Privacy Policy — Propel | Propel Coaches

Propel Coaches ("we", "our", "us") is a fitness and coaching platform operated by Charles Bettiol, based in Australia. This Privacy Policy explains what personal information we collect when you use the Propel mobile app or coach web dashboard, how we use it, who we share it with, and the rights you have over it.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What we collect

1.1 Account information

Name, email address, password
Subscription plan and payment method (Stripe processes the payment — we never see your full card number)
Date of birth (used to verify you are 16 or older and to calculate appropriate calorie targets)
Gender, height, weight, target weight

1.2 Health information (sensitive information under APP 3)

When you use Propel as a client, you choose to share information classified as sensitive information under the Privacy Act:

Medical conditions you flag during onboarding (e.g. hypertension, diabetes, cardiac, thyroid)
Pregnancy or postpartum status
History of an eating disorder
Recent surgery
Current medications
Allergies and dietary restrictions
Injuries and physical limitations
Workout logs (exercises, sets, reps, weights, RPE)
Nutrition logs (food items, calories, macronutrients, fibre)
Body measurements and progress photos
Weekly check-in responses (energy, sleep quality, stress, mood, training difficulty, body weight)
Mental wellbeing context you share with the AI coach during conversations

You provide this sensitive information voluntarily, and by submitting it you give us your explicit consent to handle it for the purposes in section 2. You can withdraw consent at any time by deleting your account (see section 8). Withdrawing consent will limit or end your ability to use the service.

1.3 Communications

Messages you send through in-app chat with your human coach (if assigned) or the AI coach
Support emails you send us
Push notification preferences

1.4 Device and usage data

Device type, operating system version, app version
Push notification tokens (if you opt in)
Screens viewed, features used, session duration (used to improve the service)
IP address (only logged transiently for security purposes)

1.5 Coach-side information (web dashboard)

If you sign up as a coach, we additionally collect:

Business name, branding preferences
Information you enter about your clients (the client owns this data, but we store it)
Booking and appointment details

2. How we use your information

We use your information only for these purposes:

Create and manage your account
Generate personalised AI workout programs and meal plans (see section 4)
Provide AI coaching responses based on your data (see section 4)
Track your progress over time and provide insights
Process payments and manage subscriptions
Send transactional notifications you've opted into (workout reminders, check-in prompts, weekly summaries)
Operate the platform safely (see section 5 on AI safety monitoring)
Improve the service based on aggregated usage
Respond to support requests
Comply with legal obligations

We do not sell your personal information to anyone.
We do not use your data for advertising or marketing profiling.
Your data is not used to train any AI provider's models — see section 4.

3. Who we share with

We share information only with the following parties, and only as needed to provide the service:

Provider	Purpose	Where they store data
Supabase	Database hosting, authentication	Singapore
Stripe	Payment processing	United States
Apple	App distribution, in-app subscriptions, push notifications	United States
Expo	Push notification delivery	United States
Resend	Transactional email delivery	United States
Anthropic	AI features (coach chat, program generation, meal plan generation, form check)	United States
OpenAI	AI features (recipe generation, food photo recognition)	United States
Vercel	Web dashboard hosting	United States / global edge
Sentry	Error monitoring	United States

If you are assigned to a human coach, that coach will see your workout logs, nutrition logs, check-ins, progress photos, messages, and the safety concerns flagged by the AI coach. They are bound by their own professional obligations.

We may disclose information when required by law (e.g. subpoena, court order, lawful government request) or where necessary to protect a person's life or physical safety.

4. AI processing

Our AI features (program generation, meal plan generation, AI coach chat, food photo analysis, exercise form analysis, recipe generation) send the relevant subset of your fitness, nutrition, health, and conversation data to AI providers (Anthropic and OpenAI) so they can generate a personalised response.

AI providers process your data only to fulfil the request.
Your data is not used to train any AI provider's foundation models — both Anthropic and OpenAI provide this commitment under their commercial API terms.
We retain a copy of every AI-generated decision (workout adjustments, macro changes, etc.) in our internal audit log so you and we can see what the AI changed and why.
AI outputs are generated by automated systems and may contain mistakes. They are general fitness information, not medical advice.

5. AI safety monitoring

The AI coach is instructed to flag certain client messages for human review. Specifically, if you mention self-harm or suicidal thoughts, restrictive eating or other disordered eating patterns, a serious injury that may need medical attention, substance abuse problems, or domestic violence or abuse, the AI will:

Respond with empathy and direct you to the appropriate Australian crisis service (Lifeline 13 11 14, Beyond Blue 1300 22 4636, NEDC nedc.com.au, 1800RESPECT 1800 737 732).
Record a flag in our safety database.
Email a notification to our safety operator inbox so a human can review the conversation.

This monitoring exists to protect you. The records we keep for safety reviews are retained for 7 years to meet incident-records-keeping standards.

6. Storage, security, and cross-border transfers

Your data is stored on Supabase infrastructure in Singapore. We rely on Supabase's certifications (SOC 2 Type II, GDPR-aligned controls) and use:

TLS / HTTPS encryption in transit
AES-256 encryption at rest
Row-level security policies enforcing per-user data isolation
Service role keys held server-side only

By using Propel you consent to your information being transferred to and processed in Singapore and the other countries listed in section 3. APP 8 limits this transfer; we have selected providers that adopt substantially similar privacy protections.

7. How long we keep your data (retention)

Data	Retention period
Active account data	For as long as your account is active
Personal data after account deletion	Deleted within 30 days
AI conversations	Deleted with your account
AI safety concern flags	7 years (incident records)
AI decision audit log	7 years
Email send logs	12 months
Stripe payment records	As required by Australian tax / accounting law (typically 7 years)
Anonymised, aggregated analytics	Indefinite

If we are legally required to retain specific records longer (e.g. for a regulatory investigation), we will.

8. Your rights

Under the Privacy Act and the APPs, you have the right to:

Access your personal data — most of it is visible inside the app at any time. To request a complete export, use the Settings → Privacy → Export my data button or email us.
Correct inaccurate data — update your profile in the app, or contact us.
Delete your account — go to Settings → Delete account. This is self-serve and takes effect immediately. We then purge your data within 30 days. (Records we are required to keep for safety, audit, or tax purposes are retained for the periods in section 7.)
Withdraw consent for data processing at any time (this will end your ability to use the service).
Opt out of push notifications via your device settings.
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992 if you believe your privacy has been breached.

9. Children

Propel is not designed for and not available to anyone under the age of 16. We block users from completing onboarding if their date of birth shows they are under 16. If we discover an account belongs to someone under 16, we will close it and delete the data.

10. Data breach notification

Australia's Notifiable Data Breaches scheme (Privacy Act, Part IIIC) requires us to notify both the OAIC and affected individuals if your personal information is involved in a data breach likely to cause serious harm. If this happens, you will be notified by email as soon as practicable.

11. Cookies (web dashboard only)

The Propel web dashboard uses only essential cookies for authentication and session management. We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

12. Changes to this policy

We may update this Privacy Policy from time to time. If the changes are material (for example, adding a new processor, changing what we collect, or changing how we use data), we will notify active users by in-app notification or email at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the current version.

13. About the operator

Propel Coaches is operated by Charles Bettiol, a former Personal Trainer based in Australia. Propel is a software platform — Charles is not a registered health practitioner under the Health Practitioner Regulation National Law. Propel does not provide registered-practitioner services (such as those of an Accredited Practising Dietitian, Physiotherapist, or Exercise Physiologist). When you need clinical care, please see a registered practitioner.

14. Contact

If you have questions about this Privacy Policy, want to access or correct your data, or have a complaint:

Email: support@propelcoaches.com
Mail: Charles Bettiol, Propel Coaches, Australia

If you are not satisfied with our response, you can contact the OAIC at oaic.gov.au or 1300 363 992.