PeakJuan · Home · Privacy

Privacy notice

Last updated 12 May 2026.

The short version

PeakJuan is a coaching platform. Your coach can see what you log; PeakJuan staff can see it only for support. We store everything in Singapore. You can download or delete your data at any time.

What we collect

  • Account basics: name, email, and (optional) phone number.
  • Coaching content: programs and exercises you build, workouts you assign or complete.
  • Workout logs: sets, reps, weights, RPE, rest, and any notes you write during a session.
  • Subscription info: package picked, payment reference you submitted (a screenshot or transaction ID — we don't handle the money itself).
  • Technical: server logs (IP, browser, error traces) for debugging. No third-party ad tracking.

Where it lives

All personal data is stored in Supabase's ap-southeast-1 (Singapore) region. Payments themselves move through your coach's personal GCash, Maya, or bank account — PeakJuan never sees the money or holds your card.

Who can see your data

  • Your coach sees your programs, logs, and comments you address to them.
  • PeakJuan's founder can access data only when needed for support, security review, or debugging — and each access leaves an audit trail.
  • Other coaches and clients never see your data. Multi-tenant isolation is enforced at the database level.

How long we keep it

While your account is active, we keep everything you've created. If you delete your account, your personal data is removed within 30 days. Compliance records (audit events, payment references) are retained for up to 5 years where required by Philippine tax and consumer law, but they don't identify you personally after deletion.

Third parties

We work with these services. Each only sees what they need:

  • Supabase — hosts the database, auth, and file storage. Singapore region.
  • Resend — sends transactional email (magic links, invites, password reset). Sees the recipient's email and the email body only.
  • OpenAI — used for AI program drafting. We strip names, emails, and phone numbers from prompts before sending; OpenAI never sees identifying data.
  • Vercel — hosts the application. Sees request metadata (IP, URL, user agent) for routing.
  • Sentry & PostHog — error tracking and product analytics. Sensitive fields are scrubbed before sending.

Your rights

Under the Philippines Data Privacy Act of 2012 (RA 10173), you can:

  • Download your data — head to Settings → Data & privacy → Download my data.
  • Correct your data — most fields are editable in the app; for anything you can't reach, email us.
  • Delete your account — Settings → Delete account. Takes effect within 30 days.
  • Complain — to privacy.gov.ph if you think we're mishandling your data.

Contact

Email privacy@peakjuan.com for any DPA request or question. We aim to respond within 5 business days.

Changes

If we change anything material, we'll email all active users and update the date at the top of this page. Continued use of PeakJuan after a change means you accept the updated notice.