1. Who we are
The Service is operated by NYD&Co Pty Ltd, trading as NYD Systems ("we", "us", or "our"). We are the entity responsible for the personal information we hold about you (the "data controller" under the GDPR, and an "APP entity" under the Australian Privacy Act).
You can reach us at:
NYD&Co Pty Ltd (NYD Systems)
PO BOX 5793
Studfield, Victoria, 3152
Australia
Email: privacy@progressor.app
2. What we collect
Account data. The email address and name (or display name — a real name is not required) you provide when you sign in, including through Google or Apple sign-in. We receive a basic profile identifier from those providers; we do not receive your password.
Profile and training preferences. Information you choose to add, such as height, date of birth, biological sex, timezone, phone number, training goal, experience level, available equipment, and unit preferences.
Training data. Every set you log (weight, reps, RPE, rest, tempo, notes), your workouts, personal records, wellness/readiness check-ins, and program structure.
Body and health data. Bodyweight and body measurements you enter, and — only if you enable it — data synced from Apple Health or Google Health Connect (such as bodyweight and workout records). Cardio logs may include duration, distance, and heart-rate data. See section 3.
Nutrition data. Calorie and macronutrient goals and any daily nutrition logs you choose to record.
Coaching data. If you connect with a coach, your coach can view your training data, and any intake form responses and coach notes are associated with that relationship.
Subscription data. Subscription status and transaction identifiers received from Apple, Google, or Stripe via RevenueCat. We do not collect or store your full payment card details — those are handled by the relevant payment platform.
Device and usage data. Device type, operating system version, app version, crash reports, push-notification tokens, and anonymised in-app event data used to operate and improve the Service. We do not collect your contacts, precise location, or data from unrelated apps.
3. Health and sensitive information
Some of the information above (for example bodyweight, body measurements, biological sex, heart-rate data, and health-app data) may be health or sensitive information under the Australian Privacy Act, and special-category data under Article 9 of the GDPR.
We only collect and process this information with your explicit consent, which we ask for during onboarding before any session is logged, and again before enabling a health-app integration. You can withdraw your consent at any time through Settings → Privacy & Data or Settings → Connected Devices. Withdrawing consent disables the related features and queues the relevant data for anonymisation.
We use this information solely to generate your general training and nutrition recommendations and analytics within the Service. We never use it for advertising and never sell it.
4. How we use your information
We use your information to:
- operate the Service — including progression calculations, recommendations, analytics, sync, and history;
- authenticate you and keep your account secure;
- process and manage your subscription;
- send transactional messages (receipts, security alerts, account and service notices) and the in-app notifications you have enabled;
- send marketing communications only if you have opted in (you can opt out at any time);
- provide coaching features to you and, where you choose, to your connected coach;
- diagnose problems, prevent abuse, and improve the Service using anonymised, aggregated usage statistics; and
- comply with our legal obligations.
Where the GDPR applies, our legal bases are: performance of a contract (to provide the Service), consent (for health data and marketing), legitimate interests (to secure and improve the Service), and legal obligation.
5. What we do not do
- We do not sell your personal information. Ever.
- We do not share your training or health data with advertisers, data brokers, or insurers.
- We do not use your data to train AI or machine-learning models without your separate, explicit consent.
- We do not show third-party advertising in the Service.
7. Where your data is stored and overseas transfers
Your account and training data are stored in Supabase (PostgreSQL).
[CONFIRM REGION] The previous policy stated EU-region servers. Confirm the actual hosting region for the NYD Systems deployment and update this section accordingly (for example, EU, Australia, or another region).
Because we and some of our service providers operate internationally, your personal information may be stored or processed outside Australia (and, for EU/UK users, outside the EEA/UK). Where we transfer personal information overseas, we take reasonable steps to ensure it is handled consistently with this policy and applicable law, including (for GDPR transfers) relying on appropriate safeguards such as standard contractual clauses.
8. Security
We use reasonable technical and organisational measures to protect your information, including encryption in transit and at rest, access controls (row-level security so users can only access their own data), and encrypted backups retained for 30 days.
No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security, and you provide your information at your own risk.
9. Your rights and choices
You have rights over your personal information. Depending on where you live, these may include the right to access, correct, delete, restrict or object to processing, withdraw consent, and (where the GDPR applies) data portability.
You can exercise the most common rights directly in the app:
- Export your data at any time from Settings → Privacy & Data → Export (CSV).
- Delete your account at any time from Settings → Privacy & Data → Delete account. Deletion has a 30-day cooling-off period during which you can cancel; after that, your personal information is deleted or anonymised and your subscriptions are cancelled.
- View your consent and Terms-acceptance history in Settings → Privacy & Data.
- Manage marketing preferences (email/SMS opt-in) in the same section.
For any other request, email privacy@progressor.app. We will respond within the timeframes required by applicable law.
Australian Privacy Act. We handle personal information in accordance with the Australian Privacy Principles (APPs). You may ask us to access or correct your personal information at any time.
GDPR (EU/UK residents). You may also lodge a complaint with your local supervisory authority (for example, the ICO in the UK).
11. Children
The Service is not intended for children under 16 (or under 13 with verifiable parental consent where permitted). We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child has provided us with personal information, contact us and we will delete it.
12. Data retention
We keep your personal information for as long as your account is active and as needed to provide the Service. After account deletion (and the 30-day cooling-off period), we delete or anonymise your personal information, except where we are required to retain certain records to comply with legal obligations or to resolve disputes. Aggregated and anonymised data that can no longer identify you may be retained indefinitely.
13. Changes to this policy
We may update this policy from time to time. Where a change is material, we will give you reasonable advance notice (for example by email or in-app notice) before it takes effect. Your continued use of the Service after the change takes effect constitutes acceptance of the updated policy.
14. Contact and complaints
For any privacy question or request, or to make a complaint about how we have handled your personal information, contact us:
NYD&Co Pty Ltd (NYD Systems)
PO BOX 5793
Studfield, Victoria, 3152
Australia
Email: privacy@progressor.app
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or (for EU/UK residents) your local data protection supervisory authority.
See also our Terms of Service and Cookies Policy.
Email privacy@progressor.app with any legal or data-related questions.
Also see Terms & Conditions · Cookies Policy.