← Close

Privacy Policy

Version 1.0  ·  Effective: April 2026

Important: Your injury intake, pain logs, and training data are processed by Anthropic's Claude AI to generate your personalised programs. By using HEROMINUTES, you consent to this processing.

1. Who We Are

HEROMINUTES is a wellness guidance app. For privacy questions, contact us at herominutes@gmail.com.

2. Data We Collect

Separate, explicit consent for health data: health-related information (injury intake, pain logs, readiness, session history) is collected only after you give an explicit, stand-alone consent — a dedicated checkbox at sign-up, separate from your agreement to the Terms of Use. Accounts created before this consent existed are shown a one-time consent screen at sign-in and cannot proceed without responding. Each consent is recorded with a timestamp in our audit log. You can withdraw this consent at any time by deleting your account (Section 7), which permanently erases this data.

DataWhy
Name, email addressAccount creation and identification
Date of birthAge verification (18+ requirement)
Password (hashed)Authentication — never stored in plain text
Injury intake responsesAI program personalisation
Pain logs (zone, score, date)Phase progression and safety tracking
Session historyStreak tracking and progress
Phase check-in resultsPhase progression logic
Readiness scoresAI load adjustment
Consent timestampsLegal audit trail of accepted agreements
Browser user agent (consent only)Audit trail for liability
Payment informationProcessed by Stripe — we never store card data
Usage events (screens viewed, features used)First-party product analytics — improving the app; never shared or sold

3. AI Processing — Claude API

HEROMINUTES uses Anthropic's Claude API to generate personalised training programs. When you generate a program, the following data is sent to Anthropic's servers for processing:

Anthropic's data handling is governed by Anthropic's Privacy Policy. Data sent to Anthropic's API is not used to train their models under their standard API terms.

4. Data Storage

Your data is stored on Supabase (a PostgreSQL database hosted on AWS infrastructure). Data is encrypted at rest and in transit. Supabase's privacy practices are governed by Supabase's Privacy Policy.

5. Payment Processing

Subscription payments are processed by Stripe. HEROMINUTES never receives or stores your credit card information. Stripe's data practices are governed by Stripe's Privacy Policy.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Data is shared only with:

No advertising, no tracking: we collect basic first-party usage analytics (which screens and features are used) solely to improve the app — this data never leaves our own database. The app contains no third-party advertising SDKs, analytics trackers, or marketing pixels, and we enforce this technically with a strict Content-Security-Policy that blocks any unauthorized third-party script or tracking beacon from loading. Your health data is never used for advertising, marketing, or behavioral profiling.

7. Data Retention & Account Deletion

Your account data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., financial records for subscription payments).

Delete your account in the app: go to your Profile (or Home) screen and tap Delete Account below Sign Out. After you confirm, your account, training programs, session history, pain logs, intake answers, and all other personal data are permanently deleted immediately, and any active subscription is cancelled. This action cannot be undone. You can also request deletion by emailing herominutes@gmail.com.

8. Your Rights (GDPR / CCPA / PIPEDA / PIPA BC)

Depending on your jurisdiction, you may have the following rights:

To exercise any of these rights, contact herominutes@gmail.com.

Canadian users (PIPEDA / BC PIPA): we collect, use, and disclose your personal information only with your consent and for the purposes described in this policy. You may withdraw consent at any time; because the App cannot provide its services without this data, withdrawing consent means closing your account — delete it in the App (Profile → Delete Account) or email us. If you are not satisfied with how we handle a privacy concern, you may complain to the Office of the Privacy Commissioner of Canada or, in British Columbia, the Office of the Information and Privacy Commissioner for BC.

If you do not agree with this policy, do not create an account; if you already have one, you may delete it at any time as described in Section 7.

9. Security

We use industry-standard security measures including HTTPS encryption, Supabase Row Level Security (RLS), and hashed passwords. No system is 100% secure; use a strong, unique password and never share your credentials.

10. Children

HEROMINUTES is restricted to users 18 years of age or older. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at herominutes@gmail.com.

11. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

12. Contact

herominutes@gmail.com

Related documents: Terms of Use  ·  Medical Disclaimer