Skip to main content

Privacy policy

Last updated: 2026-03-21

This policy explains how MatchMyTrainer collects and uses personal data when you use our website (the "Service"). If you have questions, contact team@matchmytrainer.uk.

Data controller

MatchMyTrainer Limited (company number 16996627) is the data controller for personal data processed through the Service. We are registered in England and Wales. You can contact us at team@matchmytrainer.uk.

What we collect

  • account details (email and name)
  • profile information you provide (e.g. trainer bio, services, venues, photo)
  • booking and subscription details (trainer, service, location, date/time, notes, billing period)
  • reviews you leave after completed bookings
  • qualification documents uploaded by trainers (e.g. certification PDFs, insurance documents, DBS check certificates) — these are stored in a private storage bucket and are only accessible to the trainer who uploaded them and our admin team for verification purposes
  • technical data needed to operate the Service (e.g. logs and error reports)
  • email addresses and names submitted through our free guide download pages — these are stored separately from platform accounts and used to deliver the requested content and occasional marketing emails (see "Marketing emails" below)

Health information

Clients may optionally share health information with their chosen trainer to help personalise training sessions. This may include details about medical conditions, injuries, fitness goals, dietary requirements, and other relevant notes. Health information is considered "special category data" under the UK GDPR.

Lawful basis: We process health information on the basis of your explicit consent (GDPR Article 9(2)(a)). Providing health information is entirely voluntary — you choose what to share and when.

Access: Health information you provide is only visible to the specific trainer you share it with, plus MatchMyTrainer administrators for support and safety purposes. It is not displayed publicly.

Control: You can update or delete your health profile at any time through your account settings. Health data is included in data export requests and is deleted when your account is deleted.

What we use it for

  • to provide core features (accounts, booking, reviews)
  • to verify trainer qualifications (reviewing uploaded documents against stated credentials)
  • to send transactional emails (confirmations and notifications)
  • to prevent abuse and keep the platform secure
  • to improve product quality and user experience
  • to deliver free guides and resources you request, and to send occasional marketing emails about MatchMyTrainer (you can unsubscribe at any time)

Legal basis (GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data based on the following legal grounds:

  • Contract performance — to provide the Service, process bookings, and fulfil our obligations to you
  • Legitimate interests — to operate and improve the Service, prevent fraud, and ensure security (where these interests are not overridden by your rights)
  • Consent — trainers voluntarily upload qualification documents for verification; this data is only processed when submitted by the trainer. When you submit your email to download a free guide, you consent to receiving the guide and occasional marketing emails from us. For health information (special category data), we rely on your explicit consent under Article 9(2)(a) — see "Health information" above
  • Legal obligations — to comply with applicable laws, such as tax and accounting requirements

Public information

Trainer profiles are public so clients can browse trainers and book sessions. This may include a trainer's name, photo, bio, services, venues, pricing, reviews, and verified qualification badges (qualification name, type, and issuing body — but not the uploaded document itself, which remains private).

Reviews are shown on trainer profiles. Reviewer display names are limited (for example, first name and last initial) to reduce unnecessary exposure of client data.

Sharing

We only share data with service providers needed to run the Service. We do not sell personal data.

  • Supabase (database, authentication, and file storage)
  • Vercel (website hosting, anonymous performance analytics via Vercel Analytics and Speed Insights)
  • Stripe (payment processing for bookings, packages, and subscriptions — Stripe securely tokenises your payment method for recurring charges; we never store card details)
  • Resend (email delivery for account and booking emails)
  • Sentry (error monitoring and performance tracking — may collect IP addresses, browser information, and technical error context to help us identify and fix issues; Sentry processes this data as our data processor)
  • PostHog (analytics and session recordings, hosted in the EU)
  • Meta (advertising measurement — if you accept cookies, the Meta pixel records page views so we can measure the effectiveness of our ads; no data is shared with Meta if you decline cookies)
  • Location lookup providers (only when you search by location): OpenStreetMap Nominatim and postcodes.io

Cookies and analytics

We use PostHog to understand how people use our Service and to improve the user experience. This includes:

  • page views and interactions (clicks, form submissions)
  • session recordings that show how users navigate the site
  • performance metrics (page load times)

When you first visit our site, we collect anonymous analytics data without using cookies. If you accept cookies via our consent banner, we use cookies to remember you across sessions and provide a more personalised experience. We also load the Meta pixel, which helps us measure whether our advertising campaigns are effective by recording page views. If you decline, we continue to collect anonymous analytics without storing any cookies on your device, and the Meta pixel is not loaded.

You can change your cookie preference at any time by clearing your browser's local storage for this site. Analytics data is processed in the European Union. Sensitive information such as passwords is automatically excluded from recordings.

Marketing emails

When you download a free guide or resource from our website, you provide your name and email address. We use this information to:

  • Deliver the guide you requested
  • Send occasional emails with tips, resources, and information about MatchMyTrainer

Every marketing email includes an unsubscribe link. Clicking it immediately removes you from future marketing emails. You can also contact team@matchmytrainer.uk to request removal. Unsubscribing from marketing emails does not affect any transactional emails related to a MatchMyTrainer account, if you have one.

We do not sell or share your email address with third parties for their marketing purposes.

International transfers

Some of our service providers are US-based companies. However, we use EU-hosted regions wherever possible. Where personal data is processed outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

Retention

We keep personal data only as long as needed to operate the Service and for legitimate business purposes such as security, support, and resolving disputes. You can request deletion of your account and associated data (see "Your rights").

When an account is deleted, personal data (name, email, phone, address, and other profile information) is anonymised immediately. Active subscriptions and future bookings are cancelled. After a 30-day grace period, remaining data is permanently removed from our systems.

Qualification documents uploaded by trainers are retained while the trainer's account is active and the qualification record exists. When a trainer deletes a qualification or their account is deleted, the associated document is removed from storage.

We retain anonymised financial records (payment amounts, dates, and transaction references) for a minimum of six years to comply with UK tax and accounting obligations. These records do not contain personal information that can identify you.

Your rights (GDPR)

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (in certain circumstances)
  • Object to processing based on legitimate interests
  • Request restriction of processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time where we rely on consent as the legal basis for processing (this does not affect the lawfulness of processing carried out before you withdraw consent)

To exercise these rights, contact team@matchmytrainer.uk. We will respond within one month.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Automated decision-making

We do not use automated decision-making or profiling as defined under GDPR Article 22.

Changes to this policy

We may update this policy from time to time. We’ll update the “Last updated” date above when we do.