top of page

Privacy Policy

Privacy Policy

Effective date: 20 May 2026 Last updated: 30 May 2026

 

This Privacy Policy explains how Train Inside Out Limited ("TIO Crossfit", "we", "us", or "our"), a company registered in United Kingdom with registered address Suite 5 10 Churchill Square, West Malling, Kent, United Kingdom, ME19 4YU, collects, uses, shares, and protects personal information when you use the TIO Crossfit mobile application (the "App").

 

If you do not agree with this Policy, please do not use the App.

 

1. Who this Policy applies to

The App is intended exclusively for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal data, contact us at dev@tiocrossfit.com and we will delete it.

 

2. Information we collect

2.1 Information you provide directly

Category Examples

Account credentials Email address, password (stored hashed by our authentication provider — we never see your plaintext password).

Profile details First name, last name, profile photo (avatar).

Workout and performance data Scores you log against workouts (time, weight, reps, rounds, distance), notes you attach to a score, whether you completed a workout as RX or Scaled.

Benchmark history Personal records (PRs) for named benchmarks (e.g. Fran time, 1RM Back Squat) — including both scores logged in a workout context and standalone PR updates from the Benchmarks screen.

2.2 Information collected automatically

Category Examples Purpose

Device identifiers for push notifications Expo push token, platform (iOS/Android/Web), device name To deliver push notifications you've enabled (e.g. new workout posted).

Technical metadata Timestamps of account creation, score logs, and updates To order content (e.g. "last logged" dates) and provide service functionality.

We do not use third-party analytics, crash reporting, advertising SDKs, or marketing trackers. We do not collect precise location, contacts, photos library, microphone, or camera input.

 

2.3 Information we do not collect

Payment information (the App does not process payments).

Health data from Apple Health, Google Fit, or wearables.

Browsing or app-usage analytics.

Location. 3. How we use your information

We use your information only to operate the App and provide the features you request:

 

Authenticate you and keep your session active.

Display and update your workout scores, benchmark PRs, profile, and leaderboard standings.

Show the daily leaderboard to other members of the gym (see Section 5 for what is shared).

Send push notifications you've opted into.

Communicate with you about account issues or security alerts.

Comply with legal obligations and enforce our terms.

We rely on the following legal bases (GDPR users):

 

Contractual necessity — to deliver the service you signed up for.

Legitimate interest — security, fraud prevention, service improvement.

Consent — for push notifications. You can withdraw at any time in your device settings.

Legal obligation — to comply with applicable law.

We do not sell your personal data. We do not share it for cross-context behavioural advertising.

 

4. Who can see your data inside the App

Data Visible to other members Visible to gym admins Visible only to you

Your name and avatar ✓ (on the leaderboard) ✓ —

Today's leaderboard score for a workout ✓ ✓ —

Historical scores (past workouts) — ✓ ✓

Notes attached to a score — ✓ ✓

Benchmark / PR history — ✓ ✓

Email address — ✓ ✓

Gym admins are members of TRAIN INSIDE OUT LIMITED staff designated as administrators in our system. They access this data only to administer the gym (e.g. coach you, fix data entry errors).

 

5. Service providers (data processors)

We use the following processors to operate the App. They process data on our behalf under contract:

 

Provider Purpose Data processed Location

Supabase, Inc. Backend database, authentication, file storage (avatars) All account, profile, workout, score, and benchmark data United States

Expo (650 Industries, Inc.) Push notification delivery Expo push token, device platform/name, notification payload United States

Wix.com Ltd. Hosts our blog/news content None of your account data — only the public blog posts you read Global

These providers are bound by their own privacy and security commitments and are contractually prohibited from using your data for their own purposes.

 

6. International data transfers

Our processors are primarily located in the United States. If you access the App from the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data will be transferred outside your home country. We rely on:

 

Standard Contractual Clauses approved by the European Commission, and

equivalent safeguards mandated by our processors,

to ensure your data is protected to a standard essentially equivalent to that of your home jurisdiction. You may request a copy of these safeguards at dev@tiocrossfit.com.

 

7. Data retention

We retain personal data for as long as your account is active. Specifically:

 

Account, profile, and authentication data — for the lifetime of your account.

Workout, score, and benchmark history — for the lifetime of your account, so your historical performance is preserved.

Push tokens — until you log out, disable notifications, or uninstall the App.

When you delete your account (see Section 8), we delete or anonymise personal data within 30 days, except where we are required to retain records longer for legal, tax, accounting, or security purposes.

 

8. Your rights

Subject to your jurisdiction, you have the following rights regarding your personal data:

 

Right What it means

Access Request a copy of the personal data we hold about you.

Rectification Correct inaccurate or incomplete data. You can edit your profile and scores in the App directly.

Erasure Request deletion of your account and personal data.

Restriction Ask us to limit how we process your data.

Portability Receive your data in a machine-readable format (JSON).

Objection Object to processing based on legitimate interests.

Withdraw consent Withdraw consent for any processing based on consent (e.g. push notifications).

Lodge a complaint File a complaint with your local data protection authority.

California residents (CCPA / CPRA): In addition to the rights above, you have the right to know what categories of personal information we collect, the right to delete, and the right not to be discriminated against for exercising any of these rights. We do not sell or share personal information for cross-context behavioural advertising as those terms are defined under the CCPA.

 

To exercise any of these rights, email us at dev@tiocrossfit.com. We will respond within 30 days (or sooner where required by law).

 

9. Security

We protect your data with industry-standard safeguards:

 

Encryption in transit — all communication between the App and our backend is encrypted using HTTPS/TLS.

Encryption at rest — your data is stored encrypted by our hosting provider.

Row-level security — our database enforces that members can only access their own private data (scores, benchmarks, notes); only designated admins can access broader data, and only for legitimate gym-administration purposes.

Authentication — passwords are hashed using industry-standard algorithms. We never store plaintext passwords.

No system is completely secure. If we become aware of a breach affecting your personal data, we will notify you and any required regulator without undue delay and in accordance with applicable law.

 

10. Push notifications

When you allow push notifications, the App registers an Expo push token with our backend. We use this token to send you notifications such as new workout postings.

 

You can disable push notifications at any time in your device's system settings. When you do, we will continue to store the inactive token until you log out or uninstall, after which it is removed.

 

11. Cookies and similar technologies

The App is a native mobile application and does not use browser cookies. It does use local device storage to keep you signed in and cache content for offline access. This data stays on your device and is cleared when you uninstall the App.

 

12. Third-party links and content

The App may display links to third-party websites (e.g. our blog, support pages, the app store) or open content provided by third parties. Their privacy practices are governed by their own policies, not this one.

 

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you in-app or by email before the change takes effect. Your continued use of the App after the effective date constitutes acceptance of the updated Policy.

 

14. Contact us

If you have questions about this Policy or wish to exercise any of your rights:

 

Email: dev@tiocrossfit.com

Postal address: TRAIN INSIDE OUT LIMITED, Suite 5 10 Churchill Square, West Malling, Kent, United Kingdom, ME19 4YU

Website: [https://www.tiocrossfit.com/]

If you are in the EEA, you have the right to lodge a complaint with the data protection authority in your country of residence.

 

This document is provided as a starting template. We strongly recommend having it reviewed by a qualified attorney in your jurisdiction before publishing, especially if you operate in multiple regions or expand the data you collect.

©2021 by TIO CrossFit

bottom of page