Privacy Policy

1. Introduction

PT AI Platform ("we", "us", "our") operates the website autopilotpt.com and the associated AI-powered personal training assistant service. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

PT AI Platform is the data controller for the personal data processed through our platform. If you have questions about this policy, contact us at privacy@autopilotpt.com.

3. Data We Collect

Personal Trainer (PT) Data

Name, email address, and password (hashed)
Professional specializations
Payment information (processed by Stripe)
Google Calendar data (when connected)
WhatsApp connection status

Client Data

Name, email, and phone number
Health and fitness data: age, weight, height, fitness level, medical conditions, and goals
Training programs and session history
WhatsApp messages exchanged with the AI agent
Appointment and scheduling data
Subscription and payment status

Automatically Collected Data

Browser type, IP address, and device information (via standard web server logs)
Authentication session tokens (JWT)

4. How We Use Your Data

AI Agent Communication: Client data is used to personalize the AI-powered WhatsApp assistant, which handles scheduling, program delivery, and client communication on behalf of the PT.
Training Programs: Health and fitness data is processed by AI (Anthropic Claude) to generate personalized training programs.
Appointment Scheduling: Calendar data is used to manage availability and book sessions via Google Calendar.
Billing: Payment data is processed through Stripe to manage subscriptions and payouts.
Platform Improvement: Aggregated, anonymized usage data may be used to improve our services.

5. Third-Party Services

We share data with the following third-party processors:

Stripe — Payment processing and subscription management. See Stripe's Privacy Policy.
Google Calendar — Appointment scheduling (only when connected by the PT). See Google's Privacy Policy.
WhatsApp (via Meta) — Client messaging through the AI agent. See WhatsApp's Privacy Policy.
Anthropic (Claude AI) — AI processing for training program generation and client communication. See Anthropic's Privacy Policy.

6. Data Storage & Security

Your data is stored on EU-hosted servers. We use industry-standard security measures including:

Encrypted connections (TLS/SSL) for all data in transit
Hashed passwords (bcrypt)
Secure JWT-based authentication sessions
Access controls limiting data access to authorized personnel

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, your personal data will be removed within 30 days, except where retention is required by law (e.g., financial records).

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Portability: Request your data in a structured, machine-readable format.
Restriction: Request restriction of processing in certain circumstances.
Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@autopilotpt.com. We will respond within 30 days.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related inquiries, contact us at privacy@autopilotpt.com.