Berkon — Privacy Policy

Effective date: 26 May 2026

Berkon (the “app”) is a mobile application that helps fitness coaches manage their clients and training programmes. This policy explains what personal data the app collects, how it is used, and your rights over that data.

1. Who we are

The data controller is Adam Ayuda, an individual operator based in the United Arab Emirates. You can contact us at adam.ayuda.1@gmail.com.

2. Data we collect

The app collects the following categories of personal data, all of which you or your coach enter directly:

• Account data: phone number (used to send a one-time verification code), display name.
• Coach profile: name, optional profile photo.
• Client profile: name, phone number, gender, age, height, weight, training goal, experience level, sessions per week, available equipment, injuries, exercises to avoid, free-text coach notes.
• Training data: AI-generated programmes, session logs (sets, reps, target and actual weight, RPE), per-set timestamps, body-weight log entries, optional session notes and photos.
• Diagnostic data: non-personal device and app information (model, OS version, app version) used only when an error is logged.

The app does not collect location, contacts, calendar, browsing history, or advertising identifiers.

3. How we use the data

• To create accounts and verify identity by phone.
• To let coaches view and manage the clients they have created.
• To generate personalised training programmes using a large-language-model service.
• To save and display session and progress history to the coach and to the client.
• To diagnose crashes and fix bugs.

We do not sell personal data. We do not use personal data for advertising.

4. Service providers we share data with

The app uses third-party processors who act on our instructions:

• Google LLC (Firebase Phone Authentication and Firebase App Check) — receives your phone number to deliver one-time codes and to verify that requests originate from a genuine app install. Data is processed in Google data centres.
• Supabase, Inc. (database, authentication session storage, file storage, edge functions) — stores all profile, programme, session and photo data on our behalf. Data is hosted in Supabase’s managed PostgreSQL infrastructure.
• Anthropic, PBC (large-language-model API) — receives the client’s training profile (goal, level, sessions per week, equipment, injuries, exercises to avoid) when a programme is generated, in order to draft the programme. No phone number or contact data is sent.

5. Legal basis

We process personal data under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. The legal bases we rely on are: performance of a contract (delivering the app to the coach and their clients), consent (where you give it, for example by entering data into the profile), and our legitimate interest in operating and securing the service.

6. Retention

Account and training data is kept for as long as the account is active. If you ask us to delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to keep it longer to comply with a legal obligation.

7. Your rights

You have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise any of these rights, email adam.ayuda.1@gmail.com. We will respond within 30 days.

Clients should note that profile data inside the app is managed by your coach. To change health flags, training preferences, or contact details inside the app, please ask your coach.

8. Children

Berkon is not intended for users under the age of 18. We do not knowingly collect personal data from anyone under 18.

9. Security

Data is transmitted over TLS. Database access is protected by row-level security so that each coach can only access the clients they created, and each client can only access their own data. Authentication tokens are stored in the device’s secure storage.

10. International transfers

Our processors (Google, Supabase, Anthropic) may process data in regions outside the United Arab Emirates, including the United States and the European Union. Each provider operates under its own data-protection terms and standard contractual clauses.

11. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL, with the effective date at the top.

12. Contact

Questions or requests: adam.ayuda.1@gmail.com.