ZON hybrid training tracker logo
Start now
← Back

Privacy Policy

Last Updated: May 13, 2026

Introduction

Your privacy is important to us. This Privacy Policy explains how Zon ("we", "our", or "us") collects, uses, discloses, and protects personal information when you use:

  • Our mobile application for iOS (the "App"), including optional companion experiences such as Apple Watch features and widgets where available; and
  • Our website and web application operated under justzon.com and related subdomains (the "Site"), including coach dashboards, athlete-facing pages, checkout flows, and authenticated areas.

Together, the App and the Site are referred to as the "Services". We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies.

If you do not agree with this Policy, please do not use the Services.

Information We Collect

Account and profile information

  • Identifiers and contact: email address, username, display name, profile photo, authentication identifiers managed through our auth provider.
  • Role and onboarding: whether you use the Services primarily as an athlete or as a coach, and information you provide during onboarding or profile setup.

Fitness, training, and health-related information

  • Workout and training data: exercise sessions, programs, templates, sets, repetitions, weights, duration, notes, performance metrics, and related logs (including voice or imported content you choose to submit for parsing).
  • Body metrics: measurements such as weight and height where you provide them (used for personalization and AI-assisted features).
  • Optional route / location data: if you enable GPS-related workout features for cardio or running sessions, we may collect or process location or route information associated with a workout session.
  • Apple Health (HealthKit) — iOS only: if you choose to connect Apple Health, we may access categories you authorize (for example workouts, activity, or body measurements), strictly as permitted by Apple's HealthKit terms and your device permissions.

HealthKit — We do not use or disclose HealthKit-derived data for advertising, marketing, or use-based data mining unrelated to providing health, fitness, or wellness functionality in the App. HealthKit data is used to support your fitness experience within the Services as you direct.

Social and community data

  • Community content: posts, comments, reactions, follows, tribe or group membership, and other social interactions.
  • In-app messaging: direct messages (text and images) exchanged between coaches and athletes, and conversation metadata necessary to deliver the messaging feature.

Coach–athlete and marketplace-related data

  • Coach profiles and offerings: public or semi-public coach profile information, descriptions, and coaching offers you create.
  • Relationships and subscriptions: coach–athlete relationships, subscription or billing status associated with coach offers, and related records needed to operate coaching programs.
  • Payments metadata: when you pay through our flows, our payment processors receive transaction information (we do not store full payment card numbers on our servers).

Gamification and product analytics

  • Gamification: experience points, levels, achievements, duels or challenges, and related progression data.
  • Usage and diagnostics: feature usage, interactions, app version, device type, and crash or performance diagnostics as collected by the App, the Site, or our hosting providers.

Information collected automatically (web)

  • Technical data: IP address, browser type, device identifiers where available, pages viewed, and referring URLs.
  • Cookies and similar technologies: the Site uses cookies for authentication, security, and preferences. In accordance with GDPR, analytics cookies (PostHog) are only activated after your explicit consent via our cookie consent banner. You can update your preferences at any time.

How We Use Your Information

We use personal information to:

  • Provide and operate the Services: accounts, training logs, programs, community features, in-app messaging, coach tools, and public or shared surfaces you choose to use.
  • Process payments: facilitate coach SaaS billing and athlete payments to coaches through our payment partners.
  • AI-assisted features: generate coaching-style insights, chat replies, summaries, import parsing, weekly reports, and similar outputs using automated systems (see AI Processing below).
  • Notifications: send push, email, or in-product notices you request or that are important to the Services, subject to your settings and applicable law.
  • Security and integrity: detect abuse, fraud, spam, and unauthorized access; enforce our terms; and protect users and the platform.
  • Improve the Services: understand usage in aggregate or pseudonymous form to improve reliability, features, and user experience.
  • Comply with law: meet legal, regulatory, or contractual obligations.

AI Processing

Certain features send portions of your content or activity (for example workout summaries, chat messages you send to automated coaching tools, or files you import) to third-party AI providers operated by Google (Gemini). In limited failure scenarios, OpenAI may be used as a fallback model provider.

We design many AI flows to minimize unnecessary personal data in prompts. Automated outputs may be inaccurate; they are informational and not a substitute for professional advice (see Medical Disclaimer).

We do not sell your personal information. AI providers process data under their roles as subprocessors to deliver the feature you invoked, subject to our agreements and their policies.

Data Storage and Security

Where data is processed

We use Supabase and related cloud infrastructure to host databases, authentication, file storage, and server-side logic. Data may be processed in the European Union and, depending on providers or subprocessors, in other regions where they operate. When data is transferred outside the EEA, we rely on appropriate safeguards where required (such as standard contractual clauses).

Security measures

  • Encryption in transit (HTTPS/TLS) for client–server communication
  • Access controls and authentication
  • Hardening and monitoring practices consistent with our hosting environment

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Data Sharing

We do not sell your personal information. We may share information only as follows:

  • Service providers (subprocessors) who assist in operating the Services, including:
    • Supabase — database, authentication, storage, realtime, and server-side functions
    • Stripe — payments, billing, and Stripe Connect for coach payouts (where used)
    • RevenueCat — in-app subscription status and entitlements on iOS (where used)
    • Google (Gemini) and, where applicable, OpenAI — AI inference for automated features
    • PostHog — product analytics on web (only after GDPR consent)
    • Resend (or comparable providers) — transactional email
    • Apple — App Store purchases, Sign in with Apple (if enabled), push notifications, and HealthKit strictly under Apple's rules
  • Legal and safety: to comply with law, regulation, legal process, or governmental requests; to enforce our policies; or to protect rights, safety, and security.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and continuity safeguards.
  • With your direction: when you choose to share content publicly, with another user, or with a coach or organization you join.

A coach you work with may see athlete-related data needed to deliver coaching, consistent with product behavior and permissions.

Your Rights (GDPR and Similar Laws)

Where the GDPR or comparable laws apply, you may have the right to:

  • Access personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase data in certain circumstances
  • Restrict processing in certain circumstances
  • Object to certain processing (including direct marketing, where applicable)
  • Data portability for data you provided, where technically feasible
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

Exercising your rights

You can access, correct, or delete much of your information directly in the App or the Site. Account deletion is available in the App on iOS and Android via Settings → Danger Zone → Delete Account, subject to legal retention exceptions.

For other requests (including data export), contact us at support@justzon.com. We may need to verify your identity before fulfilling certain requests.

Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account, we delete or anonymize personal data within a reasonable period (typically up to 30 days), except where retention is required by law or legitimate interests (for example security logs or unresolved payment disputes).

Children's Privacy

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under that age. If you believe we have collected such information, contact support@justzon.com and we will take appropriate steps to delete it.

Medical Disclaimer

The Services, including AI-assisted features, provide fitness and wellness information for educational and motivational purposes only. They are not medical devices and do not replace professional medical advice, diagnosis, or treatment. Always consult a qualified health professional regarding medical questions.

International Users

If you access the Services from outside the European Union, your information may be processed in the EU or other countries where we or our providers operate, as described above.

Third-Party Links and Services

The Services may link to third-party websites or integrations. Their privacy practices are governed by their own policies. Stripe, Apple, and other payment or platform providers process certain data under their own terms when you use their flows.

Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date above and, where appropriate, provide additional notice (for example in the App, on the Site, or by email). Continued use after the effective date of changes constitutes acceptance of the updated Policy where permitted by law.

Data Protection Contact

For privacy-related questions or to exercise your rights:

Email: support@justzon.com