Skip to main content

Privacy Policy

Last updated: 31 March 2026

1. Who We Are

Marcus Neal Fitness (“we”, “us”, “our”) is a personal training service operated by Marcus Neal. The platform is developed and maintained by Crystallized Intelligence, an AI consultancy based in Luxembourg.

For the purposes of the EU General Data Protection Regulation (GDPR):

Data Controller
Marcus Neal Fitness
Contact email: info@marcusnealfitness.com
Data Processor / Platform Operator
Crystallized Intelligence S.a r.l.
Luxembourg
Contact email: aisling@crystallized.lu

For general enquiries about your data, contact Marcus Neal Fitness. For technical questions about how your data is processed or to submit a data protection request, you may also contact Crystallized Intelligence directly.

2. What Data We Collect

We collect and process the following categories of personal data when you use the Marcus Neal Fitness platform:

2.1 Account & Identity Data

  • Full name
  • Email address
  • Profile avatar (if uploaded)

2.2 Fitness & Health Data

When you complete the intake form and update your profile, we collect information including:

  • Age range, gender
  • Weight, height
  • Fitness level, training history, and training style preferences
  • Primary and secondary fitness goals, goal deadlines, and motivators
  • Injuries, health conditions, disabilities, and exercises to avoid
  • Pregnancy or postpartum status (where voluntarily provided)
  • Available equipment, training location, session length, and days per week
  • Cardio preferences, warm-up/cool-down preferences
  • Any additional notes you choose to share (e.g. “my knees are sore today”)
Special category data: Some of the information above (health conditions, injuries, pregnancy status) qualifies as “special category” data under Article 9 of the GDPR. We process this data solely on the basis of your explicit consent, which you provide when you agree to data processing during the intake form.

2.3 Workout & Engagement Data

  • Generated workout plans and exercise assignments
  • Workout completion reports and feedback
  • Pre-workout check-in notes (free-text)
  • Points, streaks, and leaderboard scores

2.4 Macro Tracking Data

  • Screenshots of your food diary (from MyFitnessPal or similar apps)
  • Manually entered macro values (calories, protein, carbohydrates, fat)
  • Macro target information

2.5 Technical Data

  • Your email address as used for authentication
  • Basic session and request data generated when you interact with the platform

2.6 Access Control & Audit Data

Access to the platform is by invitation only. When Marcus adds your email to the approved-email list we store:

  • The date and time of the invitation
  • The administrator who issued it
  • An optional free-text note written by the administrator
  • The dates of any invite resends, account activation, or revocation

We also maintain an audit log of administrative actions (invitations, revocations, profile edits, plan regeneration, workout-report replies). Audit records include the actor, a timestamp, and the request IP. They are retained for as long as the related account exists and are anonymised (replacing the email with “<deleted>”) on right-to-erasure requests.

2.7 Payment & Subscription Data

We store the plan you have chosen, your current subscription status, the date of your most recent successful payment, and your next billing date. We do not store card numbers or other payment instrument data — those are handled by our payment processor (Revolut Business). We also retain an immutable log of payment events received from the processor (event ID, type, amount, currency) to reconcile billing and to prevent duplicate charges.

3. How We Use Your Data

We use your personal data for the following purposes:

PurposeLegal Basis (GDPR)
Creating and managing your accountPerformance of a contract (Art. 6(1)(b))
Generating custom workout plans based on your profilePerformance of a contract (Art. 6(1)(b))
Modifying workouts in real time based on your pre-workout notesPerformance of a contract (Art. 6(1)(b))
Processing health data (injuries, conditions, pregnancy) to ensure safe workoutsExplicit consent (Art. 9(2)(a))
Analysing macro tracking screenshots to extract nutritional dataExplicit consent (Art. 9(2)(a))
Displaying your display name, avatar image, and score on the opt-in leaderboardConsent (Art. 6(1)(a))
Sending you notifications about your workout plansPerformance of a contract (Art. 6(1)(b))
Notifying your coach (Marcus) about plan status and workout reportsLegitimate interest (Art. 6(1)(f))
Improving the platform and AI-generated workout qualityLegitimate interest (Art. 6(1)(f))

4. AI-Powered Processing

Marcus Neal Fitness uses artificial intelligence to generate custom workout plans, modify daily workouts based on your feedback, classify exercises, and analyse macro tracking screenshots. These AI operations are provided by Mistral AI, a company based in France.

When AI processes your data:

  • Your fitness profile information is sent to Mistral AI's API to generate your workout plan
  • Pre-workout check-in notes are sent to Mistral AI to modify your daily workout
  • Macro tracking screenshots are sent to Mistral AI for optical character recognition (OCR) to extract nutritional values

No automated decisions are made that produce legal effects or similarly significantly affect you. All AI-generated workout plans are designed based on your trainer's methodology and exercise library. You always have the ability to report issues with a workout and have it regenerated.

5. Who We Share Your Data With

We share your personal data only with the following categories of recipients, all of whom act as data processors on our behalf or have their own lawful basis for processing:

RecipientPurposeLocation
ScalewayPlatform hosting, data storage, and infrastructureFrance (EU)
Mistral AIAI-powered workout generation, exercise classification, and macro screenshot analysisFrance (EU)
BrevoSending email notifications to you and your coachFrance (EU)
Revolut Business (when active)Payment processing and invoicingEU (Lithuania / UK)

Where data is transferred to processors located outside the European Economic Area (EEA), we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the processor's participation in an adequate data protection framework.

We do not sell your personal data to any third party. We do not share your data with advertisers.

6. How Long We Keep Your Data

We retain your personal data for as long as you have an active account with Marcus Neal Fitness. Specifically:

  • Account and profile data: Retained until you request deletion or your account is closed
  • Workout plans and exercise data: Retained for the duration of your membership to allow you to review past workouts
  • Macro tracking screenshots: Retained for the current membership period; screenshots are used for OCR processing and point calculation, and can be deleted upon request
  • Workout reports and feedback: Retained for the duration of your membership

After your account is closed or you request deletion, we will delete or anonymise your personal data within 30 days, unless we are required by law to retain it for longer.

7. Your Rights

Under the GDPR, you have the following rights:

  • Access: You can request a copy of all personal data we hold about you.
  • Rectification: You can update your profile information at any time through the app, or ask us to correct any inaccuracies.
  • Erasure: You can request that we delete all of your personal data. We will do so within 30 days unless there is a legal obligation to retain it.
  • Restriction: You can ask us to restrict processing of your data in certain circumstances.
  • Portability: You can request your data in a structured, commonly used, machine-readable format.
  • Objection: You can object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at info@marcusnealfitness.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. For Luxembourg, this is the Commission nationale pour la protection des données (CNPD) cnpd.public.lu.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS) for all communications between your browser and our platform
  • Authentication-gated access to your personal data within the platform
  • JWT-based authentication and API secret verification on all backend endpoints to prevent unauthorised access
  • Prompt injection safeguards to protect AI processing pipelines
  • Client-side image compression before transmission of macro screenshots
  • Access to your data is limited to your coach (Marcus Neal) and the platform operator (Crystallized Intelligence)
  • All data is stored on EU-based infrastructure (Scaleway, France) ensuring EU data residency

9. Children

Marcus Neal Fitness is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. If we make material changes, we will notify you via email or through the platform.

Terms & Conditions | Cookie Policy