UNIFYD Privacy Policy
This Privacy Policy explains how Unifyd Group Pty Ltd collects, uses, holds, and discloses your personal information. We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1.Introduction
Unifyd Group Pty Ltd (ACN 644 869 698) ("UNIFYD", "we", "us", "our") operates the UNIFYD AI-powered fitness coaching platform, accessible at www.weareunifyd.com and app.weareunifyd.com (the "Platform"). We take our privacy obligations seriously.
This Privacy Policy sets out how we collect, use, disclose, and protect your personal information. By using the Platform, you consent to the practices described in this Policy. If you do not agree, please stop using the Platform.
For questions or concerns, contact our Privacy Officer at team@weareunifyd.com.
2.What Personal Information We Collect
2.1 Identity and Account Information
- Name (first and last)
- Email address
- Password (stored as a salted hash — we never see your plain-text password)
- Profile photo (if uploaded)
2.2 Fitness Profile and Health-Related Information
Health information is considered sensitive information under the Privacy Act 1988 (Cth). We collect it only with your consent and use it solely to personalise your fitness experience on the Platform.
- Fitness level and experience
- Primary fitness goal and secondary goals
- Preferred workout duration and frequency
- Equipment availability
- Injury history and physical limitations
- Body weight (optional, used for load calculations)
- Age and sex (optional, used for programme personalisation)
- Timezone
2.3 Performance and Training Data
- Workout logs (exercises, sets, reps, weights)
- Personal records (PRs) and benchmark results
- Check-in responses (readiness, fatigue, sleep, mood)
- Training plan history and adaptations
- Progress metrics and analytics
2.4 Payment Information
All payment processing is handled by Stripe, Inc. We do not store your credit card number, CVV, or full payment details. We receive and store only: subscription status, billing interval, Stripe customer ID, and transaction identifiers.
2.5 Usage and Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and features used within the Platform
- Timestamps of activity
- Referring URL
2.6 Communications
- Emails and support requests you send to us
- Survey or feedback responses
3.How We Collect Your Information
| Method | What it captures |
|---|---|
| Directly from you | Registration, profile setup, workout logging, check-ins, support requests, surveys. |
| Automatically | Server logs, session cookies, and analytics capture usage and technical data when you interact with the Platform. |
| Third-party services | Supabase processes authentication data; Stripe processes payment data on our behalf. |
4.Why We Collect Your Information
| Purpose | Details |
|---|---|
| Providing the Platform | Account management, delivering workouts, generating AI training plans, tracking progress. |
| Personalisation | Generating AI Content relevant to your goals, fitness level, equipment, and recovery. |
| Payment processing | Managing Subscriptions, processing recurring charges, issuing receipts via Stripe. |
| Communications | Transactional emails (confirmations, receipts, resets) and, with consent, marketing updates. |
| Safety & compliance | Identity verification, fraud prevention, enforcing our Terms, and meeting legal obligations. |
| Improvement & research | Analysing usage, improving AI models, fixing bugs, developing features — using aggregated or de-identified data where possible. |
We will not use your personal information for a purpose unrelated to the above without seeking your consent first.
5.Sensitive Information
Health and fitness information you provide — including injury history, physical limitations, and check-in responses about fatigue, sleep, and readiness — may constitute sensitive information under the Privacy Act 1988 (Cth).
We collect and use this information only:
- With your consent (given when you create your profile and use the Platform's features).
- For the primary purpose of personalising your fitness experience on the Platform.
- As required or permitted by law.
We do not use sensitive information for marketing, share it with advertisers, or use it for any purpose unrelated to your fitness coaching on the Platform.
6.Disclosure of Your Personal Information
6.1 Service Providers
We share personal information with trusted third-party service providers solely for operational purposes:
6.2 Legal Requirements
We may disclose your personal information if required by law, court order, or a lawful request from a government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of UNIFYD, our users, or others.
6.3 Business Transfers
If UNIFYD is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you and give you the opportunity to delete your account before any such transfer.
6.4 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not permit third-party advertising on the Platform.
7.Overseas Disclosure
Our service providers (Stripe, Supabase, and Anthropic) are based in the United States of America and may store or process your personal information on servers located outside Australia.
By using the Platform, you consent to the transfer of your personal information to these overseas providers. We take reasonable contractual steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles. This consent operates under APP 8.2(a) of the Privacy Act 1988 (Cth).
8.Data Retention
We retain your personal information for as long as your Account is active or as needed to provide the Platform. If you delete your Account:
- Your profile data, workout logs, and training history are permanently deleted within 30 days of Account deletion.
- Anonymised or aggregated data derived from your usage may be retained indefinitely for platform improvement purposes.
- Certain records (e.g., transaction records) may be retained for as long as required by law — typically 7 years for financial records under Australian law.
9.Security
We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification, and disclosure. Our measures include:
- Encrypted data transmission (HTTPS/TLS).
- Passwords stored as salted hashes (bcrypt) — we cannot view your password.
- Role-based access controls limiting staff access to personal information.
- Regular security reviews of our infrastructure and third-party providers.
No method of electronic storage is 100% secure. If you suspect unauthorised access to your Account, contact us immediately at team@weareunifyd.com.
In the event of a data breach likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
10.Cookies and Tracking Technologies
The Platform uses cookies and similar technologies to:
- Maintain your login session.
- Remember your preferences.
- Collect usage analytics to improve the Platform.
We use strictly necessary cookies required for the Platform to function. We do not currently use advertising or cross-site tracking cookies. You can control cookies through your browser settings, however disabling certain cookies may affect Platform functionality.
11.Your Rights and Choices
11.1 Under Australian Law (Privacy Act 1988)
Request a copy of the personal information we hold about you.
Request correction of inaccurate, incomplete, or out-of-date information.
Delete your Account and associated personal data at any time.
Lodge a complaint if you believe we have breached the APPs.
To exercise these rights, contact us at team@weareunifyd.com. We will respond within 30 days and may require proof of identity.
11.2 Account and Data Deletion
You may delete your Account at any time from your account settings or by contacting team@weareunifyd.com. Deletion results in permanent erasure of your personal data subject to legal retention obligations (see clause 8).
11.3 Marketing Communications
You may unsubscribe from marketing emails at any time via the unsubscribe link in any such email or by contacting us. Transactional emails (receipts, account notices) cannot be opted out of while your Account is active.
11.4 Additional Rights for EEA / UK Users (GDPR)
This section applies if you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction where GDPR-equivalent law applies.
In addition to the rights above, you also have the right to:
- Data portability — receive your personal data in a structured, machine-readable format.
- Restriction of processing — request we limit how we use your data in certain circumstances.
- Object to processing — object to processing based on legitimate interests.
- Withdraw consent — at any time, without affecting the lawfulness of prior processing.
- Lodge a complaint — with your local supervisory authority (e.g., the UK ICO or your relevant EU data protection authority).
Our legal bases for processing under GDPR are: (a) performance of a contract (providing the Platform), (b) legitimate interests (security, fraud prevention, analytics), and (c) consent (sensitive health information, marketing).
12.Children's Privacy
The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have done so, we will promptly delete it.
Users aged 13–17 may use the Platform with parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at team@weareunifyd.com.
13.Third-Party Links and Services
The Platform may contain links to third-party websites or services. This Privacy Policy applies only to the UNIFYD Platform. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.
14.Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, services, or applicable law. When we make material changes, we will notify you by email or by a prominent notice on the Platform at least 14 days before the changes take effect.
Your continued use of the Platform after the updated Policy takes effect constitutes your acceptance of the changes.
15.Privacy Complaints
If you believe we have breached the Australian Privacy Principles or this Privacy Policy, please contact us first at team@weareunifyd.com. We will investigate and respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
EEA/UK users may also lodge complaints with their local supervisory authority.
16.Contact Our Privacy Officer
For any privacy questions, access requests, corrections, or complaints:
Unifyd Group Pty Ltd
ACN 644 869 698 · Victoria, Australia
We aim to respond to all privacy enquiries within 5 business days.