Version 1.0 · Effective 18 July 2026 · Data controller: the AWPREP platform operator (EU legal entity — full details will be published upon company registration). This policy is written to comply with the EU GDPR.
| Data | Whose | Purpose | Legal basis |
|---|---|---|---|
| Account data (name, email, password hash, language) | coaches, athletes | authentication, service operation | contract (Art. 6(1)(b)) |
| Coaching data: check-ins, measurements, plans, chat | athletes | the coaching service itself | contract + explicit consent |
| Health-related data: lab results, medical records, medication, physical condition | athletes | enabling the coach to manage preparation safely | explicit consent (Art. 9(2)(a)), given at account activation and revocable at any time |
| Billing status of coach subscriptions | coaches | subscription management | contract |
| Application form data | applicants | reviewing access requests | pre-contractual steps |
When a coach uses an AI feature, the relevant athlete context (card, diary, labs, medical record, plan) is sent to our AI provider (Anthropic) via our infrastructure to generate the response. AI providers process this data as processors and do not use it to train their models under our API terms. AI actions are logged (who, when, which kind — not the content) for billing.
TLS everywhere, passwords stored as Argon2 hashes, per-tenant row-level security in the database, access-controlled media, EU hosting, principle of least privilege for the application's database role.
Material changes will be announced in the Service in advance. The current version always lives at awprep.com/privacy.html.
Русская версия будет опубликована к открытой регистрации; при расхождении приоритет имеет английский текст.