Privacy Policy

Your privacy is important to us

Last Updated: April 18, 2026 — Version 1.4

1. Introduction

AllStrong ("we," "us," or "our") operates AllStrong (the "Service") at https://allstrong.app. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service, whether as an individual consumer, a gym owner, or a gym member.

By using the Service, you agree to the collection and use of information in accordance with this Policy.

This policy also serves as our Consumer Health Data Privacy Policy as required under applicable state laws, including the Washington My Health My Data Act.

Privacy contact: privacy@allstrong.app

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and password when you register.
  • Profile information: Any additional details you add to your profile.
  • Payment information (consumer subscriptions): Handled directly by Whop, Inc. (our Merchant of Record). We do not store your payment card data for consumer subscriptions.
  • Payment information (gym member billing): Handled by Stripe, Inc. via Stripe Connect. Payment card data, bank account data (for ACH transfers), and billing addresses are collected and processed by Stripe on behalf of your gym. We do not store card numbers or bank account details. See Section 4 for details.
  • Communications: Messages you send us for support or feedback.
  • In-app messages: If you use in-app messaging (e.g., coach-member communication within a gym), message content is stored on our servers.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, and interactions with the Service.
  • Device information: Browser type, operating system, IP address, and device identifiers.
  • Cookies and tracking: See Section 8 (Cookies).

2.3 Health and Fitness Data

We collect health and fitness data you choose to share, including activity metrics, biometric measurements (weight, body composition, heart rate, steps), sleep data, nutrition data, and wearable device data (via Apple HealthKit on iOS and Health Connect on Android). This information is used solely to provide the tracking and analysis features of the Service and is not shared with health insurers, employers, pharmaceutical companies, or advertisers.

Under the CCPA, health and biometric data is classified as "sensitive personal information." See Section 5 for your rights regarding sensitive personal information.

2.4 Gym Membership Data

If you are a member of a gym that uses the AllStrong platform, we collect:

  • Attendance records: Check-in dates, times, and methods.
  • Class bookings: Class registrations, cancellations, and waitlist history.
  • Coaching session history: Scheduled sessions, session types, and completion status.
  • Benchmark and workout results: Performance scores, personal records, and workout logs recorded through the gym platform.
  • Staff notes: Notes created by gym staff regarding your membership (general, coaching, billing, or medical notes as categorized by staff).
  • Waiver signatures: Digital signatures on gym liability waivers, health questionnaires, and other gym-required documents.

2.5 Nutrition and Food Data

When you log food or scan barcodes, we may query third-party nutrition databases (USDA FoodData Central, Open Food Facts) to retrieve nutritional information. These queries transmit food names or barcode numbers — not your personal information — to these public databases.

2.6 Photos and Files

If you upload photos (e.g., body composition scan printouts), they are stored securely using Cloudflare R2 (S3-compatible cloud storage) and processed by our AI provider for data extraction. Photos are associated with your account and can be deleted at any time.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Process transactions and manage your subscription.
  • Facilitate gym member billing through Stripe Connect on behalf of participating gyms.
  • Send transactional emails and account notifications.
  • Respond to your support requests and communications.
  • Analyze usage patterns to improve features and user experience.
  • Generate churn risk scores and retention analytics for gym owners (based on attendance patterns and engagement metrics — not personal health logs).
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell your personal information to third parties.

4. How We Share Your Information

We may share your information with:

  • Service providers: Third-party vendors who help us operate the Service (hosting, payment processing, email delivery, error monitoring, cloud storage). These providers are contractually obligated to use your information only as directed.
  • Whop, Inc.: As our Merchant of Record for consumer and gym platform subscription billing. Whop processes subscription transactions, manages sales tax, and handles payment disputes for these subscriptions.
  • Stripe, Inc.: As the payment processor for gym member billing via Stripe Connect. Each participating gym maintains a Stripe connected account. Stripe receives payment card data, bank account information (for ACH transfers), billing addresses, and transaction amounts necessary to process member charges. Stripe's privacy policy governs how they handle this data. We do not store card numbers or bank account details — all payment credentials are held by Stripe.
  • Anthropic, PBC: Our AI provider. Text you enter in chat features and photos you upload for analysis may be processed by Anthropic's Claude AI in accordance with their privacy policy. We do not send your health data to Anthropic for purposes other than providing the chat and analysis features you initiate.
  • Google / Firebase: For authentication and account management. If you sign in with Google, we receive your name and email address from Google. Firebase processes authentication tokens and account events.
  • Sentry (Functional Software, Inc.): For application error monitoring and performance tracking. Sentry receives technical error data (stack traces, device info, request metadata). We strip personally identifiable information (request bodies, auth headers, cookies) before transmission. Sentry does not receive your health or fitness data.
  • Cloudflare, Inc.: For secure file storage (Cloudflare R2). Uploaded photos and files are stored in Cloudflare's infrastructure.
  • Resend (Resend, Inc.): For transactional email delivery (e.g., password reset emails, account notifications).
  • Gym owners and staff: If you are a member of a gym that uses the AllStrong platform, gym staff with appropriate roles may access certain data about you through the gym dashboard. See Section 4.1 for details on what is and is not shared.
  • Legal requirements: We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights or the safety of others.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

We do not share your health or fitness data with health insurers, employers, pharmaceutical companies, or advertisers.

4.1 Gym Data Sharing

If you are a member of a gym that uses the AllStrong platform, the following data sharing rules apply:

Data accessible to your gym's staff/coaches:

  • Attendance records and check-in history
  • Class bookings and cancellations
  • Benchmark and workout results
  • Coaching session history and notes
  • Churn risk indicators (derived from attendance patterns)
  • Staff notes associated with your membership
  • In-app messages exchanged with gym staff

Data NOT accessible to your gym:

  • Personal health logs (nutrition tracking, calorie intake, meal data)
  • Sleep tracking data
  • Mood and wellness entries
  • AI chat history (conversations with the AI health coach)
  • Wearable device data (heart rate, steps, etc.) — unless you explicitly share specific data through the coaching feature
  • Data from other gyms if you are a member of multiple gyms

Data isolation: If you are a member of multiple gyms on the AllStrong platform, each gym can only access data related to your membership at that specific gym. Your data is isolated between gym organizations.

Revoking gym data access: You may revoke your gym's access to your data at any time by ending your membership or by contacting us at support@allstrong.app. Upon revocation, your gym will no longer be able to view your data through the dashboard, though records of past attendance and transactions may be retained for the gym's accounting and legal compliance purposes.

5. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) and regulations effective January 1, 2026:

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the third parties with whom we share it.
  • Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share (for cross-context behavioral advertising) your personal information.
  • Right to Limit Use of Sensitive Personal Information: Your health, fitness, and biometric data constitutes "sensitive personal information" under the CCPA. You may request that we limit our use and disclosure of your sensitive personal information to purposes necessary to provide the Service. We use sensitive personal information only to provide the features you request (health tracking, fitness analysis, AI coaching) and do not use it for purposes beyond what is necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Responding to Requests: We will respond to verifiable consumer requests within 45 days of receipt. If we need additional time, we will notify you of the extension (up to an additional 45 days).

Authorized Agents: You may designate an authorized agent to make requests on your behalf, subject to verification.

To exercise your rights, contact us at support@allstrong.app.

5.1 Automated Decision-Making Technology (ADMT)

Our Service uses AI-powered features (such as the chat-based health coach and gym churn prediction system) that process your personal information to provide personalized health and fitness recommendations and retention analytics. These AI features assist you in tracking and understanding your health data and help gym owners understand engagement trends. They do not make legally significant or similarly consequential decisions about you (such as decisions affecting your access to healthcare, insurance, employment, or financial services). Churn risk scores are advisory only and do not automatically trigger membership changes. As required by CCPA regulations, if our use of automated decision-making changes in the future, we will update this policy and provide appropriate notice and opt-out mechanisms.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion, we delete or anonymize your personal information within 90 days, except where retention is required by law.

For gym member billing records processed through Stripe Connect, transaction records may be retained for up to 7 years as required for tax and financial compliance purposes.

7. Data Security

We implement commercially reasonable technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encrypted data transmission (TLS), AES-256-GCM encryption for sensitive stored data (including gym API keys), access controls, role-based dashboard permissions, security headers, prompt injection defense, and regular security reviews.

Payment data is processed and stored by Stripe and Whop in PCI DSS-compliant environments. We do not store payment card numbers or bank account details on our servers.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7.1 Breach Notification

In the event of a breach of unsecured health information, we will notify affected individuals without unreasonable delay and in no case later than 60 calendar days after discovery, as required by the FTC Health Breach Notification Rule. For breaches affecting 500 or more individuals, we will also notify the Federal Trade Commission within the same timeframe. Breach notifications will include the types of information involved, a description of the breach, and steps you can take to protect yourself.

8. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Keep you logged in to the Service.
  • Remember your preferences.
  • Analyze usage patterns to improve the Service.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

We do not use third-party advertising cookies or tracking pixels for advertising purposes.

9. Third-Party Services and Links

The Service integrates with the following categories of third-party services:

  • Authentication: Google (via Firebase) for account sign-in
  • AI Processing: Anthropic for chat and health analysis features
  • Payment (consumer/gym subscriptions): Whop for subscription billing
  • Payment (gym member billing): Stripe via Stripe Connect — each gym maintains its own Stripe connected account for processing member payments
  • Hosting: Render for application servers and database
  • Email: Resend for transactional email
  • Error Monitoring: Sentry for application error tracking
  • Storage: Cloudflare R2 for file uploads
  • Nutrition Data: USDA FoodData Central and Open Food Facts (public databases)
  • Wearable Integration: Apple HealthKit (iOS) and Health Connect (Android) — on-device only; data is read locally and transmitted to our servers only with your permission

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you use.

10. International Data Transfers

Your information may be transferred to and processed in the United States. If you are located outside the United States, your use of the Service constitutes consent to transfer your information to the United States.

11. Your Rights and Choices

You may:

  • Access and update your account information through your account settings.
  • Delete your account by contacting us at support@allstrong.app. We will delete your data within 90 days.
  • Opt out of marketing emails by clicking the unsubscribe link in any marketing email, or by clearing the “marketing emails” checkbox at signup.
  • Request a copy of your personal data by contacting us.
  • Revoke gym data access by ending your gym membership or contacting us.
  • Withdraw consent for health data collection at any time. Withdrawing consent may limit the features available to you.

You can also delete your account directly in the app: go to Profile > Edit Profile > Delete Account, or visit allstrong.app/delete-account.

11.1 Marketing Consent — Unbundled, Independently Revocable

When you sign up, you are required to accept our Terms of Service and this Privacy Policy (one checkbox). You are separately shown a second, pre-checked checkbox asking whether you want to receive product updates, tips, and occasional offers (“marketing emails”). These two consents are unbundled: declining marketing emails does not prevent you from using the Service or starting a free trial. You may uncheck the marketing box at signup, or unsubscribe at any later time using the link in every marketing email, without affecting your account.

Transactional and account-relationship emails (welcome, billing, password reset, security alerts, onboarding nudges during your active trial) are not subject to the marketing opt-in and will be sent as long as you have an active account. This is permitted under CAN-SPAM, GDPR Article 6(1)(b) (contract-necessary communications), and CASL’s implied-consent provisions for existing business relationships.

For every marketing consent grant or withdrawal, we record the timestamp, IP address, and browser user-agent as an audit trail. This lets us honor and defend your choice.

12. State Health Data Privacy Laws

12.1 Washington My Health My Data Act

If you are a Washington state resident, you have additional rights regarding your health data under the My Health My Data Act (RCW 19.373). We collect consumer health data (including fitness metrics, nutrition data, and biometric measurements) only with your consent, which you provide by creating an account and using health tracking features. You may withdraw consent at any time by deleting your health data through the app or by contacting us. We do not sell or offer to sell consumer health data. You have the right to request deletion of your health data, and we will comply within 30 days.

12.2 Other State Laws

We monitor emerging state health data privacy laws (including those in Connecticut, Nevada, and other states) and will update this policy as needed to comply with applicable requirements. If you have questions about your rights under your state's laws, contact us at privacy@allstrong.app.

13. Children's Privacy

AllStrong is a general-audience health and fitness service. We do not permit independent accounts for children under 13, but parents and legal guardians may track a child's health data through a Child Profile linked to their own adult account. Sections 13.1–13.6 describe exactly how we handle that data and explain your rights as a parent under the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506; 16 C.F.R. Part 312), the California Consumer Privacy Act (CCPA) teen provisions, and related state privacy laws.

13.1 Children Under 13 — Child Profiles with Verifiable Parental Consent

Independent accounts blocked. Our signup flow requires a date of birth, and any user whose date of birth indicates they are under 13 is refused an independent account. If we learn that an independent account was created by or for a child under 13 without verifiable parental consent, we will delete that account and all associated personal information promptly.

Parent-managed Child Profiles. A parent or legal guardian with their own AllStrong account may create a Child Profile for a child under 13 through the "My Family" section of the mobile app. Before the Child Profile can be used to log any health data, we must obtain Verifiable Parental Consent (VPC) using an FTC-approved method.

VPC method — credit-card authorization. Per 16 C.F.R. § 312.5(b)(2), we verify parental identity by authorizing a one-time $0.50 charge on a credit or debit card in the parent's name, via Stripe (our payment processor). The charge is immediately refunded in full — we never retain the money. The bank notification of the charge reaching the account holder is the "verification" step COPPA contemplates. We store the Stripe PaymentIntent ID as proof of consent and, for audit purposes, these records are kept indefinitely.

What we collect for a Child Profile:

  • First name (and optional nickname)
  • Date of birth (required to confirm under-13 status and compute age-appropriate guidance)
  • Optional: biological sex, height, weight, activity level
  • Health data the parent logs on behalf of the child: meals (with nutrition), workouts (type + duration), sleep (quality + notes), water intake, height/weight/resting-heart-rate measurements

What we do NOT collect from Child Profiles:

  • Location data, device identifiers, or advertising IDs
  • Social features, friend lists, public profiles, or direct messaging
  • Usage for behavioral advertising, profiling, or cross-site tracking
  • Any data not directly logged by the parent

13.2 Parental Rights Under COPPA

As the parent or legal guardian of a child whose data we collect, you have the following rights — all exercisable directly from within the AllStrong app or by contacting us at privacy@allstrong.app:

  • Review all information we have collected for your child (view in-app or request export)
  • Request deletion of your child's data at any time (in-app or by email)
  • Refuse further collection by revoking parental consent — this permanently deletes all associated health logs within 30 days
  • Refuse to consent to our sharing personal information — we do not sell, share for cross-context behavioral advertising, or disclose Child Profile data to any third party other than the limited service providers listed in § 13.5
  • Be notified before we collect a new category of personal information from your child (we will seek fresh consent)
  • We will never condition your child's participation on collecting more information than is reasonably necessary to provide the Service

13.3 Revoking Consent and Deleting a Child Profile

You may revoke consent at any time by (a) tapping "Delete Child Profile" in the child's settings, (b) contacting privacy@allstrong.app, or (c) mailing the contact address in § 15. Revocation has these effects:

  • The Child Profile is immediately marked deleted and no new data can be logged for the child.
  • Within 30 days of revocation, an automated data-purge job permanently deletes every health log we collected for the child (meals, workouts, sleep, biometrics, water) and scrubs personally-identifying fields on the Child Profile record itself.
  • The consent records themselves (date of grant, method of verification, revocation timestamp, categories consented to) are retained indefinitely in an append-only audit log. This retention is required by the FTC to demonstrate COPPA compliance and contains no health data.

13.4 Teens Aged 13–17

Users aged 13–17 may create independent AllStrong accounts. At signup, teens affirm that a parent or guardian has approved the creation of the account (industry-standard self-attestation; COPPA itself does not apply at age 13 or older).

For teen accounts:

  • We apply the highest default privacy settings available on the Service. Features that would expose teen data beyond our service providers are opt-in.
  • We do not sell or share personal data of users we know to be under 16 without opt-in consent, consistent with CCPA/CPRA § 1798.120(c) for California residents and with equivalent state laws elsewhere.
  • Teens may connect Apple HealthKit or Google Health Connect under the OS-level permissions already granted to them on their device; we do not impose an additional parental-approval layer for these OS integrations.
  • Substance logging (alcohol, nicotine), medication tracking, and other adult-only features are not available on teen accounts.

13.5 Third Parties Involved With Child Data

Child Profile data is stored on the same infrastructure described in § 4 (Render, Neon, Cloudflare R2), with the same contractual protections. We do not share Child Profile data with advertising networks, analytics providers, data brokers, or any third party whose purpose includes profiling or marketing. The only third parties who ever process Child Profile data are:

  • Stripe — processes the one-time $0.50 VPC authorization + refund (for parents of under-13 children). Stripe receives the parent's card number and the $0.50 transaction. No child data is ever sent to Stripe.
  • Anthropic — if the parent uses the AI assistant to log meals/workouts on behalf of the child, the assistant processes the natural-language input under the data-minimization rules in § 4. No child data is used to train Anthropic's models (per their API Terms).
  • Render (hosting), Neon (database), Cloudflare R2 (object storage) — infrastructure providers contractually bound to process data only as directed by us.

No other third-party data sharing, advertising, or cross-context behavioral advertising involving Child Profile data is permitted under any circumstances.

13.6 Age Transitions

When a child in a Child Profile reaches age 13, we will notify the parent and offer the option to (a) keep the Child Profile as-is under parent oversight, or (b) convert it to an independent teen account (data is migrated; the original consent record is preserved).

When a teen account holder reaches age 18, any parental visibility or data-sharing grants created during the teen years are automatically revoked. The user (now an adult) may re-grant visibility voluntarily.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

15. Contact Us

For privacy-related questions or to exercise your rights:

We aim to respond to all inquiries within 48 hours.