Privacy Policy — Trainink

Last updated: 12 July 2026 (v0.4)


1. Who we are (Data Controller)

Trainink ("the app", "we") is an application for football (soccer) coaches to create, store and share training exercises and session plans.

The controller of your personal data is:

We are not required to appoint a Data Protection Officer (DPO): our activity does not involve large-scale processing of special categories of data, nor large-scale regular and systematic monitoring of individuals. For any privacy matter, use the email above.

2. What personal data we collect

CategoryWhat it includesHow it is collected
Account dataEmail and passwordWhen you create an account and sign in
Content you createExercises, sessions, training plans, settings, team profile, the coaching methodology you write, club logoStored on your device and synced to your account
AI feature dataThe photo or tactic-board drawing and the exercise text you choose to processOnly when you use an AI feature and after you accept the consent notice
AI usageA record of AI calls and their cost (to apply your plan's quotas)Automatically, when you use AI
Device dataA device identifier and last-used dateTo enforce the limit of 2 devices per account (anti-sharing)
Shared librariesThe email of coaches you invite and each one's role (admin/editor/viewer)When you create or join a shared library
CommunicationsYour email, to send you account confirmation and invitationsWhen you sign up or are invited
Usage data (analytics)Pseudonymous usage events (e.g. app opened, exercise created) and a random device identifierAutomatically, unless you turn it off in Settings
Crash & diagnostic dataCrash reports: error stack traces, device model, OS version, app version, and a random device identifierAutomatically when the app crashes, unless you turn it off in Settings

We do not collect health data, biometric data, or precise location, and we do not use third-party advertising SDKs. We use pseudonymous product analytics (see sections 4 and 7) to understand how the app is used and improve it — via a random per-install identifier, with no email, name or your content. You can turn it off at any time in Settings.

We also collect crash and diagnostic reports to detect and fix bugs and keep the app stable — error stack traces and basic device information (model, OS version, app version), linked only to the same random per-install identifier, with no email, name or your content. This shares the same opt-out as analytics (a single switch in Settings).

Payments: subscriptions are processed by the store (Google Play), which acts as the seller. We never receive or store your card details — those are handled by the store under its own privacy policy. To apply your plan inside the app, we only receive the purchase confirmation and subscription status (through our processor RevenueCat — see section 4), linked to your account identifier — never your payment details.

3. Why we use the data and our legal basis (GDPR)

PurposeLegal basis (GDPR art. 6)
Create and manage your account; store and sync your contentPerformance of a contract — art. 6(1)(b)
Send account-confirmation and library-invitation emailsPerformance of a contract — art. 6(1)(b)
Manage your subscription and apply the corresponding plan in the appPerformance of a contract — art. 6(1)(b)
Process the AI features you choose to useConsent — art. 6(1)(a)
Enforce AI quotas and the device limit; security and abuse preventionLegitimate interest — art. 6(1)(f)
Pseudonymous product analytics, to understand usage and improve the appLegitimate interest — art. 6(1)(f) (with an opt-out)
Crash and diagnostic reports, to detect and fix bugs and keep the app stableLegitimate interest — art. 6(1)(f) (with an opt-out)
Comply with legal obligations (e.g. tax records, via the store)Legal obligation — art. 6(1)(c)

You can withdraw consent for the AI features at any time — nothing is sent without an action by you, so simply stop using them; to record it formally, email geral@trainink.app. Withdrawing consent does not affect the lawfulness of processing already carried out, nor the rest of the app, which keeps working.

4. Who we share data with (processors)

We do not sell your data. We share it only with the providers needed to run the app, each bound by a Data Processing Agreement (DPA):

ProviderFor whatWhereSafeguards
SupabaseAuthentication, database and syncing your contentEuropean Union (Frankfurt)DPA — supabase.com/privacy
Anthropic (Claude)Processing the photo/drawing when you use AIUnited StatesDPA + Standard Contractual Clauses — anthropic.com/legal
ResendSending confirmation and invitation emailsEU / USDPA — resend.com/legal
PostHogProduct analytics and crash/error reporting (pseudonymous)European UnionDPA — posthog.com/dpa
RevenueCatSubscription management — validating store purchases and keeping your plan statusUnited StatesDPA + Standard Contractual Clauses — revenuecat.com/privacy
Google PlayApp distribution and payment processingGlobalGoogle Play terms and DPA
CloudflareDomain DNS management (and support pages)GlobalDPA — cloudflare.com/privacypolicy

5. International transfers

Your content and account are hosted in the European Union (Supabase, Frankfurt).

Some specific operations involve transfers to the United States, always covered by the European Commission's Standard Contractual Clauses:

Your content (exercises, sessions, plans) is never transferred outside the European Economic Area, except the photo/drawing you choose to send to the AI.

6. How long we keep data

7. Your rights (GDPR)

You have the right to access, rectify, erase, export (portability), restrict and object to the processing of your data, and to withdraw consent. How to exercise them:

If you believe your rights were not respected, you may lodge a complaint with the Portuguese supervisory authority — the CNPD (Comissão Nacional de Proteção de Dados), cnpd.pt.

8. Security

We protect your data with appropriate technical measures: encrypted connection (HTTPS/TLS) between the app and the servers, passwords stored only as irreversible hashes (not even we can read them) by the authentication provider, and row-level access rules (Row Level Security) that ensure each user only accesses their own data. No system is 100% secure, but we work to reduce risks.

9. Children

Trainink is intended for coaches and is not directed at children. We do not knowingly collect data from anyone under 16. If you learn that a child has provided us data, contact us to remove it.

10. AI features — detail

When you use an AI feature (describe an exercise or import from a photo):

11. Payments, subscriptions and refunds

Premium subscriptions are purchased and managed through Google Play, which is the seller ("Merchant of Record"). Refunds follow the store's policy — refund requests are handled by Google, not directly by us.

12. Complaints Book (Livro de Reclamações)

Under Portuguese law, we make the electronic Complaints Book available at livroreclamacoes.pt. To file a complaint, search for "Trainink" on the platform.

13. Changes to this policy

We may update this policy to reflect changes in the app or the law. When changes are significant, we notify you (by email or in-app) before they take effect. The date at the top shows the last update.

14. Contact

Questions about privacy or your data: geral@trainink.app.

This policy is also available in Portuguese; in case of divergence, the Portuguese version prevails.