Privacy Policy

Last updated: June 8, 2026

1. Introduction

Teshape ("we," "our," or "us") is a fitness coaching and training app for iOS and Android. This Privacy Policy explains what data we collect, what we don't, and how the data you create inside the app flows between your device, our backend (Firebase), and, where you have a coaching relationship, your coach.

Teshape is built by one developer. We don't sell ads, we don't track you across other apps, and we don't sell your data. Because Teshape handles health data, we've tried to be especially clear about that below.

2. How Your Data Flows

Device ↔ Firebase (your account and training data): Your account, profile, training and nutrition plans, workout logs, progress photos, and coach/trainee messages are stored in Google Firebase (Firestore and Cloud Storage) under your user ID, governed by security rules scoped to your account.
You ↔ your coach: If you train with a coach on Teshape, that coach can see the data needed to coach you, your plan, your logged workouts, your progress, and the messages you exchange. That sharing only happens within an active coaching relationship, and ends when the relationship does.
Device ↔ Apple Health / Health Connect:With your explicit permission, Teshape reads activity and workout data from Apple Health (iOS) or Health Connect (Android) to display your metrics, and writes completed workouts back so your records stay in one place. This sync happens on your device. You can grant or revoke it at any time in your phone's health settings.
Device ↔ Apple / Google (sign-in): You sign in with Apple or Google. The provider authenticates you and returns a token to Firebase Auth. We never see your Apple or Google password.
Device ↔ RevenueCat ↔ Apple / Google: When you subscribe, the purchase is processed by the App Store or Google Play. RevenueCat sits between the app and the store to report whether your subscription is active. It receives an anonymous user ID we generate and the receipt data the store returns. We never see your payment method.
Device ↔ PostHog (product analytics):The app sends anonymous behavioral events (e.g. "workout logged," "paywall shown") keyed to your user ID so we can understand which parts of the app work. The content of your messages, notes, and progress photos is never sent to PostHog. Session recording / replay is disabled.

3. Information We Collect

Account information

Email address (relayed by Apple as a private address if you choose)
A Firebase Authentication user ID (UID)
The sign-in provider you used (Apple or Google)
Whether you use Teshape as a trainee, a coach, or both

Profile & training data (created by you or your coach)

Profile details you provide (name, goals, training preferences, profile photo)
Training and nutrition plans assigned to you
Workout logs: exercises, sets, reps, weight, and timestamps
Progress photos you choose to add
Messages exchanged with your coach or trainees

Health & fitness data

Activity and workout data read from Apple Health or Health Connect with your permission, used to display metrics in the app and inform your training. We do not use Apple Health data for advertising, and we do not share it with third parties. Health data is used to provide the fitness features you asked for.

Location

Approximate location, only while the app is in use and only if you allow it, so coaches in your area can be shown first. You can decline and still use Teshape.

Subscription state

Whether your subscription entitlement is active and its expiry, as reported by RevenueCat / the app store

Product analytics (PostHog, anonymous events)

Event names and coarse metadata (which screens you used, whether a workout was logged) keyed to your user ID
Crash and error reports without the content that triggered them

What we do NOT collect

No advertising identifier (no IDFA-based tracking)
No contacts, calendar, or microphone access
No third-party ad networks, ad SDKs, or retargeting trackers
No cross-app or cross-site tracking of any kind
No content of your messages or progress photos sent to analytics
No session recording or screen replay

4. Tracking & Advertising

Teshape does nottrack you across other companies' apps or websites, and does not use Apple's IDFA. The app does not present an App Tracking Transparency prompt because no cross-app tracking occurs.

5. Third-Party Services

Google Firebase (Authentication, Firestore, Cloud Storage): hosts your account, training data, photos, and messages.
Apple HealthKit / Android Health Connect: the on-device health stores Teshape reads from and writes to, only with your permission.
Apple: Sign in with Apple, App Store distribution, and billing.
Google: Google Sign-In, Google Play distribution, and billing.
RevenueCat: reports your subscription status to the app. Receives an anonymous identifier and store receipt data. Processes data in the United States.
PostHog: product analytics and error monitoring. Anonymous events only, no message or photo content. Session recording disabled.

6. Apple Health & Health Connect

Health and fitness data accessed through Apple Health or Health Connect is used only to provide Teshape's training features (showing your metrics and saving your workouts). We do not use it for advertising or marketing, we do not sell it, and we do not share it with any third party. You can revoke Teshape's health access at any time from your phone's Health (iOS) or Health Connect (Android) settings, and the app keeps working without it.

7. Data Retention & Deletion

Your account and training history live in Teshape so you and your coach can look back at them. You can delete your account from the app's settings, which removes your profile, workout logs, progress photos, and messages from our backend and deletes your authentication record. Health data that lives in Apple Health or Health Connect is controlled by you in those apps, not by Teshape.

8. Legal Basis for Processing (GDPR)

Contractual necessity (Art. 6(1)(b)): account creation, storing your plans and logs, and enabling coaching, all necessary to provide the service.
Explicit consent (Art. 9(2)(a)): processing of health and fitness data, which you grant through the system health permission and can withdraw.
Legitimate interest (Art. 6(1)(f)): basic operation and abuse prevention.

9. International Data Transfers

Firebase, RevenueCat, and PostHog process data in the United States. If you use Teshape from outside the U.S., your data is transferred there. These providers offer Standard Contractual Clauses for cross-border transfers.

10. Your Rights

You have the right to access, correct, export, or delete your personal data.

EEA/UK (GDPR): access, portability, restriction, objection, and the right to complain to your data protection authority.
California (CCPA/CPRA): the right to know, delete, and opt out of "sale" or "sharing." We do not sell or share your personal information.

11. Children's Privacy

Teshape is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

12. Security

Authentication tokens are stored in the device keychain. All traffic uses HTTPS, and Firestore security rules restrict each user's data to their own account and any coach they are actively working with. No system is perfectly secure, but Teshape stores only what's needed to coach and train.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced on this page and, if significant, in the app.

14. Contact

Questions or requests, write to support@moetalaat.com.