90-Day Client Journey

Progress photos: consent, privacy, and the 30-photo cap

Progress photos are powerful for client motivation but they are also sensitive data. The journey treats them carefully by default.

Consent first. A client cannot upload a journey photo until they have given explicit consent on their waiver. The waiver question is plain English: *"Are you happy for your trainer to see and store your progress photos as part of your 90-day journey?"*. They can revoke consent later from their profile.

Privacy by design:

• Location data (EXIF GPS) is stripped from every photo before we save it • Photos are stored in a private storage bucket. Public links do not work. • The trainer-side and client-side views generate signed URLs that expire after one hour. Even if a link is shared, it stops working. • 30 photos per client cap, enforced atomically so concurrent uploads cannot exceed the cap • Photos belong to the client. If they revoke consent or close their account, their photos go with them.

The standard four poses:

• Front, side (left or right), back • "Other" for any context shot the client wants in the gallery

What appears where:

• Client portal: full gallery on their journey page, plus the celebration screen on Day 90 • Trainer side: thumbnails on the journey detail, signed URLs only on tap

What we never do:

• No public CDN URLs • No analytics on the photo content • No AI inspection of the photos for body composition (the journey AI summary uses logger numbers, not photos)

Related Resources

Ready to implement these strategies?

Join thousands of trainers using BuildStability to automate engagement tracking and prevent churn.

Start Your Free Trial