Data Processing Policy for Momentum
By using our app and/or website, you consent to our terms listed below
- Effective Date: 1st May 2026
- Version 1.0.0
- Download as PDF
On this page
1. Introduction and Roles
This Data Processing Policy (“DPA” or “Policy”) forms part of the Momentum Terms of Service and governs the processing of personal data by AMNOVA LIMITED (“Company”, “we”, “us”, or “our”) on behalf of the Personal Trainers (“PTs” or “you”) using the Momentum mobile application, websites, and associated services (the “Platform”).
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:
The Personal Trainer (PT) acts as the Data Controller. You determine the purposes and means of processing your clients’ personal data.
AMNOVA LIMITED acts as the Data Processor. We process your clients’ personal data only on your behalf and in accordance with your instructions as facilitated through the use of the Platform.
2. Scope and Nature of Processing
We process personal data solely to provide the Platform’s features, including user account management, workout assignment, progress tracking, and communications. The types of data processed include identity, contact, financial, and special category health/biometric data as determined and submitted by you and your clients.
3. Controller Obligations and Absolute Absolution of Liability
As the Data Controller, you are entirely responsible for the lawfulness of the data you collect and input into the Platform.
Consent and Legal Basis: You warrant that you have obtained explicit, documented, and legally valid consent from your clients before uploading or directing them to upload any personal, biometric, or health-related data to the Platform.
Zero Liability for Data Accuracy: AMNOVA LIMITED takes no liability whatsoever for any false, inaccurate, incomplete, or unlawful information provided by PTs or their clients. We do not verify or audit the data inputted into the Platform.
Complete Absolution: You explicitly agree that AMNOVA LIMITED is completely absolved of any and all responsibility, liability, or legal repercussion arising from the accuracy, nature, or legal standing of the data you or your clients choose to store on the Platform.
4. Processor Obligations
As the Data Processor, AMNOVA LIMITED agrees to:
Process personal data only on documented instructions from you (which includes the standard operation of the Platform and adherence to our Terms of Service).
Ensure that persons authorised to process the personal data have committed themselves to confidentiality.
Assist you, taking into account the nature of the processing, by appropriate technical and organisational measures, to respond to requests for exercising data subject rights.
5. Technical and Organisational Measures (TOMs)
We implement robust security measures to protect personal data against unauthorised or unlawful processing and accidental loss, destruction, or damage. These measures include:
Encryption: Data encryption in transit (via SSL/TLS) and at rest.
Authentication: Strict user verification using JWT (JSON Web Token) authentication protocols.
Backups: Regular automated backups to prevent data loss.
Access Control: Restricted, role-based access control for AMNOVA LIMITED staff, ensuring only essential personnel can access underlying infrastructure.
Security Testing: Routine penetration testing and vulnerability assessments.
6. Sub-Processors
You provide general authorisation for us to engage third-party sub-processors to deliver the Platform’s functionality. Our current approved sub-processors are:
Stripe, Google, Apple, PayPal (Payment and app processing)
Brevo, Email Octopus (Transactional and marketing communications)
WordPress, Hostinger, PMSuite (Infrastructure and business operations)
Changes to Sub-Processors: We will notify you of any intended changes concerning the addition or replacement of sub-processors by updating the list on our website. You will have a period of thirty (30) days to object to such changes. If you object, your sole recourse is to terminate your subscription and cease using the Platform.
7. Data Breach Notification
In the event of a personal data breach affecting your clients’ data, AMNOVA LIMITED will notify you without undue delay and no later than 72 hours after becoming aware of the breach. We will provide you with sufficient information to allow you to meet any obligations to report or inform affected data subjects and the Information Commissioner’s Office (ICO).
8. Data Deletion and Return
Upon termination of your account or subscription, AMNOVA LIMITED will, at your choice, delete or return all personal data to you, and delete existing copies unless UK law requires the continued storage of the personal data (e.g., for financial auditing purposes), as further detailed in our Privacy Policy.
9. Limitation of Liability
Our liability arising out of or related to this Data Processing Policy is strictly subject to the financial cap outlined in the Momentum Terms of Service. To the maximum extent permitted by law, AMNOVA LIMITED’s total aggregated liability to you for any data processing failures, breaches, or claims shall not exceed the total amount you paid to us in the three (3) months preceding the event giving rise to the claim.
10. Governing Law and Jurisdiction
This Policy and any disputes or claims arising out of or in connection with its subject matter or formation shall be governed by and construed in accordance with the laws of England and Wales, subject to the exclusive jurisdiction of the courts of England and Wales.
Contact Us
For any queries, you can contact the relevate team on the details below: