity (Article 6(1)(b)): processing is necessary to deliver the personal training services you have signed up for, including programme design, session scheduling, and progress tracking
  • Legitimate interest (Article 6(1)(f)): we have a legitimate interest in communicating with you about your training, improving our services, and ensuring the security of the App
  • Consent (Article 6(1)(a)): for marketing communications and optional features, we will ask for your explicit consent, which you can withdraw at any time

5. Health Data (Special Category Data)

Health and fitness data, including your medical history, injuries, body composition, and physical performance data, is classified as special category data under UK GDPR Article 9.

We process this data based on your explicit consent (Article 9(2)(a)), which you provide during the onboarding process when completing your PAR-Q and consent forms. This data is essential for us to design safe, effective training programmes tailored to your needs.

You may withdraw your consent at any time by contacting us. However, please note that withdrawing consent for health data processing may affect our ability to provide personal training services safely.

6. Wearable Device and Health Platform Data

The App allows you to connect third-party wearable devices and health platforms, including Google Fit (via Android Health Connect) and Apple Health. When you connect these services, the following applies:

  • Opt-in only: wearable data is never collected automatically. You must explicitly grant permission to connect your device or health platform, and you choose which data types to share
  • Data types collected: depending on your permissions, we may receive step count, heart rate, resting heart rate, heart rate variability (HRV), sleep duration and stages, active calories burned, workout sessions, and other fitness metrics
  • How we use it: wearable data is used solely to enhance your coaching experience, including recovery monitoring, training load assessment, and personalised programme adjustments. Your coach may review this data to provide better guidance
  • Third-party access: wearable data received from Google Fit or Apple Health is not sold, shared with advertisers, or used for any purpose other than delivering your coaching services. It is not shared with any third party except as described in Section 8 (e.g. AI coaching features via Anthropic, where relevant fitness data may be included for personalised advice)
  • Google API Services: our use of data received from Google APIs (including Google Fit and Health Connect) complies with the Google API Services User Data Policy, including the Limited Use requirements. We only use Google API data to provide and improve user-facing features of the App
  • Disconnecting: you can disconnect your wearable device or health platform at any time through the App settings. Once disconnected, we will stop collecting new data from that source. You may also request deletion of previously collected wearable data by contacting us
  • Storage: wearable data is stored securely on our servers alongside your other fitness data and is subject to the same security measures and retention policies described in this policy

7. How We Store and Protect Your Data

We take the security of your personal data seriously. We implement the following measures:

  • Data is stored on secure servers with encrypted connections (HTTPS/TLS)
  • Passwords are hashed using industry-standard algorithms and are never stored in plain text
  • Access to personal data is restricted to authorised personnel only
  • Regular backups are performed to prevent data loss
  • Session tokens and authentication mechanisms are used to protect your account

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining appropriate safeguards.

8. Third Parties

We share your personal data with the following third parties only as necessary to provide our services:

  • Stripe: for secure payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy
  • Anthropic (Claude AI): we use Anthropic's Claude AI to provide AI-assisted coaching features, including personalised programme suggestions, exercise form analysis, nutritional guidance, and in-app coaching chat. When you use these features, relevant data (such as your fitness goals, workout history, body measurements, and messages) may be sent to Anthropic for processing. Anthropic acts as a data processor and does not use your data to train its models. See Anthropic's Privacy Policy
  • Google (Google Fit / Health Connect): if you connect Google Fit or Health Connect, health and fitness data is transferred from Google to our servers via Google APIs. We access this data solely to provide coaching features. Our use complies with the Google API Services User Data Policy, including the Limited Use requirements. See Google's Privacy Policy
  • Apple (HealthKit / Apple Health): if you connect Apple Health, health and fitness data is transferred from Apple HealthKit to our servers. We access this data solely to provide coaching features and do not use it for advertising or data mining. See Apple's Privacy Policy
  • Meta (WhatsApp Business): if you communicate with us via WhatsApp, your messages and contact details are processed through Meta's WhatsApp Business API. Meta acts as a data processor for message delivery. See WhatsApp's Privacy Policy
  • Email service provider: to send transactional emails such as session reminders, check-in prompts, and receipts
  • Push notification services: Apple Push Notification Service (APNs) and/or Firebase Cloud Messaging to deliver app notifications
  • Hosting provider: our server infrastructure provider, which stores data in secure data centres
  • Error monitoring: we use Sentry for application error tracking, which may process limited technical data to help us fix issues

We do not sell your personal data to any third party. We do not use wearable health data for advertising, marketing to third parties, or any purpose unrelated to your coaching services. Data shared with AI providers is used solely to deliver our coaching services and is not used to train third-party models.

9. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Active clients: your data is retained for the duration of your membership and active use of the App
  • After membership ends: we retain your data for up to 12 months after your last session to allow for account reactivation and to provide historical progress data if you return
  • Payment records: retained for 7 years as required by UK tax and accounting regulations
  • Health and wearable data: deleted within 12 months of your membership ending, unless you request earlier deletion. Wearable data from disconnected devices is retained for the same period to preserve your historical coaching records

You can request deletion of your data at any time (see Your Rights below). We will action deletion requests within 30 days, subject to any legal obligations to retain certain records.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you
  • Right to rectification: you can ask us to correct any inaccurate or incomplete data
  • Right to erasure: you can request that we delete your personal data (subject to legal obligations)
  • Right to data portability: you can request your data in a structured, machine-readable format
  • Right to restrict processing: you can ask us to limit how we use your data
  • Right to object: you can object to processing based on legitimate interest
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

11. Cookies and Analytics

The App uses essential cookies and local storage to maintain your login session, remember your preferences (such as theme settings), and ensure the App functions correctly. These are strictly necessary and do not require consent.

We do not currently use third-party analytics or advertising cookies. If this changes in the future, we will update this policy and seek your consent where required.

12. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child under 16, please contact us immediately so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through the App or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

R&B Fitness
Bedford, Bedfordshire, United Kingdom
Email: [email protected]