Effective date: 30 June 2026 · Concept & Code, LLC
This document is provided in English, which is the legally binding version.
Summary: FORGE Training collects the fitness and health information you choose to enter so it can track your training and power its AI features. We ask for your explicit consent before collecting sensitive health information, and again before you share any of it with a coach. We do not sell your data or share it with advertisers. You can ask us to delete your account and all associated data at any time.
FORGE Training is a consumer fitness and wellness product — not a medical service. We are not a healthcare provider, and FORGE Training is not a "covered entity" or "business associate" under HIPAA. The health-related information you enter (such as conditions or training limitations) is fitness context you provide to personalise your experience — it is not a medical record, diagnosis, or treatment. See our Terms of Service for the full AI and health disclaimer.
FORGE Training ("FORGE Training", "we", "us", "our") is operated by Concept & Code, LLC, a limited liability company registered in the United States. Our primary privacy contact is privacy@forgetraining.ai.
For users in the European Economic Area (EEA) and United Kingdom, Concept & Code, LLC acts as the data controller for personal data processed through the FORGE Training app and website.
You enter this data voluntarily to personalise your training. Some of it is sensitive — see Section 3.
FORGE Training includes a Coach Portal. Two distinct data flows exist:
We do not store payment card details. Subscription billing is handled by Stripe on its hosted checkout pages; Stripe processes your payment securely and we receive only your subscription status (active/inactive), tier, and the identifiers needed to manage your subscription.
If you enable Face ID, Touch ID, or fingerprint unlock, that authentication is performed entirely by your device's operating system. FORGE Training never receives, processes, or stores your biometric identifiers (face or fingerprint data) — we only store a flag that biometric unlock is enabled and an optional locally-set PIN hash on your device.
Some information you may choose to provide — health conditions, training limitations, and menstrual-cycle data — is treated as special-category data under the GDPR (Article 9) and as "consumer health data" under U.S. state laws such as the Washington My Health My Data Act and similar Nevada and Connecticut provisions.
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Providing and personalising the app | Account and non-sensitive fitness data | Contract performance |
| Using sensitive health / cycle data for personalisation and AI features | Health conditions, limitations, cycle data | Explicit consent (Art. 9(2)(a)) |
| AI session adjustment, recovery and pre-session briefs | Check-in, relevant session history, and (only if consented) health context | Contract performance / explicit consent |
| Coach Portal — client management and consented sharing | Coach-entered records; categories you share | Contract performance / explicit consent |
| Transactional emails (verification, password reset, coach invites) | Email address | Contract performance |
| Processing subscription payments | Subscription status (via Stripe) | Contract performance |
| Maintaining security and fixing bugs | Usage and error data | Legitimate interests |
| Legal compliance | As required | Legal obligation |
We do not sell your personal information, and we do not use your health data for advertising, cross-context behavioural advertising, or third-party profiling.
FORGE Training uses Claude (by Anthropic) to power AI session adjustment, recovery recommendations, and coach pre-session briefs. All AI requests are routed through our own secure server-side proxy — your data is never sent directly from your device to Anthropic. We send only the minimum context each feature needs.
Where a coach pre-session brief is involved, health-derived context is included only when the client has both a linked account and the "health" sharing toggle switched on; otherwise those fields are withheld before the request is built, and the brief shows the coach which data categories were used.
Anthropic processes this data as our service provider under its commercial terms, which do not permit it to train its models on the inputs we send. AI outputs are not medical advice — see our Terms of Service.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage, transactional email | App data (stored on their infrastructure, US region) |
| Anthropic (via our proxy) | AI features | Minimal session context per request |
| Stripe | Payment processing & subscriptions | Email, user ID, subscription + payment details (held by Stripe) |
| Apple / Google | App distribution and, if you use it, Google Sign-In (OAuth) | As required by their platforms |
These providers act as our processors / service providers and are contractually required to process your data only as instructed by us and in accordance with applicable law. (Payments are processed on the web via Stripe; FORGE Training does not use Apple or Google in-app purchase billing.)
Depending on your location, you may have the right to:
To delete your account and data, use Settings → Account → Delete account in the app — this deletes your account and associated data immediately and cannot be undone. You can also email privacy@forgetraining.ai from your account address and we will action it within 30 days. To exercise any other right, contact the same address. We do not charge for these requests or discriminate against you for making them. EEA and UK users may also lodge a complaint with their local data protection authority.
California (CCPA/CPRA): California residents have the right to know what personal information we collect and how it is used, to delete it, to correct it, and to limit the use of sensitive personal information. We do not sell or "share" (for cross-context behavioural advertising) personal information, and you will not be discriminated against for exercising your rights.
Washington / Nevada / Connecticut consumer health data: consumer health data (Section 3) is collected and shared only with your consent, and you may withdraw that consent or request deletion at any time via privacy@forgetraining.ai.
FORGE Training is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact privacy@forgetraining.ai and we will delete it promptly. (Coaches who manage youth athletes do so by entering records themselves and are responsible for obtaining any necessary parental consent.)
We use industry-standard technical and organisational measures, including:
No system is completely secure. If you believe your account has been compromised, contact support@forgetraining.ai immediately.
FORGE Training is operated in the United States and your data is processed there. If you access the Service from outside the US, your data will be transferred to and processed in the United States. For transfers from the EEA or UK, we rely on standard contractual clauses or other lawful transfer mechanisms.
The FORGE Training app and website use local storage and essential cookies to keep you signed in, remember your preferences (language, units, biometric/PIN settings), and avoid repeating consent dialogs. We do not use third-party tracking or advertising cookies. You can manage cookie preferences in the app under Settings.
We may update this Privacy Policy from time to time. We will signal material changes by updating the effective date above and, where appropriate, by email. Continued use of FORGE Training after changes take effect constitutes acceptance of the updated policy.