Skip to main content
Leenen PerformanceleenenPERFORMANCE

Legal

Privacy policy

Last updated: 2026-05-10

Plain-language summary: We collect what we need to run the platform, never what we don't. Coaches own their client data and can export or delete it at any time. We never sell data, never use client health data for AI training, and we tell you exactly which third parties touch your information (see /security).

1. Who we are

Leenen Performance is operated by [Leenen Performance Pty Ltd] in Australia. We are the data controller for coach data and the data processor for the data coaches collect about their clients.

Address, ABN, and registered office details will be added before public launch.

2. What we collect

From coaches: name, email, phone, business name, payment details (handled by Stripe — we don't see card data), and content you create on the platform (programs, recipes, messages, etc.).

From clients (controlled by their coach): contact details, training and nutrition logs, optional progress photos and videos, optional wearable health data (heart rate, sleep, activity), payment history.

Automatically: device and browser information, log data, cookies and similar tracking (only with your consent — see the cookie banner).

3. How we use it

Run the platform you're paying for. Send transactional notifications (you can't opt out of these — they're required for the service to function). Detect fraud and abuse. Improve the product (aggregated and de-identified data only).

We never sell personal data. We never use client health data for AI model training. AI features are restricted to the data you (or your coach) explicitly send to them.

4. Who else sees it

Our subprocessors (database, hosting, payments, email, analytics, etc.) — see /security for the complete list. Each is contractually bound to handle data only for the purposes we direct.

Law enforcement only when legally required, with the narrowest scope possible, and we'll notify you unless legally prohibited.

5. Your rights

Access: download a complete copy of your data anytime from /settings/privacy/export.

Rectification: edit anything you've stored, anytime.

Deletion: delete your account and we hard-delete within 30 days. Backups roll out within 90 days of deletion.

Portability: your export is in machine-readable JSON + CSV.

Objection / restriction: you can opt out of analytics, AI, and non-essential processing.

6. Data residency

Default region: Sydney, Australia (Supabase ap-southeast-2). EU residency available on Enterprise tier. We don't transfer data to the US except for the small set of subprocessors (e.g. Stripe, OpenAI) where the transfer is necessary for the service.

7. Security

TLS 1.3 in transit, AES-256 at rest, Postgres Row-Level Security on every table. Daily backups with point-in-time recovery. See /security for details.

If we ever experience a notifiable data breach, we'll tell you within 72 hours.

8. Contact

Privacy questions: privacy@leenenperformance.com. Security reports: security@leenenperformance.com.

This is the public placeholder ahead of legal review. The signed-and-stamped version will live at this URL before public launch.