Mind Core Fitness
HomeAbout1-2-1 TrainingExercisesBlog
WhatsApp

Legal

Privacy Policy

Last updated: July 2026

Information We Collect

At Mind Core Fitness, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our apps (including Core Buddy, Core HIIT, and any future Mind Core Fitness apps), or use any of our services.

We may collect information about you in a variety of ways:

Personal Data: When you contact us, sign up for our programmes, or create a Core Buddy account, we may collect your name, email address, phone number, and other contact details you provide.

Health and Fitness Information: To provide personalised training services, we may collect information about your fitness goals, health conditions, and exercise preferences.

Usage Data: We automatically collect certain information when you visit our website, including your IP address, browser type, operating system, access times, and the pages you have viewed.

Diagnostics and App-Usage Data: We record app-usage events (such as app opens, onboarding progress, and how you found us — for example via campaign links) and automatic crash reports (error details and device/browser type, linked to your account) in our own Firebase database. We use this solely to fix bugs and improve the app. No third-party analytics SDKs are used.

Core Buddy App Data

When you use the Core Buddy app, we collect and store the following additional information:

Account Information: Your email address and display name used to create your Core Buddy account via Firebase Authentication.

Workout Data: Information about workouts you generate, complete, and save, including exercise selections, focus areas, durations, and completion history.

Nutrition Data: Meals you manually log, including meal names, calorie counts, and macronutrient breakdowns (protein, carbs, fats). This data is stored with your account.

Weekly recap messages: Once a week we send your first name and your weekly activity numbers (workout sessions, active days, minutes trained, and — if you've connected health data — steps, distance and active calories) to Anthropic's Claude API to generate a short personalised recap message. No photos, health records, body measurements or nutrition logs are sent. Anthropic does not use this data to train its models.

Habit Tracking Data: Daily habit completions and streak information.

Body Stats: Any body measurements or stats you choose to record within the app. Progress photos are private to you — they are accessible to the support team only for troubleshooting.

Health Readiness Questionnaire (PAR-Q): Before training, you can complete an optional, skippable standard PAR-Q — yes/no questions about heart conditions, chest pain, dizziness, joint problems, and medication — signed with your typed name. This is health data, processed with your explicit consent. Your answers are stored securely with your account, are used only to encourage safe exercise (never for advertising), and are visible to the Core Buddy coaching/admin team.

Social/Buddy Data: If you use the Buddies feature, we store your buddy connections, buddy requests, posts, comments, likes, and mentions. Your display name, profile photo, and bio are visible to other signed-in Core Buddy users — for example in the feed, buddies, and leaderboards.

Push Notification Tokens: If you enable push notifications, we store Firebase Cloud Messaging (FCM) tokens associated with your devices.

Subscription Information: Your subscription tier and payment status, processed securely through Stripe (web), Apple In-App Purchase (iOS), or Google Play Billing (Android). In-app subscriptions on iOS and Android are managed through RevenueCat, which receives an account identifier and your email address to manage your subscription.

Health Data (Apple Health / Health Connect)

With your permission, Core Buddy can read your step count, walking/running distance, and active energy (calories) from Apple Health (iOS) or Health Connect (Android).

This data stays on your device unless you opt in to the Move leaderboard. If you do, your daily totals (steps, distance, and active calories) are stored in our database (Google Firebase, with EU/UK-appropriate safeguards) and your totals are visible to other Core Buddy users on that leaderboard.

You can revoke health access at any time in iPhone Settings → Privacy & Security → Health, or in Health Connect on Android, and you can opt out of the leaderboard in the app. We never write data back to Apple Health or Health Connect, and we never use health data for advertising.

Core HIIT App Data

When you use the Core HIIT app, we collect and store the following additional information:

Timer Configuration: Your workout settings including work/rest durations, exercise and round counts, and timer mode. This data is stored locally on your device.

Workout History: Records of completed workouts including date, duration, and configuration. This data is stored locally on your device.

Saved Workout Library: Workout presets you save. This data is stored locally on your device.

App Preferences: Your chosen theme, audio settings, and vibration preferences. This data is stored locally on your device.

Subscription Information: Your Core HIIT Premium subscription status, managed through RevenueCat and processed via Apple In-App Purchase (iOS) or Google Play Billing (Android).

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our services
  • Personalise your training programmes, workouts, and fitness advice
  • Track your nutrition, habits, and workout progress
  • Enable social features such as buddy connections, posts, and interactions
  • Send push notifications (when enabled)
  • Process payments and manage subscriptions
  • Communicate with you about your account, programmes, or inquiries
  • Send you marketing communications (with your consent)
  • Analyse app usage patterns to improve features and user experience
  • Generate personalised weekly recap messages
  • Improve our website, app, and services
  • Comply with legal obligations

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website. We use:

  • Essential Cookies: Required for the website to function properly
  • Analytics Cookies: Help us understand how visitors interact with our website (via Vercel Analytics and Google Analytics)
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign performance (via Meta Pixel)

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Third-Party Services

We may use third-party services including:

  • Firebase (Google): Authentication, database storage, and push notifications
  • Stripe: Secure payment processing (web)
  • Apple In-App Purchase: Payment processing (iOS)
  • Google Play Billing: Payment processing (Android)
  • Anthropic (Claude API): Weekly recap message generation
  • RevenueCat: In-app subscription management (iOS/Android) — receives an account identifier and your email address to manage your subscription
  • MailerLite: Email marketing — used only if you tick the marketing opt-in at sign-up; you can unsubscribe at any time
  • Google Analytics: Website analytics
  • Meta (Facebook) Pixel: Advertising analytics
  • Vercel: Website hosting and analytics

Advertising Attribution

On iOS, only if you allow tracking via Apple's App Tracking Transparency prompt, we collect the device advertising identifier (IDFA); on Android, the Google Advertising ID; plus a Facebook anonymous ID. These are shared via RevenueCat with Meta (Facebook) solely to measure whether our ads led to sign-ups.

We do not sell your data, ever, and we do not show ads in the app. You can decline this in the iOS prompt, or reset or delete your advertising ID in your device settings.

Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide, no security measures are perfect or impenetrable.

Your Rights

Under UK data protection laws (UK GDPR), you have certain rights regarding your personal data:

  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ('right to be forgotten')
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • The right to withdraw consent

Account and Data Deletion

You may request deletion of your Core Buddy account and all associated data at any time by contacting us at ross@mindcorefitness.com, or from within the app itself. Deletion removes your account and the app data associated with it. Core HIIT data stored locally on your device can be cleared by clearing your browser or app data.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from anyone under 16.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: ross@mindcorefitness.com

Mind Core Fitness

Personal training, online coaching, and nutrition guidance. Based in Elgin, Scotland.

Explore

  • Home
  • About
  • 1-2-1 Training
  • Blog

Legal

  • Privacy policy
  • Terms
  • WhatsApp

Social

  • Instagram
  • Facebook
  • TikTok
  • YouTube

© 2026 Mind Core Fitness.