Privacy Policy for Clients
Last updated: April 9, 2026
This Policy explains what personal data is collected about you when you use the Rutinize platform as a trainer’s client, who is responsible for each type of data, what it is used for and what rights you have.
1. Who is who
Your trainer — Is the data controller for most of your personal data. They decide what information they request from you, how they use it and how long they retain it.
Rutinize (the Provider) — Operated by Arian Roque ([email protected]). Stores and processes your data solely to operate the platform, following your trainer’s instructions. For its own technical data (errors, session), Rutinize acts as an independent controller.
You (the client) — You are the person whose data is processed. You have rights over it, explained in Section 10.
2. What data is processed and why
2.1 Data managed by your trainer
| Data | Purpose |
|---|---|
| Name and email address | Identifying you and enabling communication |
| Country | Content personalization and tax calculation if applicable |
| Language and time zone | Displaying dates and content in your language and time zone |
| Form responses | Information your trainer considers necessary to design your programs. If health questions are included, your trainer is responsible for obtaining your explicit consent. |
| Training history | Routines, exercises, loads, sets, reps and progressions |
| Recorded session data | Reps, weights and times you log in each session, processed by the Progression Engine |
| Metrics and progression | Performance and evolution data over time |
2.2 Data processed by Rutinize independently
| Data | Purpose |
|---|---|
| Technical activity and error logs | Detecting failures and improving stability |
| Session data in your browser (JWT, user, email, role) | Keeping your session active |
| Exercise video cache (up to 7 days) | Reducing load times |
3. The Progression Engine
The Engine automatically adjusts your routine according to the parameters configured by your trainer. It does not access your medical history or evaluate your health status. It only processes objective data from your sessions (reps, weights, times). Your trainer can supervise and revert any adjustment before your next session.
4. Legal bases for processing
- Performance of a contract — for processing necessary to provide the service to you.
- Legitimate interest — for Rutinize’s technical logs and session data.
- Consent — when required by law for specific processing; your trainer is responsible for obtaining it.
5. Your trainer’s role
If you want to access, correct or delete your data, contact your trainer first. They are the controller for that information.
6. Local storage in your browser
The platform does not use tracking cookies. It uses localStorage for:
- Session data (JWT, user, email, role) — required to keep the session active. Deleted on logout or token expiry.
- Video cache — up to 7 days. On your device only. You can clear it from your browser settings.
7. Who your data is shared with
| Provider | Function | Data they may access |
|---|---|---|
| Railway (USA) | Infrastructure | Stored data |
| Cloudflare (USA) | Domain and network | Traffic metadata |
| Mailgun / Sinch (USA/EU) | Email delivery | Your email and message content |
| Stripe (USA) | Payments | Your country if the tax feature applies |
Rutinize does not sell your personal data.
8. International transfers
Providers are based in the USA. Rutinize endeavors to use providers with recognized transfer mechanisms (EU Standard Contractual Clauses, UK Addendum, LGPD-equivalent for Brazil).
9. How long your data is retained
Trainer data is retained while you are an active client. When a trainer closes their account, Rutinize deletes or anonymizes their clients’ data within 30 days.
10. Your rights
Access, rectification, erasure, portability, restriction, objection and withdrawal of consent.
- Trainer’s data → contact your trainer.
- Rutinize’s data → [email protected] — subject “Privacy — data request”.
You may lodge a complaint with the data protection authority in your country (AEPD in Spain, ICO in the UK, ANPD in Brazil, etc.).
11. Minors
The platform is not intended for use by minors without supervision. Your trainer is responsible for ensuring that the processing of data relating to minors has the required authorizations.
12. Security
Rutinize implements HTTPS encryption, role-based access controls and security event logging.
13. Governing law
This Policy is governed by the laws of Canada, without prejudice to the non-waivable rights recognized by the laws of your country.
14. Contact
- Trainer’s data → contact your trainer.
- Rutinize’s data → [email protected] — subject “Privacy — data request”.