Privacy Policy

Version 1.0 · Effective: April 2026

Important: Your injury intake, pain logs, and training data are processed by Anthropic's Claude AI to generate your personalised programs. By using HEROMINUTES, you consent to this processing.

1. Who We Are

HEROMINUTES is a fitness and wellness application. For privacy questions, contact us at support@herominutes.com.

2. Data We Collect

Data	Why
Name, email address	Account creation and identification
Date of birth	Age verification (18+ requirement)
Password (hashed)	Authentication — never stored in plain text
Injury intake responses	AI program personalisation
Pain logs (zone, score, date)	Phase progression and safety tracking
Session history	Streak tracking and progress
Phase assessment results	Clinical phase progression logic
Readiness scores	AI load adjustment
Consent timestamps	Legal audit trail of accepted agreements
Browser user agent (consent only)	Audit trail for liability
Payment information	Processed by Stripe — we never store card data

3. AI Processing — Claude API

HEROMINUTES uses Anthropic's Claude API to generate personalised training programs. When you generate a program, the following data is sent to Anthropic's servers for processing:

Your injury intake responses (injury type, zone, pain levels, training history)
Your current phase and progression history
Your pain logs for the current journey
Your readiness data (sleep, energy, soreness)
Your date of birth (age only, not full DOB) and biological sex if provided

Anthropic's data handling is governed by Anthropic's Privacy Policy. Data sent to Anthropic's API is not used to train their models under their standard API terms.

4. Data Storage

Your data is stored on Supabase (a PostgreSQL database hosted on AWS infrastructure). Data is encrypted at rest and in transit. Supabase's privacy practices are governed by Supabase's Privacy Policy.

5. Payment Processing

Subscription payments are processed by Stripe. HEROMINUTES never receives or stores your credit card information. Stripe's data practices are governed by Stripe's Privacy Policy.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Data is shared only with:

Anthropic — for AI program generation (see Section 3)
Supabase — for database storage
Stripe — for payment processing
Law enforcement — if required by law or to protect safety

7. Data Retention

Your account data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., financial records for subscription payments).

8. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights:

Access — Request a copy of your personal data
Correction — Request correction of inaccurate data
Deletion — Request deletion of your account and associated data
Portability — Request your data in a portable format
Opt-out — Opt out of any data sale (we do not sell data)

To exercise any of these rights, contact support@herominutes.com.

9. Security

We use industry-standard security measures including HTTPS encryption, Supabase Row Level Security (RLS), and hashed passwords. No system is 100% secure; use a strong, unique password and never share your credentials.

10. Children

HEROMINUTES is restricted to users 18 years of age or older. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at support@herominutes.com.

11. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

12. Contact

support@herominutes.com

Related documents: Terms of Use · Medical Disclaimer