Privacy Policy

Last updated: January 2025

At Coa AI, your privacy matters to us. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Coa AI, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Data

When you sign up for Coa AI using Google OAuth, we collect your name, email address, and profile picture. This information is used to create and manage your account.

Profile Data

During onboarding, we collect personal details you provide, including your age, weight, height, fitness goals, experience level, and preferred workout schedule. This data is essential for generating personalized workout and meal plans tailored to your body and objectives.

Usage Analytics

We use PostHog to collect anonymous usage analytics, including usage patterns and feature interactions. This data helps us understand how our users engage with the app so we can improve the experience. Analytics data is not linked to your personal identity.

Fitness Data

As you use Coa AI, we store fitness-related data including workouts completed, meal plan adherence, progress photos, and body measurements. This information is used to track your progress over time and adapt your plan accordingly.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Personalized plans: To provide personalized workout routines and carb-cycled meal plans based on your profile, goals, and progress.
• AI coaching: To power AI coach interactions with relevant context about your fitness journey, enabling more accurate and helpful responses.
• Progress tracking: To track your progress and adapt your plan over time as your body and fitness level change.
• Service improvement: To improve our app, features, and services based on aggregated usage patterns.
• Communications: To communicate important updates about our services, policy changes, or your account.

3. Data Storage

Your data is stored securely on Supabase cloud infrastructure. Supabase provides enterprise-grade security with row-level security policies, encrypted connections, and regular backups.

Progress photos are stored in encrypted cloud storage. Access to these files is restricted to your account only and they are never shared with third parties.

We use industry-standard security measures to protect your data, including encryption in transit (TLS) and encryption at rest. While no system is 100% secure, we take reasonable precautions to safeguard your information.

4. Third-Party Services

Coa AI relies on the following third-party services to operate. Each service has its own privacy policy governing how they handle data:

• Clerk — Authentication and user management. Clerk securely handles sign-in flows and session management on our behalf.
• AI Coaching Engine — AI coaching conversations. Your messages are processed by our AI to generate personalized coaching responses. Conversations may be temporarily stored for response generation but are not used to train AI models.
• Supabase — Database and file storage. All persistent user data, including profile information, fitness data, and progress photos, is stored on Supabase infrastructure.
• PostHog — Anonymous usage analytics. We collect aggregated, anonymized usage data to understand how features are used and where we can improve the app.
• RevenueCat / Superwall — Subscription and payment processing. These services handle in-app purchases, subscription management, and paywall presentation. Payment information is processed securely and is never stored on our servers.

5. Your Rights

You have the following rights regarding your personal data:

• Access: You may request a copy of all personal data we hold about you.
• Deletion: You may request the deletion of your account and all associated data. Upon request, we will permanently remove your data from our systems within 30 days.
• Opt out of analytics: You may opt out of anonymous usage analytics tracking at any time through the app settings.
• Contact: To exercise any of these rights, please contact us at support@coaai.app.

6. Children's Privacy

Coa AI is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@coaai.app so we can take appropriate action.

7. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page.

Significant changes will be communicated through the app via an in-app notification. We encourage you to review this policy periodically to stay informed about how we protect your data.

8. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us:

• Email: support@coaai.app
• Contact page: coaai.app/contact

We aim to respond to all privacy-related inquiries within 5 business days.