Privacy Policy

Effective Date: January 2025
Last Updated: May 2026

Mind and Muscle, Inc. ("Mind & Muscle," "we," "us," or "our") operates the Mind & Muscle mobile application and website at mindandmuscle.ai. This Privacy Policy describes how we collect, use, share, retain, and delete your personal information.

1. Information We Collect

Personal Information:

• Name, email address, phone number, date of birth
• Athletic profile (position, sport, jersey number)
• Performance data (workouts, goals, progress)
• Team communications and messages

Automatically Collected:

• Device information and identifiers
• Usage data and app interactions
• General location (if enabled by you)

2. How We Use Your Information

• Provide and maintain the Service
• Create and manage your account
• Deliver personalized training recommendations
• Enable team communication features
• Send notifications about progress and team activities
• Improve the Service through analytics

3. Information Sharing

With Your Consent:

• Team Members: Basic profile information
• Coaches: Performance data when you share goals
• Parents: Progress reports when explicitly shared

Service Providers:

• Supabase: Database and authentication
• Resend: Email delivery
• Stripe: Payment processing
• OpenAI: AI coaching (anonymized data only)

4. Children's Privacy (COPPA)

For users under 13, we:

• Require verifiable parental consent
• Collect only necessary information
• Do not use data for behavioral advertising
• Allow parents to review, delete, or refuse further collection

5. Data Security

We implement industry-standard security measures including encryption in transit and at rest, access controls, and regular security audits.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Active accounts: Data is retained for the lifetime of the account.
• After account deletion: Most personal data is permanently deleted within 30 days of your deletion request.
• Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which it is purged from all backup systems.
• Financial records: Transaction records (e.g., payment history) are retained for up to 7 years as required by applicable law.
• Legal holds: If required by law or legal proceedings, certain data may be retained longer than the periods above.

7. Data Deletion

You can request deletion of your account and personal data at any time using one of the following methods:

• In-app: Go to Settings → Account → Delete Account and follow the prompts.
• Web: Visit mindandmuscle.ai/delete-account and submit a deletion request.
• Email: Send a request to [email protected] with the subject "Data Deletion Request."

Upon a valid deletion request, we will:

• Permanently delete your profile, performance data, messages, and account credentials within 30 days.
• Purge your data from encrypted backups within 90 days.
• Retain only records required by law (e.g., financial transaction history for up to 7 years).

We will confirm deletion via email once the process is complete.

8. Your Rights

• Access your personal information
• Correct inaccurate information
• Delete your account and data (see Section 7 above)
• Export your data
• Opt-out of communications

9. Contact

For privacy questions: [email protected]

For COPPA requests: [email protected] (subject: "COPPA Request")

Mind and Muscle, Inc.
mindandmuscle.ai