My90Plan — 90 Days. Full Stop.

1. Information We Collect

We collect the following types of information:

Account information — name, email address, role (coach/client/admin), set during account creation
Client profile data — date of birth, gender, weight, height, fitness goals, medical conditions, notes (provided by the coach or client)
Workout data — exercise logs (sets, reps, weight), session feedback (difficulty, energy, pain), body metrics, plan ratings
Communication data — messages between coaches and clients, group chat messages, broadcast messages
Usage data — login timestamps, feature usage patterns

2. How We Use Your Information

To provide and maintain the Platform's functionality
To generate AI-powered workout plans (client profile data is sent to the Anthropic API for processing)
To display progress charts and analytics to coaches and clients
To facilitate communication between coaches and clients
To send transactional emails (account invitations, password resets)
To improve the Platform based on usage patterns

3. AI Data Processing

When a coach generates a workout plan using AI, the following client data is sent to the Anthropic API: name, age, gender, weight, height, fitness goals, medical conditions, and training preferences. This data is used solely for generating the workout plan. Anthropic does not retain this data beyond the duration of the API request, in accordance with their data usage policy.

4. Data Storage & Security

All data is stored in a Supabase-managed PostgreSQL database with encryption at rest
Row Level Security (RLS) ensures coaches can only access their own clients' data, and clients can only access their own data
Authentication is handled by Supabase Auth with secure session management
Service role keys are server-only and never exposed to client-side code
All communication between the browser and server is encrypted via HTTPS

5. Data Sharing

We do not sell, rent, or trade your personal information. Data is shared only in these limited circumstances:

Coach ↔ Client — coaches see their clients' workout data, progress, and feedback. Clients see only their own data.
AI plan generation — client profile data is sent to Anthropic's API (as described in section 3)
Infrastructure providers — Supabase (database/auth), Vercel (hosting), GIPHY (GIF search in chat)
Legal requirements — if required by law, court order, or governmental regulation

6. Data Retention

We retain your data for as long as your account is active. If a coach deletes a client, the client's workout logs and profile data are deleted. If a coach's account is deleted, all associated client data is deleted. You may request deletion of your data by contacting your coach or our support team.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict processing of your data
Request a portable copy of your data
Withdraw consent for data processing

To exercise these rights, contact us at privacy@my90plan.com.

8. Cookies & Local Storage

The Platform uses cookies for authentication session management (Supabase Auth). We also use browser localStorage for UI preferences (theme selection, notification dismissals, session feedback tracking). We do not use third-party tracking cookies or analytics tools that track individual users.

9. Children's Privacy

My90Plan is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email or in-app notification. Continued use of the Platform after changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions or data requests, contact us at privacy@my90plan.com.