Legal

Privacy Policy

Last updated: May 26, 2026 | Questions? Contact us

Who We Are

This Privacy Policy applies to TrainWithSham.com (“we,” “us,” or “our”), operated by TrainWithSham. We are the data controller responsible for the personal information collected through this website and its associated services, including workout guides, online coaching, and the free macro calculator.

For all privacy-related enquiries, requests, and complaints, you can contact us at contact@trainwithsham.com or through our Contact page. We aim to respond to all requests within 30 days.

What This Policy Covers

This policy explains what personal data we collect about you, why we collect it, the legal basis on which we rely, how long we keep it, who we share it with, and what rights you have in relation to it.

It applies to all data collected through the Site, including when you browse our pages, purchase a workout guide, apply for coaching, use the free macro calculator, subscribe to our mailing list, or contact us directly.

Cookies and tracking technologies used on this Site are covered separately in our Cookie Policy. Please read both documents to understand how we handle your information.

The Data We Collect

Information You Provide Directly

We collect personal information that you actively give us through forms and interactions on the Site:

  • Contact form — your name, email address, and the content of your message
  • Mailing list signup — your email address and name where provided
  • Coaching application form — your name, email address, phone number, training experience, fitness goals, and any additional information you choose to share
  • Purchase checkout — your name, email address, and billing information processed by Stripe

Information Collected Automatically

When you visit the Site, certain technical data is collected automatically by our analytics tools. This may include your approximate geographic location (country or city level), browser type and version, device type, operating system, pages visited, time spent on pages, and the source of your visit. This data is anonymised and aggregated and does not identify you as an individual. See our Cookie Policy for full details.

Macro Calculator

The macro calculator on this Site processes the information you enter, including age, weight, height, activity level, and goal, to calculate your estimated calorie and macronutrient targets. This calculation is performed in your browser. We do not store, log, or transmit the values you enter into the calculator to our servers or to any third party.

Payment Information

We do not store, process, or have access to your payment card details at any point. All payment processing is handled entirely and securely by Stripe. We receive only a transaction confirmation, order reference, and the email address associated with the purchase. Stripe’s full privacy policy is available at stripe.com/privacy.

Communications

If you contact us by email or through our contact form, we retain the content of that correspondence, including your name, email address, and the details of your enquiry, for the purposes of responding and maintaining a record of our communications.

Why We Collect Your Data and Our Legal Basis

We only collect and process data where we have a lawful basis to do so. Under the General Data Protection Regulation (GDPR), the bases we rely on are as follows:

Contract

Where you have purchased a product or enrolled in coaching, we process your data to fulfill our contractual obligations to you. This includes delivering your digital product, communicating with you throughout a coaching engagement, and sending transactional emails such as order confirmations and download links.

Legitimate Interests

We process certain data on the basis of our legitimate interests in operating and improving our business, provided those interests do not override your rights. This includes responding to enquiries submitted through our contact form, retaining records of communications for business continuity, and using anonymised analytics data to understand how the Site is used and where it can be improved.

Consent

Where we send marketing communications, including newsletters, new product announcements, and promotional content, we do so only on the basis of your explicit consent given at the point of signup. You may withdraw this consent at any time without affecting the lawfulness of any processing that took place before withdrawal.

Legal Obligation

We may retain and process certain data, including transaction records, to comply with applicable legal, tax, and financial obligations.

Email Communications and Marketing

If you subscribe to our mailing list, your name and email address are stored on our self-hosted email marketing platform. Marketing and newsletter emails are delivered through Postmark, a transactional email delivery service. Your data is not shared with any third-party marketing platform or advertising network.

Every marketing email we send includes a clearly visible unsubscribe link. You can opt out at any time by clicking that link or by contacting us directly at contact@trainwithsham.com. Opting out of marketing emails does not affect transactional emails related to purchases you have made.

If you purchase a product, we may send you transactional emails related to your order, such as your download link and receipt. These are not marketing emails and are sent regardless of your marketing preferences.

Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share it only with the following third-party processors, strictly to the extent necessary to operate the Site and deliver our services:

  • Stripe — payment processing. Stripe operates under its own privacy policy and is PCI DSS compliant. We share only what is required to process your transaction.
  • Postmark — transactional and marketing email delivery. Postmark receives your email address and name to facilitate email sending on our behalf.
  • Nahnu Media — website hosting and infrastructure. Nahnu Media hosts the Site on servers located within the European Union and processes your data only as directed by us under a data processing arrangement.

All third-party processors are required to handle your data securely and in accordance with applicable data protection law. We do not authorise any processor to use your data for their own purposes.

We may also disclose your personal data if required to do so by law, court order, or regulatory authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of TrainWithSham, our clients, or the public.

Where Your Data is Stored and Transferred

Your personal data is stored on servers located within the European Union, managed by Nahnu Media. We have taken steps to ensure that appropriate safeguards are in place for any transfers of data to third-party processors located outside the EU, in accordance with GDPR transfer requirements.

By using this Site and submitting your information, you acknowledge that your data may be processed by third-party services operating in multiple jurisdictions as described in this policy.

How Long We Keep Your Data

We retain your personal data for as long as is necessary to fulfill the purposes for which it was collected. We do not apply a fixed universal deletion schedule, as the appropriate retention period varies depending on the nature of the data and the purpose for which it was collected:

  • Purchase records — retained indefinitely for accounting, legal, and business continuity purposes
  • Coaching records — retained indefinitely as part of our client history
  • Contact and enquiry correspondence — retained indefinitely as part of our communications history
  • Mailing list records — retained until you unsubscribe or request deletion
  • Analytics data — anonymised and aggregated; individual session data is not retained

If you would like to request a review or deletion of your personal data, please contact us at contact@trainwithsham.com. We will assess your request in line with our legal obligations and may need to retain certain records even after a deletion request where there is a lawful basis to do so.

Automated Decision-Making

We do not use your personal data for any automated decision-making or profiling that produces legal or similarly significant effects on you.

Data Security

We take reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Encrypted connections (HTTPS) across the entire Site
  • Secure EU-based hosting with restricted server access
  • Payment processing handled entirely by PCI DSS-compliant Stripe — we never handle raw card data
  • Access to personal data limited to authorised personnel only

Despite these measures, no system is entirely immune from risk. We cannot guarantee absolute security and accept no liability for breaches resulting from circumstances beyond our reasonable control. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by applicable law.

Your Rights

If you are located in the European Union or United Arab Emirates, data protection law gives you the following rights in relation to your personal data. To exercise any of these rights, contact us at contact@trainwithsham.com.

  • Right of access — you can request a copy of the personal data we hold about you, along with information about how it is used
  • Right to rectification — you can ask us to correct any inaccurate or incomplete personal data we hold about you
  • Right to erasure — you can request that we delete your personal data where there is no longer a lawful basis for us to hold it, subject to any legal obligations that require us to retain it
  • Right to restriction of processing — you can ask us to pause processing of your data in certain circumstances, for example while a dispute is being resolved
  • Right to data portability — where processing is based on consent or contract, you can request a copy of your data in a structured, machine-readable format
  • Right to object — you can object to processing carried out on the basis of legitimate interests, including direct marketing. We will stop unless we have compelling grounds to continue
  • Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal

We will respond to all verified requests within 30 days. We may need to confirm your identity before acting on a request. In complex cases we may extend this period by a further 60 days and will inform you if this applies.

Children’s Privacy

This Site is intended for users aged 18 and over. We do not knowingly collect or process personal data from anyone under the age of 18. If you are a parent or guardian and believe your child has submitted personal data through this Site, please contact us immediately at contact@trainwithsham.com and we will take prompt steps to delete it.

Third-Party Links

This Site may contain links to third-party websites, including social media platforms and partner services. Once you leave this Site, this Privacy Policy no longer applies. We are not responsible for the privacy practices of any third-party site and encourage you to read their privacy policies before providing any personal information.

Social Media

We maintain a presence on Instagram at @sham.abdoo. If you interact with us through social media, any data you provide is subject to the platform’s own privacy policy and terms. We do not control how social media platforms collect or use your data.

Cookies

We use cookies and similar technologies on this Site. For a full explanation of what cookies we use, why we use them, and how you can manage your preferences, please visit our dedicated Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The “Last updated” date at the top of this page reflects the most recent revision. Where changes are significant, we will take reasonable steps to notify you. Continued use of the Site following any update constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

How to Complain

If you have a concern about how we have handled your personal data and we have not resolved it to your satisfaction, you have the right to lodge a complaint with a supervisory authority.

If you are based in the EU, you can contact your local data protection authority. A directory of EU supervisory authorities is available at edpb.europa.eu.

If you are based in the UAE, you can contact the UAE Data Office at uaedataoffice.ae.

We would always appreciate the opportunity to resolve any concern directly before a formal complaint is made, so please do not hesitate to contact us first at contact@trainwithsham.com.