Smart Strength← Back to site

Privacy Policy

Last updated: April 10, 2026

This Privacy Policy explains how BrainBuilder LLC (“BrainBuilder,” “we,” or “us”) collects, uses, and shares information when you use SmartStrength (the “Service”).

1. Information we collect

We collect the following categories of information:

Account information

  • Name and email address
  • Password (stored hashed, not in plain text) or Google account identifier if you sign in with Google
  • Role (athlete, trainer, or trainer’s client)

Health and fitness information

  • Body metrics you choose to enter (age, height, weight, body fat, etc.)
  • Workout logs, sets, reps, weights, and trainer notes
  • Meal entries, macros, and nutrition targets
  • Recovery and sleep data from connected third-party services such as Whoop, if you connect them
  • Training goals and injury history you share with your trainer

Communications

  • Messages between you and your trainer sent through the Service
  • Support emails you send us

Technical information

  • IP address, browser type, device type, and operating system
  • Pages you visit on the Service and actions you take
  • Cookies and similar technologies needed to keep you logged in

2. How we use information

We use the information we collect to:

  • Provide the Service, including showing your data to you and your trainer;
  • Generate AI training suggestions and nutrition analysis if you use features that require it;
  • Send you account-related emails (signup confirmation, password reset, billing receipts);
  • Debug, secure, and improve the Service;
  • Comply with legal obligations and enforce our Terms.

We do not sell your personal information, and we do not use your health or fitness data to serve you advertising.

3. Who sees your data

Your data is visible to:

  • You. Always, through the Service.
  • Your trainer, if you are using the Service as a trainer’s client. Your trainer can see your workout logs, body metrics, nutrition entries, recovery data, and messages. Trainers agree in our Terms to keep this information confidential.
  • Our service providers who help us operate the Service. These currently include: Supabase (database and authentication), Vercel (hosting), Resend (transactional email), Anthropic (AI processing for features that use AI), Whoop (only if you explicitly connect your Whoop account). These providers are contractually limited to processing your data on our behalf.
  • Legal authorities, if we are required by law to disclose information (for example, in response to a valid subpoena).

We do not share your data with other trainers, advertisers, or data brokers.

4. AI processing

If you use features that generate AI output (such as AI-generated programs or nutrition analysis), the relevant inputs are sent to our AI provider (Anthropic) to produce a response. We do not allow the AI provider to use your data to train their models. Prompts and responses may be retained by the provider for a limited period for abuse monitoring and then deleted per their policy.

5. Cookies

We use essential cookies to keep you signed in and to remember basic preferences. We do not use third-party advertising cookies. You can block cookies in your browser settings, but parts of the Service may not work properly if you do.

6. Data retention

We retain your account and training data for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to keep it to comply with legal or accounting obligations. You can request deletion at any time by emailing support@brainbuilder.io.

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your account and associated data;
  • Export your data in a portable format;
  • Withdraw consent for processing that is based on consent;
  • File a complaint with a data protection authority.

To exercise any of these rights, email us at support@brainbuilder.io. We will respond within a reasonable time frame.

8. Children

The Service is not intended for users under 18. We do not knowingly collect personal information from children under 13. If you are a trainer who programs for minors, you are responsible for obtaining parental consent. If we learn that a child under 13 has provided us personal information without verifiable parental consent, we will delete it.

9. Security

We use industry-standard technical and organizational measures to protect your data, including encryption in transit, secure password hashing, row-level security in our database, and limited access to production systems. No system is 100% secure. If we learn of a breach affecting your personal information, we will notify you as required by law.

10. International users

The Service is hosted in the United States. If you access it from outside the U.S., you understand that your data will be transferred to and processed in the United States, which may have different data protection laws than your home country.

11. HIPAA

SmartStrength is a consumer fitness product, not a healthcare service. We are not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA) and do not offer HIPAA-compliant data handling. Do not use the Service to store or transmit protected health information subject to HIPAA.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or in the Service. The “Last updated” date at the top shows when this policy was last revised.

13. Contact

Questions about this Privacy Policy or how we handle your data? Email us at support@brainbuilder.io.

Note: This Privacy Policy is a good-faith draft. If you expand internationally (EU/UK/California users at scale), take investment, or add new data practices, have a privacy attorney review this document to ensure it meets GDPR, CCPA, and other applicable requirements.