Privacy Policy — Plus 4 Performance

This Privacy Policy explains how Plus 4 Performance ("we", "us", "our") collects, uses, stores and protects your personal data when you use our website at plus4performance.com and our fitness platform (the "Service"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our Service you agree to the collection and use of your data as described in this policy. If you do not agree with this policy please do not use our Service.

1. Who We Are

Plus 4 Performance is the data controller responsible for your personal data. We are based in the United Kingdom.

2. What Data We Collect

2.1 — Account Data

When you create an account we collect:

Your name and email address
A securely hashed password — we never store passwords in plain text
The date and time your account was created

2.2 — Intake and Health Data

When you complete our plan intake form we collect personal and health-related information including:

Biological sex, age, height and current weight
Your fitness goal, training experience and training preferences
Dietary preferences and food exclusions
Any injuries, physical limitations or relevant medical conditions you choose to disclose

Please note: injury and health information is classified as sensitive personal data under UK GDPR. We collect this data solely to generate a safe and personalised fitness plan for you. We do not share this data with third parties for marketing or commercial purposes.

2.3 — Payment Data

Payment processing is handled by Stripe, a third-party payment provider. We do not store your card details on our systems. Stripe may collect and process your payment information in accordance with their own privacy policy, available at stripe.com/privacy.

We store a record of your subscription status and Stripe customer ID to manage your account.

2.4 — Progress and Tracking Data

If you use our progress tracking features we may collect:

Body weight entries and dates
Progress measurements you choose to log
Session completion records

2.5 — Usage Data

We may automatically collect certain technical data when you use our Service including:

IP address and browser type
Pages visited and features used
Device type and operating system

This data is used to maintain and improve the Service and is not used to identify you individually.

3. How We Use Your Data

We use your personal data for the following purposes:

To create and manage your account
To generate your personalised 12-week training and nutrition plan
To process payments for your subscription
To deliver your plan and any updates to it
To send you transactional emails related to your account and subscription
To send you marketing emails where you have consented — you can unsubscribe at any time
To improve and develop our Service
To comply with our legal obligations

3.1 — Legal Basis for Processing

We process your personal data on the following legal bases:

Contract: to fulfil our service agreement with you — generating and delivering your plan
Legitimate interests: to maintain and improve our Service, prevent fraud and ensure security
Consent: for marketing communications — you can withdraw consent at any time
Legal obligation: to comply with applicable laws and regulations

3.2 — Health Data

We process your health and injury data on the basis of your explicit consent, provided when you complete the intake form. You have the right to withdraw this consent at any time by contacting us. Withdrawing consent will not affect the lawfulness of processing before withdrawal, but may mean we are unable to generate a safe personalised plan for you without this information.

4. How We Store Your Data

Your data is stored securely using Supabase, a cloud database provider. Data is stored on servers located within the European Economic Area. Supabase implements industry-standard security measures including encryption at rest and in transit.

We retain your personal data for as long as your account is active. If you close your account we will delete your personal data within 30 days of your request, except where we are required to retain it for legal purposes such as tax or accounting obligations.

5. Who We Share Your Data With

We do not sell your personal data. We share your data only with the following third-party service providers who process it on our behalf:

Supabase — database and authentication (supabase.com)
Stripe — payment processing (stripe.com)
Anthropic — AI plan generation. Your intake data is sent to Anthropic's API to generate your personalised plan. Anthropic does not use your data to train their models (api.anthropic.com)
Resend — transactional email delivery (resend.com)
Klaviyo — marketing email platform, where you have consented to receive marketing communications (klaviyo.com)

All third-party providers are contractually required to process your data only as instructed and to implement appropriate security measures.

We may disclose your data to law enforcement or regulatory authorities if required to do so by law or in response to a valid legal request.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within 30 days.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete data we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data. To request deletion of your account and all associated data, please email support@plus4performance.com with the subject line 'Data Deletion Request'. We will process your request within 30 days and confirm deletion. Please note that some data may be retained where we have a legal obligation to do so.

Right to Restrict Processing

You have the right to request that we restrict the processing of your data in certain circumstances, for example if you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have the right to object to processing for direct marketing purposes at any time.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time. To unsubscribe from marketing emails use the unsubscribe link in any marketing email or contact us directly.

To exercise any of these rights please contact us at support@plus4performance.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.

7. Cookies

Our website uses cookies to maintain your login session and to understand how users interact with our Service. We use only essential cookies required for the Service to function and analytics cookies to improve the Service.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using parts of our Service.

8. Children

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with their personal data please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by displaying a notice within the Service. The date at the top of this policy indicates when it was last updated. Continued use of the Service after changes are made constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data please contact us:

Email: support@plus4performance.com

Website: plus4performance.com

We aim to respond to all privacy-related enquiries within 5 working days.

Plus 4 Performance — plus4performance.com