Keeping Your Data Safe: Biometric Lock and Security

Your fitness app knows a lot about you. It tracks your workouts, your body measurements, your nutrition, your sleep patterns, and your location during runs. That is sensitive personal data, and it deserves serious protection. TRL/Active is built with multiple layers of security to ensure your information stays private and under your control.

Biometric App Lock

TRL/Active supports biometric authentication as an app lock. On iPhone, this means Face ID or Touch ID. On Android, it uses your device's fingerprint sensor or face unlock. When enabled, the app requires biometric verification every time you open it.

This is especially important if you share a device with family members or if you are concerned about someone picking up your unlocked phone and accessing your health data. The biometric lock adds a personal gate that only you can pass through.

Enabling it takes just a few taps. Go to Settings, find the Privacy and Security section, and toggle on biometric lock. From that point forward, every app launch prompts for your face or fingerprint before showing any content.

If biometric authentication fails or is unavailable, the app falls back to your device passcode. This ensures you are never locked out of your own data while still maintaining a strong security barrier against unauthorized access.

Encrypted Storage

Your authentication tokens and sensitive session data are stored using encrypted local storage on your device. On iOS, TRL/Active uses the Keychain, Apple's hardware-backed secure storage system. On Android, the app uses the EncryptedSharedPreferences API backed by the Android Keystore.

This means that even if someone gained access to your device's file system, they could not extract your login credentials or session tokens. The encryption keys are tied to your device's secure hardware and cannot be exported.

TLS Certificate Pinning

Every network request TRL/Active makes to its servers uses HTTPS with TLS encryption. But TRL/Active goes a step further with certificate pinning. This technique hardcodes the expected server certificate into the app, so even if a malicious actor somehow obtained a valid TLS certificate for the domain, the app would reject the connection.

Certificate pinning protects against man-in-the-middle attacks, where an attacker intercepts traffic between your device and the server. This is particularly relevant when you are using public Wi-Fi at a gym or coffee shop, which are common scenarios for fitness app users.

Database-Level Security

On the server side, TRL/Active uses Row Level Security (RLS) policies on its database. RLS ensures that every database query is scoped to the authenticated user. Even if there were a bug in the application code, the database itself enforces that you can only read and write your own data.

This is not just a single layer of application logic checking permissions. It is a database-enforced constraint that cannot be bypassed by the application. Your workout plans, nutrition logs, body measurements, and progress data are isolated at the lowest level of the system.

Privacy Controls

TRL/Active gives you granular control over your data through the Privacy Settings screen. From there you can:

• Toggle biometric lock on or off.
• Manage data sharing preferences for any connected services.
• Review what data is stored and request a full export of your information.
• Delete your account and all associated data permanently if you choose to leave the platform.

These controls exist because we believe your data belongs to you, not to us and certainly not to advertisers.

No Selling of User Data

TRL/Active does not sell, rent, or share your personal data with third-party advertisers or data brokers. Period. The business model is built on subscriptions, not on monetizing your information. Your workout history, nutrition data, body metrics, and location data are used exclusively to power your coaching experience.

This is not buried in page 47 of a terms of service document. It is a core principle of how the product is built. We collect only the data necessary to deliver the coaching experience, and we protect it with the same seriousness that you would expect from a health care application.

Your trust is the foundation of this product. Every security decision, from biometric locks to certificate pinning to RLS policies, is made with one goal: keeping your data safe so you can focus on your training.