12 Week Cut12 Week Cut

Privacy Policy

Last updated: 30 April 2026

This is the privacy policy for 12 Week Cut, an online coaching programme operated by Ciaran O'Shea (sole trader, trading as O'Shea Fitness). I'm the data controller. For any data-related questions you can email me at coachciaran@osheafitness.co.uk or WhatsApp 07432 687011 (please allow up to 48 hours for a reply during busy periods).

What data I collect

When you sign up I collect:

  • Your name and email
  • A password you choose (stored encrypted; I cannot see it)
  • Your sex, age, and height (for protocol calculations)
  • Your starting weight, activity level, and cardio preference

Each week during the programme I collect:

  • Your current body weight
  • Weekly progress photos (front, side, back)

Your photos won't be used anywhere outside the programme (e.g. in marketing or social media) without your specific permission first.

Payment information (card details) is collected by Stripe directly. I never see or store your card number.

If you join the waitlist before the programme opens, I collect your email only.

Why I collect it

  • To deliver the programme you signed up for (your protocol calculations, weekly adjustments, and progress tracking)
  • To take payment for the programme
  • To send you operational messages (your weekly adjustments, account confirmation)
  • To comply with my tax and accounting obligations

The lawful basis for most of this is contract performance. I need this data to run the programme you've paid for.

If you opt in to marketing emails (waitlist or programme updates), I send those on the basis of your consent, which you can withdraw any time by replying "unsubscribe".

Who else sees it

I use these companies as data processors:

  • Supabase · securely stores your account and programme data
  • Stripe · processes your payment
  • Anthropic · powers the AI feedback text in the dashboard (your weekly adjustment summary)
  • Mailchimp · handles email lists (only if you opted in)

Some of these providers are based in the United States. Where data is transferred outside the UK, I rely on standard contractual clauses or equivalent safeguards approved by the UK ICO.

I never sell your data and never share it with third parties for advertising.

How long I keep it

While your account is active and for 12 months after you stop using it. I keep payment records longer (6 years) where HMRC requires me to.

You can request deletion at any time by emailing me. See "Your rights" below.

Your rights

Under UK GDPR you have the right to:

  • Get a copy of the data I hold on you
  • Have inaccurate data corrected
  • Have your data deleted (subject to my legal obligations to keep payment records)
  • Restrict or object to how I use your data
  • Receive your data in a portable format
  • Withdraw consent for marketing at any time

To exercise any of these, email coachciaran@osheafitness.co.uk and I'll respond within 30 days.

If you're not happy with how I've handled your data, you can complain to the Information Commissioner's Office at ico.org.uk.

Cookies

The app uses one essential cookie to keep you signed in. There are no tracking, advertising, or analytics cookies.

Children

The programme is intended for adults aged 18 and over. I don't knowingly collect data from minors.

Changes

If I update this policy I'll change the date at the top. If the change is significant, I'll email registered users.