Privacy Policy

1. Introduction

Coach365 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our gym management and fitness coaching application, website, and related services (collectively, the "Services"), including through our mobile application.

By using our Services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

This Privacy Policy applies to all users of our Services, including gym members, coaches, and administrators located in Virginia and elsewhere.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you register for and use our Services, including:

• Account information: name, email address, phone number, date of birth, and password
• Profile information: profile photo, fitness goals, training history, and health and fitness metrics (such as height, weight, body composition, and performance data)
• Payment information: billing address and payment card details (processed securely through third-party payment processors; we do not store full payment card numbers)
• Communications: messages sent through the app, feedback, and support requests
• Coach and staff information: professional credentials, certifications, and employment information

2.2 Information Collected Automatically

When you use our Services, we may automatically collect:

• Device information: device type, operating system, unique device identifiers, and mobile network information
• Usage data: pages or features accessed, time spent, click-through data, and in-app activity logs
• Location data: general geographic location derived from your IP address (we do not collect precise GPS location without your explicit consent)
• Log data: IP address, browser type, referring URLs, and crash reports

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Fitness tracking devices and wearables you choose to connect to our Services
• Single sign-on providers (such as Apple or Google) if you choose to log in through those services
• Payment processors for transaction verification and fraud prevention purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

• Create and manage your account and profile
• Deliver personalized training programs, coaching, and performance tracking
• Process payments and manage subscriptions
• Enable communication between coaches and members
• Provide customer support and respond to inquiries
• Improve, personalize, and expand our Services

3.2 Communications

• Send transactional communications (receipts, program updates, schedule changes)
• Send administrative notices and security alerts
• Send marketing and promotional communications, where you have opted in or where permitted by applicable law

3.3 Safety, Security, and Legal Compliance

• Monitor and enforce compliance with our Terms of Service
• Detect, prevent, and address fraud, unauthorized activity, and security incidents
• Comply with applicable laws, regulations, and legal obligations
• Respond to lawful requests from public authorities

4. Disclosure of Your Information

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

4.1 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Services, subject to confidentiality agreements. These include payment processors, cloud hosting providers, analytics platforms, and email service providers.

4.2 Coaches and Administrators

Information you provide as a gym member — including your training programs, performance data, and health metrics — may be visible to your assigned coaches and authorized gym administrators for the purpose of delivering coaching services.

4.3 Business Transfers

If Coach365 is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing, protect the personal safety of users or the public, or protect against legal liability.

5. Health and Fitness Data

Our Services collect and process health and fitness-related information, including body composition data, performance metrics, training history, and other information that may be considered sensitive. We treat this data with heightened care.

We use your health and fitness data solely to:

• Provide and improve your personalized training and coaching experience
• Enable your coaches to monitor your progress and adjust your programming
• Generate performance analytics and progress reports for your personal use

We do not sell health and fitness data to third parties, and we do not use such data for advertising or marketing purposes without your explicit consent.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our Services. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

Aggregated, de-identified data that cannot reasonably be used to identify you may be retained indefinitely for analytics and service improvement purposes.

7. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information.

7.1 Virginia Residents — Virginia Consumer Data Protection Act (VCDPA)

If you are a Virginia resident, you may have the following rights under the Virginia Consumer Data Protection Act (Va. Code § 59.1-571 et seq.):

• Right to Access: You may confirm whether we are processing your personal data and request a copy of that data.
• Right to Correction: You may request correction of inaccurate personal data we hold about you.
• Right to Deletion: You may request that we delete personal data we have collected about you, subject to certain exceptions.
• Right to Data Portability: You may request a portable copy of your personal data in a commonly used, machine-readable format.
• Right to Opt Out: You have the right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects. We do not sell personal data or use it for targeted advertising.
• Right to Appeal: If we decline to take action on your request, you may appeal that decision by contacting us as described in Section 11.

To exercise your Virginia rights, please submit a request using the contact information in Section 11. We will respond to verified requests within 45 days. We may extend this period by an additional 45 days when reasonably necessary, with notice.

7.2 All Users

Regardless of your location, you may:

• Update or correct your account information at any time through the app settings
• Opt out of marketing emails by clicking the unsubscribe link in any marketing email or adjusting your notification preferences in the app
• Request deletion of your account by contacting us at the email address in Section 11
• Request access to the personal information we hold about you

8. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS), access controls, and regular security reviews.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you believe your account has been compromised, please contact us immediately.

9. Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete that information promptly.

For users between the ages of 13 and 18, we recommend parental involvement in account setup and ongoing use of our Services.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform. We are not responsible for the privacy practices of third parties.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Underground Athlete
Privacy Inquiries
Reston, Virginia
Email: rise.up@undergroundathlete.com

We will respond to all privacy-related inquiries within 30 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the effective date at the top of this policy and, where appropriate, by providing in-app notice or email notification.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.