Legal
Privacy policy
Last updated: 21 May 2026
This policy explains how FreediveTraining handles your personal data when you use our freediving training app and website. It reflects what the product does today — account sign-in, training logs, optional public profile and leaderboard, and the contact form.
1. Who is responsible for your data?
The operator of FreediveTraining (“we”, “us”) is responsible for how personal data is processed through this service. For privacy questions or requests, use our contact form.
We do not sell your personal data to advertisers or data brokers.
2. Who this policy covers
This policy applies if you:
- Visit pages on our site without signing in (for example Training, Leaderboard, or marketing pages),
- Create an account and use features such as the dashboard, library, plans, and breath-hold timer, or
- Publish a public profile or appear on the leaderboard when you opt in.
For cookies and browser storage, see our cookie policy.
3. Personal data we collect
The data we process depends on how you use the app. The table below summarises the main categories.
| Category | Examples | When collected |
|---|---|---|
| Account & authentication | Email address, password (stored and processed by Supabase Auth, not visible to us in plain text), email verification status | Sign-up, sign-in, password reset, email change |
| Profile | Username, display name, avatar image, headline, bio, social media links, custom links, federation profile URLs (AIDA / Molchanovs), member roles (e.g. athlete, instructor), visibility settings | Profile and public profile settings |
| Training activity | Breath-hold table sessions (duration, rounds, longest hold, performance details, optional session comments), custom breath-hold tables and planning workouts you create, training plans, scheduled days, workout completion and day notes | When you train, save sessions, or edit your library and plans |
| Streaks & aggregates | Current and longest training streak, last training date, session counts, total training time, best hold (for your account and, if enabled, public display) | Automatically when you log training days |
| Leaderboard (optional) | Username, display name, avatar, current streak — only if you turn on “show on leaderboard” | When you enable leaderboard visibility in profile settings |
| Public profile (optional) | Profile fields you choose to show, plus aggregated stats and personal bests when your profile is public | When you set your profile to public; visible at /@username |
| Contact messages | Name, email, optional subject, message text | When you submit the contact form (sent to us by email via Resend) |
| Technical | Authentication cookies; see cookie policy. We do not run third-party analytics on this app. | When you use the site, especially while signed in |
4. How we use your data
We use personal data to:
- Provide and secure your account (sign-in, sign-out, banned-account enforcement),
- Store and display your training content (tables, plans, sessions, library),
- Calculate streaks and dashboard statistics,
- Show your public profile or leaderboard entry only when you enable those options,
- Operate premade content published by administrators,
- Respond to contact form messages,
- Maintain the service, fix errors, and prevent abuse (including blocked usernames and admin moderation).
We do not use your data for third-party advertising or automated profiling for marketing.
5. Legal bases (EEA, UK, and similar laws)
Where applicable, we rely on:
- Contract — processing needed to provide the service you signed up for (account, saving training, plans).
- Legitimate interests — operating and securing the platform, streak/leaderboard features you opt into, and answering contact messages (balanced against your rights).
- Consent — where you make a clear choice (for example enabling a public profile or leaderboard visibility). You can withdraw consent by changing settings or making your profile private.
- Legal obligation — if we must retain or disclose data to comply with law.
6. Your visibility choices
You control important sharing settings in your profile:
- Public profile — off by default. When on, visitors can see your chosen profile information at
/@username. - Leaderboard — off by default. When on, your username, name, avatar, and current streak may appear on the public leaderboard page.
- Email — your sign-in email is not shown on public pages; it is used for account and security purposes.
7. Who we share data with
We share data only as needed to run the service, with:
- Supabase — hosting authentication, the database, row-level security, and avatar file storage. Data is stored in infrastructure Supabase operates. See Supabase privacy information.
- Resend — delivers contact form submissions to our inbox (your name, email, and message).
- Hosting provider — serves the Next.js application (for example Hostinger or similar). Server logs may include IP address and request metadata as part of normal web hosting.
- Administrators — authorised FreediveTraining admins can access user records for support, moderation, publishing premade content, invites, and account deletion where permitted by policy.
Other users and the public only see what your settings allow (public profile and leaderboard).
8. International transfers
Our processors (such as Supabase and Resend) may process data in countries outside your own, including the United States. Where required, they use appropriate safeguards (for example standard contractual clauses). Contact us if you need more detail about transfers relevant to your region.
9. How long we keep data
- Account and training data — kept while your account exists and as needed to provide the service.
- Deleted accounts — when an administrator deletes an account, we remove the auth user and associated profile and training data through our deletion process. Some backups or logs at processors may persist for a limited period under their policies.
- Contact emails — kept in our mailbox as long as needed to handle your request and for reasonable record-keeping.
If you want your account removed and cannot delete it yourself, contact us via the contact form.
10. Security
We use industry-standard measures including HTTPS, Supabase authentication, row-level security in the database, and server-side checks for sensitive actions. No online service is completely secure; please use a strong unique password and keep your sign-in details private.
11. Your rights
Depending on where you live (including the EEA, UK, and similar regions), you may have rights to:
- Access a copy of your personal data,
- Correct inaccurate profile information in the app,
- Delete your data (contact us if you need account deletion),
- Restrict or object to certain processing,
- Withdraw consent where processing is based on consent,
- Data portability where applicable,
- Lodge a complaint with your local data protection authority.
To exercise these rights, contact us at /contact. We may need to verify your identity before responding.
12. Children
FreediveTraining is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will take appropriate steps to delete it.
13. Changes
We may update this policy when features or legal requirements change. The “Last updated” date will change accordingly. Significant changes may also be noted on the site where appropriate.