Privacy Policy

1.Introduction

Unifyd Group Pty Ltd (ACN 644 869 698) ("UNIFYD", "we", "us", "our") operates the UNIFYD AI-powered fitness coaching platform, accessible at www.weareunifyd.com and app.weareunifyd.com (the "Platform"). We take our privacy obligations seriously.

This Privacy Policy sets out how we collect, use, disclose, and protect your personal information. By using the Platform, you consent to the practices described in this Policy. If you do not agree, please stop using the Platform.

For questions or concerns, contact our Privacy Officer at team@weareunifyd.com.

2.What Personal Information We Collect

2.1 Identity and Account Information

Name (first and last)
Email address
Password (stored as a salted hash — we never see your plain-text password)
Profile photo (if uploaded)

2.2 Fitness Profile and Health-Related Information

⚠ Sensitive Information

Health information is considered sensitive information under the Privacy Act 1988 (Cth). We collect it only with your consent and use it solely to personalise your fitness experience on the Platform.

Fitness level and experience
Primary fitness goal and secondary goals
Preferred workout duration and frequency
Equipment availability
Injury history and physical limitations
Body weight (optional, used for load calculations)
Age and sex (optional, used for programme personalisation)
Timezone

2.3 Performance and Training Data

Workout logs (exercises, sets, reps, weights)
Personal records (PRs) and benchmark results
Check-in responses (readiness, fatigue, sleep, mood)
Training plan history and adaptations
Progress metrics and analytics

2.4 Payment Information

All payment processing is handled by Stripe, Inc. We do not store your credit card number, CVV, or full payment details. We receive and store only: subscription status, billing interval, Stripe customer ID, and transaction identifiers.

2.5 Usage and Technical Data

IP address
Browser type and version
Device type and operating system
Pages visited and features used within the Platform
Timestamps of activity
Referring URL

2.6 Communications

Emails and support requests you send to us
Survey or feedback responses

3.How We Collect Your Information

Method	What it captures
Directly from you	Registration, profile setup, workout logging, check-ins, support requests, surveys.
Automatically	Server logs, session cookies, and analytics capture usage and technical data when you interact with the Platform.
Third-party services	Supabase processes authentication data; Stripe processes payment data on our behalf.

4.Why We Collect Your Information

Purpose	Details
Providing the Platform	Account management, delivering workouts, generating AI training plans, tracking progress.
Personalisation	Generating AI Content relevant to your goals, fitness level, equipment, and recovery.
Payment processing	Managing Subscriptions, processing recurring charges, issuing receipts via Stripe.
Communications	Transactional emails (confirmations, receipts, resets) and, with consent, marketing updates.
Safety & compliance	Identity verification, fraud prevention, enforcing our Terms, and meeting legal obligations.
Improvement & research	Analysing usage, improving AI models, fixing bugs, developing features — using aggregated or de-identified data where possible.

We will not use your personal information for a purpose unrelated to the above without seeking your consent first.

5.Sensitive Information

Health and fitness information you provide — including injury history, physical limitations, and check-in responses about fatigue, sleep, and readiness — may constitute sensitive information under the Privacy Act 1988 (Cth).

We collect and use this information only:

With your consent (given when you create your profile and use the Platform's features).
For the primary purpose of personalising your fitness experience on the Platform.
As required or permitted by law.

We do not use sensitive information for marketing, share it with advertisers, or use it for any purpose unrelated to your fitness coaching on the Platform.

6.Disclosure of Your Personal Information

6.1 Service Providers

We share personal information with trusted third-party service providers solely for operational purposes:

Stripe, Inc.

Payment processing and subscription management. Stripe's Privacy Policy →

Supabase, Inc.

Authentication, database hosting, and infrastructure. Your email address, hashed password, and user data are stored in Supabase-managed infrastructure.

Anthropic, PBC

AI content generation (Claude). Your profile data and check-in information may be included in prompts to generate personalised content. Anthropic's Privacy Policy →

6.2 Legal Requirements

We may disclose your personal information if required by law, court order, or a lawful request from a government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of UNIFYD, our users, or others.

6.3 Business Transfers

If UNIFYD is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you and give you the opportunity to delete your account before any such transfer.

6.4 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not permit third-party advertising on the Platform.

7.Overseas Disclosure

Our service providers (Stripe, Supabase, and Anthropic) are based in the United States of America and may store or process your personal information on servers located outside Australia.

By using the Platform, you consent to the transfer of your personal information to these overseas providers. We take reasonable contractual steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles. This consent operates under APP 8.2(a) of the Privacy Act 1988 (Cth).

8.Data Retention

We retain your personal information for as long as your Account is active or as needed to provide the Platform. If you delete your Account:

Your profile data, workout logs, and training history are permanently deleted within 30 days of Account deletion.
Anonymised or aggregated data derived from your usage may be retained indefinitely for platform improvement purposes.
Certain records (e.g., transaction records) may be retained for as long as required by law — typically 7 years for financial records under Australian law.

9.Security

We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification, and disclosure. Our measures include:

Encrypted data transmission (HTTPS/TLS).
Passwords stored as salted hashes (bcrypt) — we cannot view your password.
Role-based access controls limiting staff access to personal information.
Regular security reviews of our infrastructure and third-party providers.

No method of electronic storage is 100% secure. If you suspect unauthorised access to your Account, contact us immediately at team@weareunifyd.com.

In the event of a data breach likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

10.Cookies and Tracking Technologies

The Platform uses cookies and similar technologies to:

Maintain your login session.
Remember your preferences.
Collect usage analytics to improve the Platform.

We use strictly necessary cookies required for the Platform to function. We do not currently use advertising or cross-site tracking cookies. You can control cookies through your browser settings, however disabling certain cookies may affect Platform functionality.

11.Your Rights and Choices

11.1 Under Australian Law (Privacy Act 1988)

Access

Request a copy of the personal information we hold about you.

Correction

Request correction of inaccurate, incomplete, or out-of-date information.

Deletion

Delete your Account and associated personal data at any time.

Complaint

Lodge a complaint if you believe we have breached the APPs.

To exercise these rights, contact us at team@weareunifyd.com. We will respond within 30 days and may require proof of identity.

11.2 Account and Data Deletion

You may delete your Account at any time from your account settings or by contacting team@weareunifyd.com. Deletion results in permanent erasure of your personal data subject to legal retention obligations (see clause 8).

11.3 Marketing Communications

You may unsubscribe from marketing emails at any time via the unsubscribe link in any such email or by contacting us. Transactional emails (receipts, account notices) cannot be opted out of while your Account is active.

11.4 Additional Rights for EEA / UK Users (GDPR)

🇪🇺 GDPR

This section applies if you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction where GDPR-equivalent law applies.

In addition to the rights above, you also have the right to:

Data portability — receive your personal data in a structured, machine-readable format.
Restriction of processing — request we limit how we use your data in certain circumstances.
Object to processing — object to processing based on legitimate interests.
Withdraw consent — at any time, without affecting the lawfulness of prior processing.
Lodge a complaint — with your local supervisory authority (e.g., the UK ICO or your relevant EU data protection authority).

Our legal bases for processing under GDPR are: (a) performance of a contract (providing the Platform), (b) legitimate interests (security, fraud prevention, analytics), and (c) consent (sensitive health information, marketing).

12.Children's Privacy

The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have done so, we will promptly delete it.

Users aged 13–17 may use the Platform with parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at team@weareunifyd.com.

13.Third-Party Links and Services

The Platform may contain links to third-party websites or services. This Privacy Policy applies only to the UNIFYD Platform. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.

14.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, services, or applicable law. When we make material changes, we will notify you by email or by a prominent notice on the Platform at least 14 days before the changes take effect.

Your continued use of the Platform after the updated Policy takes effect constitutes your acceptance of the changes.

15.Privacy Complaints

If you believe we have breached the Australian Privacy Principles or this Privacy Policy, please contact us first at team@weareunifyd.com. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

🌐 www.oaic.gov.au

📞 1300 363 992

📮 GPO Box 5218, Sydney NSW 2001

EEA/UK users may also lodge complaints with their local supervisory authority.

16.Contact Our Privacy Officer

For any privacy questions, access requests, corrections, or complaints:

Unifyd Group Pty Ltd

ACN 644 869 698 · Victoria, Australia

📧 team@weareunifyd.com

🌐 www.weareunifyd.com

We aim to respond to all privacy enquiries within 5 business days.