Privacy Policy — Trainink
Last updated: 12 July 2026 (v0.4)
1. Who we are (Data Controller)
Trainink ("the app", "we") is an application for football (soccer) coaches to create, store and share training exercises and session plans.
The controller of your personal data is:
- Name: Davide Esteves — Sole Trader (Empresário em Nome Individual, ENI)
- Tax ID (NIF): 235580007
- Registered address: Praceta Miramar, nº95 - 3A, 2775-670 Carcavelos, Portugal
- Contact email: geral@trainink.app
We are not required to appoint a Data Protection Officer (DPO): our activity does not involve large-scale processing of special categories of data, nor large-scale regular and systematic monitoring of individuals. For any privacy matter, use the email above.
2. What personal data we collect
| Category | What it includes | How it is collected |
|---|---|---|
| Account data | Email and password | When you create an account and sign in |
| Content you create | Exercises, sessions, training plans, settings, team profile, the coaching methodology you write, club logo | Stored on your device and synced to your account |
| AI feature data | The photo or tactic-board drawing and the exercise text you choose to process | Only when you use an AI feature and after you accept the consent notice |
| AI usage | A record of AI calls and their cost (to apply your plan's quotas) | Automatically, when you use AI |
| Device data | A device identifier and last-used date | To enforce the limit of 2 devices per account (anti-sharing) |
| Shared libraries | The email of coaches you invite and each one's role (admin/editor/viewer) | When you create or join a shared library |
| Communications | Your email, to send you account confirmation and invitations | When you sign up or are invited |
| Usage data (analytics) | Pseudonymous usage events (e.g. app opened, exercise created) and a random device identifier | Automatically, unless you turn it off in Settings |
| Crash & diagnostic data | Crash reports: error stack traces, device model, OS version, app version, and a random device identifier | Automatically when the app crashes, unless you turn it off in Settings |
We do not collect health data, biometric data, or precise location, and we do not use third-party advertising SDKs. We use pseudonymous product analytics (see sections 4 and 7) to understand how the app is used and improve it — via a random per-install identifier, with no email, name or your content. You can turn it off at any time in Settings.
We also collect crash and diagnostic reports to detect and fix bugs and keep the app stable — error stack traces and basic device information (model, OS version, app version), linked only to the same random per-install identifier, with no email, name or your content. This shares the same opt-out as analytics (a single switch in Settings).
Payments: subscriptions are processed by the store (Google Play), which acts as the seller. We never receive or store your card details — those are handled by the store under its own privacy policy. To apply your plan inside the app, we only receive the purchase confirmation and subscription status (through our processor RevenueCat — see section 4), linked to your account identifier — never your payment details.
3. Why we use the data and our legal basis (GDPR)
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Create and manage your account; store and sync your content | Performance of a contract — art. 6(1)(b) |
| Send account-confirmation and library-invitation emails | Performance of a contract — art. 6(1)(b) |
| Manage your subscription and apply the corresponding plan in the app | Performance of a contract — art. 6(1)(b) |
| Process the AI features you choose to use | Consent — art. 6(1)(a) |
| Enforce AI quotas and the device limit; security and abuse prevention | Legitimate interest — art. 6(1)(f) |
| Pseudonymous product analytics, to understand usage and improve the app | Legitimate interest — art. 6(1)(f) (with an opt-out) |
| Crash and diagnostic reports, to detect and fix bugs and keep the app stable | Legitimate interest — art. 6(1)(f) (with an opt-out) |
| Comply with legal obligations (e.g. tax records, via the store) | Legal obligation — art. 6(1)(c) |
You can withdraw consent for the AI features at any time — nothing is sent without an action by you, so simply stop using them; to record it formally, email geral@trainink.app. Withdrawing consent does not affect the lawfulness of processing already carried out, nor the rest of the app, which keeps working.
4. Who we share data with (processors)
We do not sell your data. We share it only with the providers needed to run the app, each bound by a Data Processing Agreement (DPA):
| Provider | For what | Where | Safeguards |
|---|---|---|---|
| Supabase | Authentication, database and syncing your content | European Union (Frankfurt) | DPA — supabase.com/privacy |
| Anthropic (Claude) | Processing the photo/drawing when you use AI | United States | DPA + Standard Contractual Clauses — anthropic.com/legal |
| Resend | Sending confirmation and invitation emails | EU / US | DPA — resend.com/legal |
| PostHog | Product analytics and crash/error reporting (pseudonymous) | European Union | DPA — posthog.com/dpa |
| RevenueCat | Subscription management — validating store purchases and keeping your plan status | United States | DPA + Standard Contractual Clauses — revenuecat.com/privacy |
| Google Play | App distribution and payment processing | Global | Google Play terms and DPA |
| Cloudflare | Domain DNS management (and support pages) | Global | DPA — cloudflare.com/privacypolicy |
5. International transfers
Your content and account are hosted in the European Union (Supabase, Frankfurt).
Some specific operations involve transfers to the United States, always covered by the European Commission's Standard Contractual Clauses:
- AI: only when you use an AI feature, the photo/drawing and exercise text are sent to Anthropic. If you do not use AI, this transfer does not happen.
- Emails: confirmation and invitation emails (Resend) may be processed in the US.
- Subscriptions: validating store purchases and your plan status (RevenueCat) is processed in the US.
Your content (exercises, sessions, plans) is never transferred outside the European Economic Area, except the photo/drawing you choose to send to the AI.
6. How long we keep data
- Account and synced content: for as long as your account exists.
- When you delete your account: we delete your account and associated content from our servers (the deletion cascades: profile, own libraries, memberships, invitations, devices and AI history). See section 7.
- Data on your device: stays locally until you uninstall the app or clear its data.
- Usage and crash data (pseudonymous): kept only for the period needed to analyse stability and usage trends, then deleted or aggregated.
- Billing data: handled and retained by the store (Google) under its legal obligations.
7. Your rights (GDPR)
You have the right to access, rectify, erase, export (portability), restrict and object to the processing of your data, and to withdraw consent. How to exercise them:
- Delete your account: directly in the app, at Settings → Account → Delete account (asks for double confirmation). This deletes your account and associated data on our servers.
- Export your data: at Settings → My Data → Export — you get a file with all your exercises, sessions and settings.
- Turn off usage analytics and crash reporting: in the app's Settings you can disable usage-data and crash-report sharing at any time — a single switch covers both.
- Other requests (access, rectification, etc.): email geral@trainink.app. We reply within one month (extendable by two further months for complex requests — we will tell you if so).
If you believe your rights were not respected, you may lodge a complaint with the Portuguese supervisory authority — the CNPD (Comissão Nacional de Proteção de Dados), cnpd.pt.
8. Security
We protect your data with appropriate technical measures: encrypted connection (HTTPS/TLS) between the app and the servers, passwords stored only as irreversible hashes (not even we can read them) by the authentication provider, and row-level access rules (Row Level Security) that ensure each user only accesses their own data. No system is 100% secure, but we work to reduce risks.
9. Children
Trainink is intended for coaches and is not directed at children. We do not knowingly collect data from anyone under 16. If you learn that a child has provided us data, contact us to remove it.
10. AI features — detail
When you use an AI feature (describe an exercise or import from a photo):
- The photo or drawing, plus the exercise text, is sent to the AI service (Anthropic).
- Nothing else leaves your device — your library, sessions and settings stay local / in your account.
- The result always comes back for you to review before anything is saved.
- We ask for your consent once, before the first real use. If you decline, the AI features simply stay off.
11. Payments, subscriptions and refunds
Premium subscriptions are purchased and managed through Google Play, which is the seller ("Merchant of Record"). Refunds follow the store's policy — refund requests are handled by Google, not directly by us.
12. Complaints Book (Livro de Reclamações)
Under Portuguese law, we make the electronic Complaints Book available at livroreclamacoes.pt. To file a complaint, search for "Trainink" on the platform.
13. Changes to this policy
We may update this policy to reflect changes in the app or the law. When changes are significant, we notify you (by email or in-app) before they take effect. The date at the top shows the last update.
14. Contact
Questions about privacy or your data: geral@trainink.app.
This policy is also available in Portuguese; in case of divergence, the Portuguese version prevails.