← Back to home
Legal

Privacy Policy

Last updated: April 28, 2026

We respect your privacy. This policy explains what we collect, why, who we share it with, and what control you have.

1. What we collect

  • Account info: name, email, password (hashed).
  • Profile + intake: age, weight, height, goals, dietary preferences, equipment, schedule, injuries, and other information you provide during onboarding or in your profile.
  • Activity: daily check-ins (energy, soreness, sleep, mood), workout logs, diet logs, journal entries.
  • Media: photos and videos you upload (e.g., form-check videos, progress photos).
  • Payment: billing handled by Stripe — we never see your card number.
  • Product analytics: we capture pageviews and feature-use events (e.g., "completed onboarding," "logged a workout") to understand which features help users and which create friction.

2. How we use it

  • To generate and adapt your weekly plans.
  • To send transactional email (verification, password reset, weekly nudges).
  • To improve the Service — figure out what works, fix what doesn't.
  • To operate billing and customer support.

3. Who we share it with

We use a small set of trusted vendors to operate the Service. We don't sell your data and we don't share it for third-party advertising.

  • Anthropic: AI plan generation. Receives your living coaching documents and recent activity. Does not receive your name, email, or payment info.
  • Stripe: payments. Receives your email and payment instrument.
  • Resend: transactional email. Receives your email address and message contents.
  • Google Cloud (Cloud Run + Cloud Storage): hosting and media storage. Stores your media in private, signed-URL-only buckets.
  • Cloudflare Turnstile: signup CAPTCHA. Receives anonymous browser signals.
  • PostHog: product analytics. Receives your user ID, email, name, and event properties — never your health metrics, journal contents, or message contents.

4. Your rights

  • Access: request a copy of your data.
  • Correction: update your profile any time from the dashboard.
  • Deletion: request account deletion and we'll remove your data, subject to legal retention requirements.
  • Portability: request your data in a standard format (JSON or CSV).

To exercise any of these, email braxton@myhealthcoachai.com.

5. Security

Data is encrypted in transit (TLS) and at rest. We use industry-standard access control and audit logging on our systems. No system is perfect — if we ever experience a breach affecting your data, we'll notify you promptly.

6. Data retention

We keep your data while your account is active. If you delete your account, we remove personal data within 30 days, except where we're required to keep records for legal or accounting purposes.

7. Children

The Service is not intended for users under 18.

8. Changes

If we make material changes to this policy, we'll notify you by email or in-app notice and update the "last updated" date above.

9. Contact

Questions or requests? Email braxton@myhealthcoachai.com.

See also: Terms of Service