Privacy Policy

Last updated: May 8, 2026

1. Who we are

Trainer CRM ("we", "us", "our") is a software product that helps fitness professionals manage their leads, clients, appointments, and communications. This policy describes how we collect and use personal information.

2. What we collect

  • Account info — your name, email, and business name when you sign up.
  • Lead data — contact details of prospects you add to your CRM (names, emails, phone numbers, notes).
  • Conversations — SMS, email, Messenger, and Instagram messages exchanged through the CRM.
  • Integrations — credentials and tokens you provide for Twilio, Stripe, Resend, Google Calendar, Meta, and OpenAI.
  • Usage — pages visited and actions taken, for product improvement.

3. How we use it

We use personal information solely to:

  • Provide the CRM service you signed up for.
  • Send communications on your behalf (SMS/email) through your configured integrations.
  • Sync data with third-party services you connect (Google Calendar, Meta, Stripe, etc.).
  • Improve product reliability and support you when you report issues.

We do not sell personal data. We do not use lead data to train machine-learning models beyond the AI scoring feature you explicitly trigger.

4. Sharing

We share data only with:

  • Subprocessors that power the service: Supabase (database), Vercel (hosting), Resend (email), Twilio (SMS), Stripe (payments), OpenAI (optional AI features), Meta (FB/IG integration), Google (Calendar).
  • Law enforcement if legally required.

5. Retention

We keep data for as long as your account is active. When you delete a lead, client, invoice, or message, it is removed from the database immediately and irretrievably. When you close your account, we delete all associated data within 30 days.

6. Your rights

You can access, correct, export, or delete your personal data at any time from within the CRM. For questions or requests not covered in-app, email privacy@trainer-crm-template.vercel.app.

7. Security

Credentials for third-party integrations are stored encrypted. All traffic is TLS-encrypted. Access is scoped via row-level security: no trainer can read another trainer's data.

8. Changes

We may update this policy occasionally. When we do, the "Last updated" date above will change and significant changes will be communicated via email.