← AWPREP

Privacy Policy

Version 1.0 · Effective 18 July 2026 · Data controller: the AWPREP platform operator (EU legal entity — full details will be published upon company registration). This policy is written to comply with the EU GDPR.

1. What we process and why

DataWhosePurposeLegal basis
Account data (name, email, password hash, language)coaches, athletesauthentication, service operationcontract (Art. 6(1)(b))
Coaching data: check-ins, measurements, plans, chatathletesthe coaching service itselfcontract + explicit consent
Health-related data: lab results, medical records, medication, physical conditionathletesenabling the coach to manage preparation safelyexplicit consent (Art. 9(2)(a)), given at account activation and revocable at any time
Billing status of coach subscriptionscoachessubscription managementcontract
Application form dataapplicantsreviewing access requestspre-contractual steps

2. What we do NOT do

3. AI processing

When a coach uses an AI feature, the relevant athlete context (card, diary, labs, medical record, plan) is sent to our AI provider (Anthropic) via our infrastructure to generate the response. AI providers process this data as processors and do not use it to train their models under our API terms. AI actions are logged (who, when, which kind — not the content) for billing.

4. Processors and transfers

5. Retention

6. Your rights (GDPR)

7. Security

TLS everywhere, passwords stored as Argon2 hashes, per-tenant row-level security in the database, access-controlled media, EU hosting, principle of least privilege for the application's database role.

8. Changes

Material changes will be announced in the Service in advance. The current version always lives at awprep.com/privacy.html.

Русская версия будет опубликована к открытой регистрации; при расхождении приоритет имеет английский текст.