Effective date: 5/22/25
At-a-glance (the TL;DR)
- We collect only what we need to run Pulse and personalize your training.
- Your workout and health data are never sold.
- Data flows through trusted partners (Stripe for payments, Supabase for storage, OpenAI/Anthropic/Google for AI features) under strict contracts.
- Third-party integrations (e.g. Google Fit, Oura, etc) are optional and the connection is secure to protect your data.
- You control your data—download it, fix it, delete it, or tell us not to use it for marketing whenever you like.
1. Who we are
Progressive Performance LLC (“Pulse,” “we,” “us,” “our”) operates the Pulse mobile and web apps, the website at https://ai.progressiveperformancep2.com, and related services.
2. Information we collect
| Category | Examples | Why we collect it |
|---|---|---|
| You give us | Name, email, date of birth, height & weight, fitness goals, photos/videos you upload, messages you send to coaches or the AI | Create your account, personalize plans, show progress |
| Automatically | Device type, IP address, log files, usage analytics, cookies or similar IDs | Keep the service secure, fix bugs, improve UX |
| From partners | Payment status (Stripe), authentication tokens (Clerk), AI model responses (OpenAI, Anthropic, Google), 3rd parties (Google, Oura, etc) | Process payments, log you in, deliver AI-generated coaching, streamline data sharing |
Sensitive data
Your training/nutrition history, file uploads, biometrics, or body-composition photos are treated as “Consumer Health Data.” We collect them only with your explicit consent and use them solely to tailor your program.
3. How we use your data
- Deliver and maintain the Pulse app
- Personalize workouts, nutrition tips, and recovery advice
- Send service emails or in-app messages (you can opt-out of marketing)
- Research and analytics to improve Pulse (data aggregated or de-identified when possible)
- Detect, prevent, and fight fraud or misuse
- Comply with legal obligations
4. Legal bases (GDPR / UK GDPR)
| Purpose of processing | Typical data involved | GDPR / UK GDPR legal basis |
|---|---|---|
| Create & maintain your account | Name, preferred name, pronouns, email, password hash, authentication tokens (Clerk) | Contract – Art 6 (1)(b) |
| Personalise workouts, nutrition & recovery advice | Height, weight, body-composition metrics, fitness goals, training logs, progress photos/videos | Explicit consent – Art 9 (2)(a) (special-category health data) and Contract – Art 6 (1)(b) for non-sensitive data |
| AI coaching & chat responses | In-app messages, workout context, goal changes (shared with OpenAI/Anthropic/Google under DPA) | Contract – Art 6 (1)(b) |
| Payments & accounting | Billing name, address, payment method (last-4 digits, card brand), Stripe customer & transaction IDs | Legal obligation – Art 6 (1)(c) and Contract – Art 6 (1)(b) |
| Product analytics & crash reporting | Device type, OS version, pseudonymous user ID, usage events, crash logs | Legitimate interest – Art 6 (1)(f) |
| Marketing emails & push notifications | Email address, device push token, in-app behaviour segments | Consent – Art 6 (1)(a) |
| Customer support & troubleshooting | Support tickets, chat transcripts, error screenshots | Contract – Art 6 (1)(b) |
| Fraud prevention & security | IP address, login timestamps, unusual activity flags | Legitimate interest – Art 6 (1)(f) |
| Legal compliance & dispute resolution | Any data reasonably required for a claim or audit | Legal obligation – Art 6 (1)(c) |
5. Cookies & similar tech
We use first-party cookies for login persistence and third-party analytics (currently Vercel). You can manage cookies in your browser or via our in-app privacy settings popup.
6. Who we share data with (service providers only)
- Stripe – payment processing
- Clerk – secure authentication
- Supabase – encrypted database and file storage
- OpenAI, Anthropic, Google – AI/LLM features (prompts and outputs are not used to train their models and all messages are encrypted)
- Vercel – product analytics (pseudonymised)
- Mailgun – transactional email
7. International data transfers
If we move data outside your region (e.g., to the U.S.), we rely on Standard Contractual Clauses or another lawful mechanism.
8. Security
Data in transit = TLS 1.2+.
Data at rest = AES-256 encryption (Supabase).
Least-privilege access controls, regular penetration testing, and incident-response plan.
9. Data retention
We keep account data while you use Pulse and for 24 months after you close your account (for audit, tax, and backup reasons), then delete or fully anonymize it.
10. Your privacy rights
You may, at any time: Access • Correct • Delete • Download (portability) • Object / Opt-out of marketing • Restrict processing of sensitive data.
U.S. residents (CA, CO, VA, CT, UT) also have the right to opt-out of “sharing” and targeted advertising. Email admin@progressiveperformancep2.com for more info.
11. Children
Pulse is not directed to children under 18. We do not knowingly collect data from anyone under 18. Parents can request deletion at the email above.
12. Changes
We’ll post any material changes here and email you 30 days before they take effect.
13. Contact us
admin@progressiveperformancep2.com
Progressive Performance Personal Training, 2110 Dry Ridge Rd, Grove City, Ohio, 43123