Privacy Policy
Last updated: March 30, 2026
This notice describes how TrainCore processes personal data of users of the web platform for athlete management, performance testing, session planning, and related services (including payments, authentication, and data export).
1. Data controller
Davide Rizzello
Privacy email: info@traincore.it
2. Types of data processed
- Account data: email, password (handled by the authentication provider), user identifier, and profile data provided at registration (first name, last name, role, organization, location, and year activity started).
- Athlete and sports data: athlete name, team/sport, age, date of birth, height, weight, notes, test results (e.g. MAS/VIFT), sessions, and training parameters.
- Usage data: technical and product events (analytics), application logs, and session metadata.
- Billing/subscription data: customer and subscription identifiers, plan status, renewal periods, and technical payment metadata (via Stripe).
- Marketing consent data: opt-in/opt-out choice, consent timestamp, consent text version, and collection technical metadata (e.g. IP and user agent).
- Technical data: cookies and similar technologies strictly required for authenticated session functionality; any additional tracking tools are used based on consent where required.
3. Purposes and legal bases
- Performance of the requested service (Art. 6(1)(b) GDPR): account creation, authentication, athlete/test/session management, exports (PDF/Excel), and technical support.
- Legal obligations (Art. 6(1)(c) GDPR): tax and administrative obligations, and cooperation with competent authorities.
- Legitimate interest (Art. 6(1)(f) GDPR): security, abuse/fraud prevention, and platform reliability/performance improvements.
- Consent (Art. 6(1)(a) GDPR): non-essential cookies and promotional/onboarding marketing emails (optional opt-in, revocable at any time).
3-bis. Promotional email communications
Promotional emails are sent only with explicit consent (opt-in), not pre-selected and separate from service registration. Consent can be revoked at any time through the unsubscribe link in every email or by contacting the data controller.
4. Nature of data provision
Providing required data is necessary for registration and use of the platform.
5. Data sources
Data is mainly collected from the account holder and/or entered directly by the user.
6. Recipients and processors
- Supabase (database/authentication and related hosting).
- Stripe (payments and subscriptions).
- Resend (transactional emails and, with consent only, promotional/onboarding marketing emails).
- PostHog (product analytics/telemetry, where configured).
- Other cloud, email, and monitoring providers strictly necessary to operate the service.
7. Transfers outside the EEA
If transfers outside the EEA occur, the controller applies appropriate safeguards pursuant to GDPR Articles 44 et seq.
8. Data retention
- Account data: for the duration of the account and subsequent legal obligations.
- Sports data: until user deletion or termination of the relationship.
- Billing data: according to applicable civil/tax retention terms.
9. Data subject rights
Rights under GDPR Articles 15-22: access, rectification, erasure, restriction, portability, and objection.
Requests: info@traincore.it.
10. Complaint to supervisory authority
You retain the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it).
11. Third-party data and user responsibility
Users entering data about athletes/collaborators guarantee an appropriate legal basis and information notice.
12. Minors
If used for minors’ athlete data, the professional user guarantees compliance with applicable law.
13. Changes
The controller may update this Privacy Policy with communication through platform and/or appropriate channels.