Privacy Policy

Effective Date: June 17 2025

Planor (“we”, “us”, “our”) values privacy. This policy describes what data we collect, why we collect it, and your choices.

1. Data We Collect

• Account Data: name, email, hashed password, role (trainer or client).
• Client Data: goals, metrics, preferences, workout history (entered by trainer).
• AI Context: prompt text & generated plans (retained in session, stored with account so you can revisit history).
• Subscription & Billing: App Store transaction identifiers (no full card data).
• Diagnostics: anonymous crash logs and aggregated usage events.
• WhatsApp Integration Data: phone numbers (when you choose to connect via WhatsApp), message content exchanged with our AI personal trainers through WhatsApp, and WhatsApp Business API usage data.
• Device Information: device type, operating system, app version, and unique device identifiers for app functionality and security.

We do not collect advertising identifiers or precise location.

2. How We Use Your Data

• Provision and maintenance of the Planor service.
• Generating personalized plans via OpenAI & Anthropic.
• Syncing trainer–client data and progress.
• Processing subscriptions and verifying eligibility.
• Diagnosing crashes and preventing abuse.
• Providing AI personal training services and communication through WhatsApp Business API.
• Improving our services and developing new features.
• Ensuring app security and preventing fraud.

We never sell your data or use it for advertising.

3. WhatsApp Integration and Meta/Facebook Data Sharing

When you use our WhatsApp integration features:

• AI Personal Training: Our AI personal trainers communicate with you through WhatsApp to provide personalized fitness guidance, answer questions, and support your training journey.
• WhatsApp Business API: We use Meta's WhatsApp Business API to enable communication between our AI trainers and users who opt-in to WhatsApp messaging.
• Data Shared with Meta: When you use our WhatsApp features, we may share your phone number and message content with Meta (Facebook) as required by the WhatsApp Business API.
• Meta's Privacy Policy: Meta's collection and use of data through WhatsApp is governed by their own privacy policy, which you can review at https://www.facebook.com/privacy/policy/.
• Temporary Message Storage: WhatsApp messages are stored temporarily only for processing purposes to enable our AI trainers to provide personalized responses. Messages are not retained for long-term storage.
• Opt-out: You can opt-out of WhatsApp communication at any time through your account settings or by contacting us directly.

4. Third‑Party Processors

We use the following processors strictly to operate the app:

• OpenAI LLC & Anthropic PBC — AI inference
• Supabase Inc. — database & authentication (EU region)
• Apple & Google — crash & billing diagnostics
• Meta Platforms, Inc. — WhatsApp Business API services

Each processor is bound by contract to process data only on our instructions.

5. Storage & Security

Data is stored in EU‑based Supabase clusters with AES‑256 encryption at rest and TLS in transit. Access is governed by role‑based controls. We implement industry-standard security measures to protect your data.

6. Retention

We keep personal data while your account is active. On account deletion we purge personal data within 30 days, unless law (e.g. tax) requires longer retention (up to 7 years). WhatsApp messages are stored temporarily only for processing purposes and are not retained for long-term storage.

7. Your Rights

You can access, export, correct, or delete your data from Settings ▸ Account. For additional requests email privacy@planor.app. You also have the right to:

• Request deletion of your WhatsApp message data (though messages are only stored temporarily for processing)
• Opt-out of WhatsApp communications
• Request a copy of all data we hold about you
• Lodge a complaint with your local data protection authority

8. Children

Planor is not directed to children under 16. If you believe we hold data about a minor, please contact us for deletion. We do not knowingly collect personal information from children under 16.

9. International Transfers

Data may be processed outside the EEA. We rely on Standard Contractual Clauses and equivalent safeguards. When using WhatsApp features, data may be transferred to Meta's servers in the United States and other countries.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@planor.app.

11. Updates

We may update this policy. Significant changes are announced in‑app or by email. Continued use after the effective date means you accept the updated policy.

12. Contact

📧 privacy@planor.app

For questions about our WhatsApp integration or Meta data sharing, please contact us at the email above.