Back
H
Hussain

Legal

Privacy Policy

Last updated: 28 May 2026

This Privacy Policy explains how Hussain(“we”, “us”, or “our”) collects, uses, stores, and discloses information about you when you use the Hussaincoaching application and related services (collectively, the “Service”). By using the Service you agree to the practices described below.

1. Information We Collect

We collect the following categories of information so we can deliver, secure, and improve the Service:

  • Account information: name, email address, password (stored hashed), role (client/trainer/admin), and profile photo.
  • Health & fitness data: training history, body metrics, weight, workout logs, nutrition logs, homework completions, medical screening notes, and any session signatures you provide.
  • Scheduling & calendar data: bookings, availability, time blocks, and — if you connect Google Calendar — OAuth tokens and event metadata required to sync sessions between the Service and your calendar.
  • Payment information: token-package purchases are processed by Stripe. We never see or store your full card details; we receive transaction identifiers and status from Stripe.
  • Communications: messages, feedback, and support requests you send via the Service or WhatsApp.
  • Technical data: device information, browser type, IP address, time zone, and basic usage logs used for security and diagnostics.

2. How We Use Your Information

  • Provide coaching, scheduling, and tracking features.
  • Sync sessions with Google Calendar when you connect it.
  • Process payments and manage your session credit balance.
  • Send service-related notifications (booking confirmations, reminders, important changes).
  • Improve reliability, prevent fraud, and enforce our Terms.
  • Comply with applicable laws and respond to lawful requests.

We do not sell your personal data, and we do not use your health or training data for advertising.

3. Who Can See Your Data

Access inside the Service is controlled by row-level security policies. As a general rule:

  • Clients can see their own profile, sessions, programs, homework, and calendar.
  • Trainers (PTs) can see profile and training data only for clients assigned to them, with the permission level granted to that relationship.
  • Super administrators may access data for support, debugging, and platform operations.
  • We share data with infrastructure providers strictly to operate the Service: Supabase (database, auth, storage), Vercel (hosting), Stripe (payments), and Google (Calendar integration, only if you opt in).

We may disclose information if required by law, to protect against fraud or abuse, or in connection with a corporate transaction such as a merger or acquisition.

4. Google Calendar Integration

If you connect Google Calendar, we request the minimum scopes needed to create, read, update, and delete events on the calendar you authorize. OAuth refresh tokens are stored encrypted at rest. You can disconnect Google Calendar at any time from your account settings; doing so revokes our access and stops further syncing. Use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Retention

We retain account and training data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain it (for example, financial records for tax compliance).

6. Security

We use industry-standard safeguards including TLS in transit, encryption at rest, hashed passwords, row-level security in the database, and least-privilege access for administrators. No system is perfectly secure; please use a strong, unique password and notify us immediately if you suspect your account has been compromised.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Request deletion of your personal data.
  • Withdraw consent or object to certain processing.
  • Lodge a complaint with your local data protection authority.

Malaysian users are protected under the Personal Data Protection Act 2010 (PDPA). To exercise any of these rights, contact us at Hussain@example.com.

8. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. International Transfers

Our infrastructure providers may process and store data outside Malaysia. Where data is transferred internationally, we rely on providers who maintain appropriate safeguards consistent with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you through the Service or by email. Continued use of the Service after the effective date means you accept the updated policy.

11. Contact

Questions about this Privacy Policy or your data? Contact Hussain at Hussain@example.com or via WhatsApp at +60 11-6173 1051.