Back to ASPIER

Privacy Policy

Effective date: 9 June 2026  ·  Last updated: 9 June 2026

This Privacy Policy explains how ASPIER ("ASPIER", "we", "us", "our") collects, uses, shares, and protects your personal information when you use the ASPIER mobile application and related services (the "App"). ASPIER is a fitness, training, and nutrition coaching app. We are based in the United Kingdom.

If you have any questions, contact us at [email protected].

1. Who we are

ASPIER provides personalised training, nutrition, and recovery coaching, powered in part by an AI coach that generates guidance from the data you choose to record or connect. This policy applies to the ASPIER app and the accounts, data, and integrations associated with it.

For data protection purposes under UK GDPR, ASPIER is the data controller for the personal information described below.

2. Information we collect

We only collect information needed to run the App and provide your coaching. The categories below reflect everything the App can store about you.

2.1 Account information

  • Email address
  • Display name
  • Avatar / profile image (optional)

2.2 Training data

  • Workouts, exercises, sets, reps, and weights
  • Routines and programs
  • Scheduled session times and completion logs

2.3 Nutrition data

  • Food and meal logs (calories and macronutrients)
  • Optional micronutrient detail
  • Meal times
  • Food and meal photos (optional)

2.4 Body and health data

  • Bodyweight
  • Progress photos (optional)
  • Wearable health metrics from connected services — heart rate variability (HRV), sleep, resting heart rate, readiness, recovery, strain, body composition, and activity — sourced from Apple Health, Oura, WHOOP, Withings, Fitbit and/or Google Health Connect where you connect them.

This is health and wellness data. We treat it as sensitive and only use it to provide your own insights and coaching, as described in Section 3. ASPIER does not provide medical advice and is not a medical device (see our Terms of Service).

2.5 Schedule data

  • Weekly availability (e.g. work hours and busy blocks)
  • Optionally, device calendar events — read only, and only to find free time for training. We use this to schedule around you; we do not write to or share your calendar.

2.6 Integrations

You can connect optional third-party services. Each is limited to the minimum access needed:

ServiceDirectionWhat it does
Apple HealthRead onlyImports health metrics (HRV, sleep, resting HR, activity) you authorise.
StravaWrite onlyPosts your completed ASPIER workouts to your Strava feed. ASPIER does not read any data from Strava.
OuraRead only (daily scope only)Imports your recovery, sleep, HRV, and activity summaries to inform coaching.
WHOOPRead onlyImports your recovery, strain, sleep and workout summaries to inform coaching.
WithingsRead onlyImports your weight, body composition, sleep, heart rate and activity to inform coaching.
FitbitRead onlyImports your activity, heart rate, sleep and weight data to inform coaching.
Google Health ConnectRead onlyReads the health metrics you authorise on your Android device (e.g. activity, heart rate, sleep).
Spotify / Apple MusicDeep link onlyOpens the relevant app. No music data is stored.

You can disconnect any integration at any time from the App's settings, and you can revoke access from the third-party service directly.

3. How we use your information

We use your information to:

  • Create and manage your account and authenticate you.
  • Record and display your training, nutrition, body, and recovery data.
  • Generate personalised, per-user coaching through our AI coach — this is inference performed for you, about your own data, to produce your own insights.
  • Schedule training around your availability and (if connected) calendar.
  • Post your completed workouts to Strava, if you connect it.
  • Maintain, secure, debug, and improve the App.
  • Communicate with you about your account and service changes.

We do not sell your personal information.

We do not use your personal data — including your Oura, Apple Health, or other health data — to train machine-learning models. Your data is used only to generate insights and coaching for you.

4. AI coaching and automated processing

The AI coach generates guidance (training, nutrition, recovery suggestions) based on the data you record or connect. This is automated processing carried out to deliver the service you signed up for. The coach produces suggestions only — it does not make decisions that produce legal or similarly significant effects, and its output is general fitness guidance, not medical advice. You remain in control of what you act on.

To produce coaching, relevant data may be processed by our AI model provider acting as a processor on our behalf, under contract, solely to return your result. It is not used by that provider to train its models.

5. Legal bases for processing (UK GDPR)

We rely on the following legal bases:

  • Contract — to provide the App and the coaching you sign up for.
  • Consent — for optional features and sensitive data, including connecting Apple Health, Oura, your device calendar, and storing photos. You can withdraw consent at any time by disconnecting the integration or deleting the data.
  • Legitimate interests — to secure, maintain, and improve the App, where not overridden by your rights.
  • Legal obligation — where we must retain or disclose information by law.

Where we process special-category (health) data, we do so on the basis of your explicit consent, which you give by connecting a health source or recording health data, and which you can withdraw at any time.

6. How we share information

We share data only with service providers ("processors") that help us run ASPIER, and only as needed:

  • Supabase — our backend, authentication, database, and file storage provider.
  • Our AI model provider — to generate your coaching output (see Section 4).
  • Apple, Strava, Oura, WHOOP, Withings, Fitbit, Google Health Connect — only the specific data flows you authorise (see the integrations table in Section 2.6).

These providers are bound by contract to protect your data and to use it only to provide services to us. We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, and security of users and the public.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

7. Wearable integration data

ASPIER connects to wearables and health platforms so the coach can factor in your recovery. Every connection is read-only, scoped to the minimum needed, and used only to give you your own insights. You can disconnect any of them at any time in the App and revoke access in the provider's own account.

7.1 Oura

If you connect Oura:

  • ASPIER requests read-only access, limited to the daily scope.
  • Oura data (sleep, HRV, readiness, activity) is used only to provide your own insights and coaching — per-user inference, for you.
  • Oura data is not sold and is not used to train models.
  • You can disconnect Oura at any time in the App, and revoke access in your Oura account. On disconnection we stop syncing, and you can request deletion of previously synced Oura data (see Section 9).

We handle Oura data in accordance with Oura's Developer Terms and Data Use Policy.

7.2 WHOOP

If you connect WHOOP:

  • ASPIER requests read-only access to the WHOOP data you authorise — your recovery, strain (cycles), sleep, workouts, and basic profile / body measurement data.
  • WHOOP data is used only to provide your own insights and coaching — per-user inference, for you.
  • WHOOP data is not sold and is not used to train models.
  • You can disconnect WHOOP at any time in the App, and revoke access in your WHOOP account. On disconnection we stop syncing, and you can request deletion of previously synced WHOOP data (see Section 9).

We handle WHOOP data in accordance with WHOOP's Developer Agreement and API terms.

7.3 Apple Health

If you connect Apple Health, ASPIER reads only the metrics you authorise on your device (such as HRV, sleep, resting heart rate and activity). This data stays governed by your device permissions, is used only for your own coaching, is not sold, and is not used to train models. You can revoke access at any time in iOS Settings → Health.

7.4 Withings

If you connect Withings:

  • ASPIER requests read-only access to the data you authorise — your weight, body composition, sleep, heart rate and activity.
  • Withings data is used only to provide your own insights and coaching — per-user inference, for you.
  • Withings data is not sold and is not used to train models.
  • You can disconnect Withings at any time in the App, and revoke access in your Withings account. On disconnection we stop syncing, and you can request deletion of previously synced Withings data (see Section 9).

We handle Withings data in accordance with Withings' API terms and developer policies.

7.5 Fitbit

If you connect Fitbit:

  • ASPIER requests read-only access to the data you authorise — your activity, heart rate, sleep and weight.
  • Fitbit data is used only to provide your own insights and coaching — per-user inference, for you.
  • Fitbit data is not sold and is not used to train models.
  • You can disconnect Fitbit at any time in the App, and revoke access in your Fitbit account. On disconnection we stop syncing, and you can request deletion of previously synced Fitbit data (see Section 9).

We handle Fitbit data in accordance with Fitbit's Platform Terms of Service.

7.6 Google Health Connect

If you connect Google Health Connect (on Android), ASPIER reads only the metrics you authorise on your device (such as activity, heart rate and sleep). This data stays governed by your Health Connect permissions, is used only for your own coaching, is not sold, and is not used to train models. You can revoke access at any time in the Health Connect settings on your device.

8. Data retention and security

We keep your information for as long as your account is active or as needed to provide the App. When you delete data or close your account, we delete or anonymise the associated personal data within a reasonable period, except where we must retain limited information to meet legal obligations.

We use technical and organisational measures — including encryption in transit, access controls, and trusted infrastructure providers — to protect your data. No system is perfectly secure, but we work to safeguard your information.

9. Your rights and choices

Depending on your location, you have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data — the App supports account deletion, which removes your account and associated personal data. You can also request deletion by emailing [email protected].
  • Restrict or object to certain processing.
  • Withdraw consent for optional features and integrations at any time.
  • Port your data where applicable.

To exercise any right, use the in-app controls (Settings → Account) or contact [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Children

ASPIER is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.

11. International transfers

We are based in the UK. Some processors may process data outside the UK/EEA. Where that happens, we rely on appropriate safeguards (such as UK adequacy regulations or standard contractual clauses) to protect your data.

12. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date and, for material changes, notify you in the App. Continued use after an update means you accept the revised policy.

13. Contact

ASPIER
Email: [email protected]

This policy is provided in good faith to describe ASPIER's data practices. It is not legal advice. Please have it reviewed by a qualified professional before relying on it commercially.