Privacy Policy

Last updated: April 2026

Note: Structur is currently in beta. Certain details in this policy (including registered company name and address) are marked as pending and will be updated upon formal incorporation.

1. Who We Are

Structur ("we", "us", "our") is a fitness coaching platform that enables coaches to create structured training plans and distribute them to athletes, with planned integration to sync workouts to wearable devices such as Garmin and COROS.

The data controller for your personal data is the Company Secretary of Structur.

Trading name: Structur
Legal name: TBC (pending incorporation)
Registered address: TBC
Jurisdiction: United Kingdom
Privacy contact: privacy@structur.fit

2. Who This Policy Applies To

This policy applies to all users of the Structur platform, including coaches and athletes. Structur is not intended for use by persons under the age of 18. By creating an account, you confirm that you are 18 years of age or older. If we become aware that a user is under 18, we will promptly delete their account and associated data.

3. What Data We Collect

We collect the following categories of personal data:

Account Data

Name, email address, and hashed password collected when you register. Club name and sporting discipline provided during onboarding.

Profile Data

Profile picture uploaded voluntarily.

Training Data

Workouts created by coaches, workout assignments, training schedules, and fitness activity data synced from connected wearable devices.

Device Connection Data

OAuth tokens used to authenticate with third-party wearable device platforms (Garmin, COROS). These tokens allow us to sync workout data to and from your device on your behalf. Device integrations are currently pending vendor approval.

Communications Data

Messages sent between coaches and athletes within the platform.

Usage Data

We plan to use Google Analytics to collect anonymised data about how users interact with the platform, including pages visited, session duration, and device type. This will be implemented in a future update and this policy will be updated accordingly.

Technical Data

IP address, browser type, and access logs collected automatically by our hosting infrastructure.

4. How We Use Your Data

Purpose	Legal Basis (UK GDPR)
Creating and managing your account	Contract performance
Delivering workouts to athletes	Contract performance
Syncing workouts to wearable devices	Contract performance / Consent
Sending transactional emails (invites, notifications)	Contract performance / Legitimate interests
Coach-athlete messaging	Contract performance
Improving the platform via analytics	Legitimate interests / Consent
Complying with legal obligations	Legal obligation

5. Third Parties We Share Data With

We do not sell your personal data. We share data only with the following third-party service providers, solely for the purpose of operating the platform:

Vercel – Cloud hosting and infrastructure (EU/US)
Neon – Serverless PostgreSQL database (EU)
Resend – Transactional email delivery (EU)
Garmin – Wearable device data sync via their Connect API (pending vendor approval)
COROS – Wearable device data sync via their API (pending vendor approval)
Google Analytics – Anonymised usage analytics (planned; not yet active)

All third-party providers are required to handle your data in accordance with applicable data protection law and are subject to appropriate data processing agreements.

6. International Data Transfers

Some of our third-party service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or adequacy decisions, in accordance with UK GDPR Chapter V.

7. Data Retention

We retain your personal data for as long as your account is active. If you request deletion of your account:

Your data will be permanently deleted within 30 days of your request.
An anonymised audit record of account deletion is retained for legal compliance purposes.
Device OAuth tokens are revoked immediately upon account deletion or disconnection.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access – request a copy of the data we hold about you
Right to rectification – request correction of inaccurate data
Right to erasure – request deletion of your data ("right to be forgotten")
Right to restrict processing – request we limit how we use your data
Right to data portability – receive your data in a structured, machine-readable format
Right to object – object to processing based on legitimate interests
Right to withdraw consent – where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@structur.fit. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use session cookies necessary for authentication and platform operation. These are essential cookies and do not require consent under UK GDPR. When Google Analytics is implemented, we will update this policy and introduce a cookie consent mechanism as required.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including password hashing, encrypted data transmission (HTTPS), and access-controlled infrastructure. No system is entirely secure, and we cannot guarantee absolute security of data transmitted over the internet.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via a notice within the platform. The "last updated" date at the top of this page will always reflect the most recent version.

12. Contact Us

For any questions, concerns, or data subject requests relating to this Privacy Policy, please contact:

Structur

Data Controller: Company Secretary

Email: privacy@structur.fit

Registered address: TBC