Effective date: March 11, 2025

Privacy Policy

This policy explains how Ryan Dowling Counihan, operating FEEDBACK at feedbackcoach.app, collects, uses, and protects your personal data.

1. Who We Are

FEEDBACK is a HYROX training application operated by Ryan Dowling Counihan (the “Data Controller”), trading at feedbackcoach.app. For any privacy-related enquiries, contact us at privacy@feedbackcoach.app.

We are committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

2. Data We Collect

We collect the following categories of data:

Account Data

  • Name and email address — provided when you create an account. Used to identify your account and communicate with you.
  • User identifier — a unique ID assigned to your account by our authentication provider (Supabase). Used to associate your data with your account.

Training Data

  • Session logs (exercise type, duration, sets, reps, load)
  • Perceived exertion ratings (RPE)
  • Weekly training plans and recommended sessions
  • Training diagnosis results (e.g. accumulated fatigue, readiness)

This data is entered by you directly and forms the core of the service.

Health Data (Optional — HealthKit)

If you grant permission, FEEDBACK reads the following data from Apple HealthKit:

  • Heart rate variability (HRV-SDNN)
  • Resting heart rate
  • Sleep analysis
  • Workout heart rate zones

This data is used solely to auto-fill session logs and improve your weekly training recommendations. HealthKit data is never used for advertising or marketing purposes, and is never shared with third parties except as described in Section 5. Granting this permission is entirely optional — the app works fully without it.

Technical Data

  • App version and device type (used for debugging)
  • App settings stored locally on your device

We do not collect IP addresses, advertising identifiers, or browser fingerprints.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds under the GDPR:

  • Contract performance (Article 6(1)(b)): Account data and training data are processed to provide the service you signed up for — without this data, we cannot deliver personalised training recommendations.
  • Explicit consent (Articles 6(1)(a) and 9(2)(a)): Health data from HealthKit is special-category data under GDPR. We process it only if you explicitly grant HealthKit permission on your device. You may withdraw this consent at any time in your iPhone Settings → Health → Data Access & Devices.
  • Legitimate interests (Article 6(1)(f)): We may process minimal technical data to maintain the security and stability of the service.

4. How We Use Your Data

  • To create and manage your account
  • To generate personalised weekly training plans and diagnose training state (e.g. accumulated fatigue, insufficient stimulus)
  • To auto-fill session logs with biometric data (if HealthKit is enabled)
  • To display your training history and analysis
  • To respond to support requests

We do not use your data for advertising, behavioural profiling, or any purpose other than providing the FEEDBACK service.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following sub-processors, strictly for the purpose of operating the service:

Supabase (Database & Authentication)

Your account data and training data are stored in a PostgreSQL database managed by Supabase, Inc. Supabase infrastructure runs on AWS. Supabase operates as a data processor under a Data Processing Agreement (DPA) and does not use your data for any purpose other than storage and retrieval on our behalf.

Supabase Privacy Policy: supabase.com/privacy

Apple (HealthKit)

Health data is read from Apple HealthKit on your device. FEEDBACK does not transmit raw HealthKit data to our servers — only the derived readiness score and biometric snapshot computed from that data are stored, and only if you choose to log a session. Apple’s handling of HealthKit data is governed by Apple’s Privacy Policy (apple.com/privacy).

We have no advertising partners. No data is shared with social media platforms, analytics services, or marketing companies.

6. International Data Transfers

Your data may be stored and processed outside the European Economic Area (EEA) by Supabase on AWS infrastructure. These transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection equivalent to that within the EEA.

7. Data Retention

  • Account and training data is retained for as long as your account is active.
  • Upon receiving a deletion request, we will delete your data within 30 days, except where retention is required by law.
  • Local app settings (stored on your device) are deleted when you uninstall the app.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

GDPR Rights (EU/UK Users)

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data (“right to be forgotten”)
  • Right to data portability — receive your data in a machine-readable format
  • Right to restriction — request that we limit how we process your data
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — for HealthKit data, withdraw at any time via iPhone Settings → Health

CCPA Rights (California Residents)

  • Right to know what personal information is collected and how it is used
  • Right to delete your personal information
  • Right to opt out of the sale of personal information — we do not sell your data
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, email us at privacy@feedbackcoach.app. We will respond within 30 days. We may ask you to verify your identity before processing your request.

If you are in the EU and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local Data Protection Authority.

9. Children's Privacy

FEEDBACK is not directed at children under 13 years of age (or under 16 in the EU/EEA). We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us at privacy@feedbackcoach.app and we will delete it promptly.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted database storage via Supabase, authentication tokens, and row-level security policies. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but will notify you of any breach as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will reflect the latest revision. If changes are material, we will notify you via the app or by email. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact Us

For any questions, data requests, or privacy concerns, contact the Data Controller:

Ryan Dowling Counihan

Operating FEEDBACK at feedbackcoach.app

Email: privacy@feedbackcoach.app

← Back to home·Terms of Service