Privacy Policy

1. Information We Collect

Account Information

• Email address (used for authentication and communication)
• Name (optional, for personalization)
• Password (stored securely via Supabase authentication, hashed and salted)

Health and Wellness Data

• Body weight and body composition measurements
• Height, age, and biological sex (for protein calculations)
• GLP-1 medication type, current dose, and dose history
• Injection dates and medication schedule
• Food logs and protein intake records
• Activity type, training frequency, and exercise logs
• Communication style preference

Usage Data

• Pages visited and features used within the Service
• Device type and browser information
• IP address (for security and fraud prevention)
• Timestamps of interactions with the Service

Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed directly by Stripe, our payment processor. We do not store your full credit card number on our servers. We receive only a tokenized reference, card brand, last four digits, and expiration date from Stripe for display purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Calculate your dose-adjusted protein targets, generate personalized meal suggestions, create training protocols, and deliver weekly reports.
• AI Meal Generation: Your dietary preferences, protein target, and appetite information are sent to our AI provider to generate personalized meal suggestions. This data is processed in real-time and is not stored by the AI provider for training purposes.
• Medication Reminders: Your medication schedule and email address are used to send automated injection reminders via email.
• Progress Tracking: Your weight, body composition, and protein intake data are used to generate progress charts and weekly performance reports.
• Account Management: Process payments, manage your subscription, and communicate with you about your account.
• Service Improvement: Analyze aggregate, de-identified usage patterns to improve the Service, fix bugs, and develop new features.
• Security: Detect and prevent fraud, abuse, and unauthorized access to the Service.

3. Third-Party Services

We use the following third-party services to operate MuscleGuard. Each service has access only to the data necessary to perform its function:

• Supabase (database and authentication): Stores your account information, health data, food logs, and application data. Supabase provides authentication services including secure password hashing and session management. Data is stored in the United States.
• Stripe (payment processing): Processes your subscription payments and manages your billing. Stripe receives your payment information directly and is PCI DSS Level 1 compliant. See Stripe's Privacy Policy.
• Resend (email delivery): Sends transactional emails including medication reminders and account notifications. Resend receives your email address and the content of the emails we send you.
• Anthropic Claude API (AI meal generation): Powers the AI meal wizard. Your dietary preferences, protein target, and meal parameters are sent to generate meal suggestions. Anthropic does not use API inputs for model training. See Anthropic's Privacy Policy.
• Vercel (hosting and deployment): Hosts the MuscleGuard application. Vercel may process IP addresses and request metadata for performance and security purposes. See Vercel's Privacy Policy.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may disclose your information only in the following circumstances:

• Service Providers: With the third-party services listed above, solely for the purpose of operating the Service.
• Legal Requirements: If required by law, subpoena, court order, or government regulation.
• Safety: If we believe disclosure is necessary to protect the rights, property, or safety of MuscleGuard, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such transfer.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained until you delete your account or request deletion.
• Health and wellness data: Retained until you delete your account. You may delete individual food logs and weight entries at any time within the Service.
• Payment records: Retained for 7 years after your last transaction as required for tax and accounting purposes.
• Usage data: Aggregated and de-identified usage data may be retained indefinitely for analytics purposes.

Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms).

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted between your device and our servers.
• Encryption at rest for stored data via Supabase.
• Secure password hashing via Supabase authentication.
• Row-level security policies on our database to ensure users can only access their own data.
• Regular security reviews and updates.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights (CCPA / California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. This right is not applicable.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, contact us at support@muscleguard.app. We will respond to verifiable consumer requests within 45 days.

8. Children's Privacy

MuscleGuard is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@muscleguard.app and we will promptly delete such information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will also notify you via email. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

10. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: support@muscleguard.app