Strata · 2026

Effective May 11, 2026

Privacy Policy

Who runs Strata.

Strata is operated by Bryan Santana as an individual data controller (United States). The product is in closed beta and is not yet offered to residents of the European Union, the United Kingdom, or other regions outside the United States. If your account is created in violation of that scope, contact us at privacy@stratafit.online so we can delete it.

What we collect.

To run the coaching workflow, Strata stores:

  • Account: email address, display name, role (coach or client), Supabase user identifier, password hash held by Supabase Auth.
  • Coaching data: workouts you build, exercises, programs, assignments, client connection records, and invite tokens.
  • Logging data: workout logs, set logs (weight, reps, RPE), check-in responses, written feedback, and coach reviews.
  • Voice notes attached to workout assignments (audio file in Supabase Storage, duration, optional transcript field reserved for a future transcription feature; transcription is not active in beta).
  • Conversation history between connected coaches and clients inside the app.
  • Diagnostic data: crash reports and error breadcrumbs collected by Sentry to triage bugs; this does not include the contents of workout logs or conversations.

Strata does not collect device contacts, photo library, precise location, browsing history, advertising identifiers, or biometric data.

Why we collect it.

We use this data only to provide the coaching workflow: routing assignments from coach to client, persisting workout history, and sending product communication (verification email, password reset, invite acceptance). The legal basis under United States consumer privacy law is the performance of the service you signed up for.

Sub-processors.

Strata relies on a small number of vendors:

  • Supabase (database, authentication, file storage, edge functions). Located in the United States.
  • Vercel (application hosting for the marketing site and coach dashboard). Located in the United States.
  • Apple Push Notification Service (planned for a later release; not active in beta).
  • Sentry (error reporting; receives stack traces and minimal breadcrumbs, not workout content).
  • OpenAI (used only by the coach-side PDF import feature in the web dashboard; coaches upload a workout PDF, it is sent to OpenAI for structured extraction, and the result is reviewed by the coach before saving. OpenAI is contracted with zero-retention and no-training settings, and the feature requires explicit per-upload consent).

Voice notes.

Coaches and clients can attach audio voice notes to assignments and logs during a workout. Audio files are stored in a private Supabase Storage bucket scoped to the assignment and visible only to the connected coach-client pair. Voice notes are not analyzed, transcribed, or shared with any sub-processor in the current release. If a transcription feature ships later, we will update this policy before turning it on.

Retention.

  • Active accounts: data is retained for the life of the account.
  • Account deletion: when you delete your account from the app, Strata removes your profile, workouts, assignments, logs, messages, and voice notes within 14 days. Sub-processor logs that mention your user identifier may persist for up to 90 days before being rotated out of their retention windows.
  • Crash diagnostics: Sentry events are retained for 90 days by default.
  • Signup intents (pending email verification): expire after a short window and are purged seven days after expiry.

Your choices.

You can:

  • Edit your profile and email from the app at any time.
  • Delete your account from the app (Settings → Delete account). Coaches with active client connections must first disconnect their clients; the app will guide you through that step.
  • Export your data by emailing privacy@stratafit.online during beta. A self-service export is planned before public launch.
  • Withdraw consent for the OpenAI PDF import feature at any time by simply not using it.
  • Disable push notifications from your device settings (push is not active in beta but will be when it ships).

California residents.

California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to non-discrimination for exercising those rights. Strata does not sell or share personal information for cross-context behavioral advertising. To exercise a right, email privacy@stratafit.online.

Children.

Strata is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact privacy@stratafit.online and we will delete the account.

Security.

Data is encrypted in transit (TLS) and at rest on Supabase infrastructure. Access is gated by row-level security policies, so each user can only read and write rows their account is permitted to touch. We rotate authentication tokens, hash passwords using industry-standard algorithms via Supabase Auth, and apply the principle of least privilege to backend functions. No system is perfectly secure, and we will notify affected users without undue delay if a breach occurs.

Cookies and tracking.

Strata uses strictly necessary authentication cookies on the web dashboard. We do not run third-party analytics, advertising networks, or cross-app tracking in beta. The mobile app does not present an App Tracking Transparency prompt because no tracking occurs.

Changes to this policy.

We will update this page when our practices change. Material changes will be communicated by email or in-app notice before taking effect. The effective date above always reflects the current version.

Contact.

Questions or requests: privacy@stratafit.online. Postal mail will be published here once Strata's operating company is formed and a registered business address is available.