Privacy Policy

Last updated: 3 May 2026

Who we are

Sculptr (“Sculptr”, “we”, “us”) is a personal-training platform that gives coaches (“PTs”) and their clients a shared space for workouts, nutrition, and progress tracking.

For data-protection questions or to exercise any of the rights described below, contact us at hello@sculptr.app.

What we collect

Depending on whether you use Sculptr as a PT or a client, and what features you use, we may process the following categories of personal data:

  • Account data — email address, name, role (PT, client, admin), authentication identifiers, and account settings.
  • Contact data — phone number and any contact details you choose to share with your coach.
  • Health-adjacent data — date of birth, height, weight, body measurements, progress photos, and self-reported wellbeing or check-in ratings. We do not knowingly collect special-category health data within the meaning of UK GDPR Article 9; this information is fitness-tracking data shared between you and your coach.
  • Behavioural data — workouts logged, sets and reps completed, step counts, food and meal logs, and timestamps of activity on the platform.
  • PT↔client communications — messages, notes, feedback, and any media exchanged between a coach and a client through the platform.
  • Technical data — IP address, device and browser metadata, and minimal application logs needed to operate and secure the service.

Why we process it

  • To create, secure, and operate your account.
  • To deliver the coaching service: letting your PT build plans, letting you log workouts, nutrition and progress, and showing both sides the same picture.
  • To convert natural-language food descriptions into structured nutrition data using LLM providers (see “Sub-processors” below).
  • To send transactional email such as magic-link sign-in, invitation, and account notifications.
  • To diagnose problems, prevent abuse, and keep the platform safe.
  • To comply with our legal obligations.

Lawful basis

We rely on the following lawful bases under UK GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)) — to provide the platform you or your coach signed up for.
  • Legitimate interests (Art. 6(1)(f)) — to keep the service secure, prevent fraud and abuse, and improve product quality, balanced against your rights.
  • Consent (Art. 6(1)(a)) — where you actively choose to upload progress photos, body measurements, or wellbeing data. You can withdraw consent at any time by deleting that data or contacting us.
  • Legal obligation (Art. 6(1)(c)) — where we must process data to comply with applicable law.

Sub-processors

We use the following sub-processors to operate Sculptr. Each only sees the minimum data needed for the function described:

  • Supabase — managed Postgres database, authentication, and file storage. Sees your account, contact, health-adjacent, behavioural and communications data.
  • Resend — transactional email delivery. Sees your email address and the contents of platform-generated emails (e.g. magic-link sign-in, invitations).
  • Google Gemini — large-language-model provider used to parse natural-language food descriptions and similar coaching content.
  • Groq — large-language-model inference provider used for the same parsing and classification tasks.
  • Anthropic — large-language-model provider used for the same parsing and classification tasks.
  • Hetzner — server and infrastructure hosting for the application servers and reverse proxy.

LLM food-description disclosure: when you describe a meal in free text (for example “two scrambled eggs on sourdough”), that description is sent to one or more of the LLM providers listed above — currently Google Gemini, Groq, and Anthropic — so we can convert it into structured nutrition data. Avoid including information in food descriptions that you would not want to share with those providers.

International transfers

Some of our sub-processors are based outside the UK and EEA, including in the United States. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions where available. You can request a copy of the safeguards in place by emailing hello@sculptr.app.

Retention

We keep personal data only for as long as we need it to deliver the service or to meet legal obligations:

  • Account, coaching and behavioural data is kept for the lifetime of your account and deleted on request or within a reasonable period after account closure.
  • Operational logs are kept only as long as needed for security, debugging and abuse prevention, then rotated.
  • Backups follow the retention windows of our infrastructure providers and are overwritten on a rolling basis.

Your rights

Under UK and EU GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased where applicable;
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent where we rely on it; and
  • lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority.

To exercise any of these rights, email hello@sculptr.app.

Controller vs processor

Sculptr acts as a data controller for the operation of the platform itself: account creation, authentication, billing, security, and the data you provide directly to us when signing up.

Sculptr acts as a data processor for coaching content uploaded by PTs — the workout templates, nutrition plans, programme structure, and similar materials that a PT creates inside the platform on behalf of their clients.

PTs are independent data controllers for their own clients’ coaching data. PTs decide what measurements, photos, programmes and notes they collect from their clients, how long they retain that information, and how they use it. If you are a client, your coach is responsible to you under UK GDPR for that coaching relationship; we process the underlying data on their behalf.

Cookies and storage

We use first-party cookies and equivalent browser storage that are strictly necessary to keep you signed in, remember your preferences, and operate the platform. We do not use third-party advertising cookies or cross-site tracking.

Changes to this policy

We may update this policy from time to time. The date at the top of the page reflects the most recent change. Material changes will be communicated through the platform or by email.

Contact

For any privacy-related question, including data-subject requests, contact hello@sculptr.app.