HEROMINUTES is a wellness guidance app. For privacy questions, contact us at herominutes@gmail.com.
Separate, explicit consent for health data: health-related information (injury intake, pain logs, readiness, session history) is collected only after you give an explicit, stand-alone consent — a dedicated checkbox at sign-up, separate from your agreement to the Terms of Use. Accounts created before this consent existed are shown a one-time consent screen at sign-in and cannot proceed without responding. Each consent is recorded with a timestamp in our audit log. You can withdraw this consent at any time by deleting your account (Section 7), which permanently erases this data.
| Data | Why |
|---|---|
| Name, email address | Account creation and identification |
| Date of birth | Age verification (18+ requirement) |
| Password (hashed) | Authentication — never stored in plain text |
| Injury intake responses | AI program personalisation |
| Pain logs (zone, score, date) | Phase progression and safety tracking |
| Session history | Streak tracking and progress |
| Phase check-in results | Phase progression logic |
| Readiness scores | AI load adjustment |
| Consent timestamps | Legal audit trail of accepted agreements |
| Browser user agent (consent only) | Audit trail for liability |
| Payment information | Processed by Stripe — we never store card data |
| Usage events (screens viewed, features used) | First-party product analytics — improving the app; never shared or sold |
HEROMINUTES uses Anthropic's Claude API to generate personalised training programs. When you generate a program, the following data is sent to Anthropic's servers for processing:
Anthropic's data handling is governed by Anthropic's Privacy Policy. Data sent to Anthropic's API is not used to train their models under their standard API terms.
Your data is stored on Supabase (a PostgreSQL database hosted on AWS infrastructure). Data is encrypted at rest and in transit. Supabase's privacy practices are governed by Supabase's Privacy Policy.
Subscription payments are processed by Stripe. HEROMINUTES never receives or stores your credit card information. Stripe's data practices are governed by Stripe's Privacy Policy.
We do not sell, rent, or trade your personal data to third parties. Data is shared only with:
No advertising, no tracking: we collect basic first-party usage analytics (which screens and features are used) solely to improve the app — this data never leaves our own database. The app contains no third-party advertising SDKs, analytics trackers, or marketing pixels, and we enforce this technically with a strict Content-Security-Policy that blocks any unauthorized third-party script or tracking beacon from loading. Your health data is never used for advertising, marketing, or behavioral profiling.
Your account data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., financial records for subscription payments).
Delete your account in the app: go to your Profile (or Home) screen and tap Delete Account below Sign Out. After you confirm, your account, training programs, session history, pain logs, intake answers, and all other personal data are permanently deleted immediately, and any active subscription is cancelled. This action cannot be undone. You can also request deletion by emailing herominutes@gmail.com.
Depending on your jurisdiction, you may have the following rights:
To exercise any of these rights, contact herominutes@gmail.com.
Canadian users (PIPEDA / BC PIPA): we collect, use, and disclose your personal information only with your consent and for the purposes described in this policy. You may withdraw consent at any time; because the App cannot provide its services without this data, withdrawing consent means closing your account — delete it in the App (Profile → Delete Account) or email us. If you are not satisfied with how we handle a privacy concern, you may complain to the Office of the Privacy Commissioner of Canada or, in British Columbia, the Office of the Information and Privacy Commissioner for BC.
If you do not agree with this policy, do not create an account; if you already have one, you may delete it at any time as described in Section 7.
We use industry-standard security measures including HTTPS encryption, Supabase Row Level Security (RLS), and hashed passwords. No system is 100% secure; use a strong, unique password and never share your credentials.
HEROMINUTES is restricted to users 18 years of age or older. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at herominutes@gmail.com.
We may update this Privacy Policy. We will notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.
Related documents: Terms of Use · Medical Disclaimer