Privacy Policy

We collect the following categories of data when you use BarMetrics:

Account Information

When you register, we collect your name, email address, and password (stored in hashed form). Coaches may also provide a timezone preference. Athletes may be invited via email by their coach.

Training Data

This includes training blocks, session structures, exercise prescriptions, set logs (prescribed and actual weights, reps, RPE), movement records, and personal records (PRs). Coaches create programming data; athletes generate performance and logging data.

Readiness and Feedback Data

Athletes may submit pre-session check-ins that include self-reported scores for sleep quality, soreness, hydration, nutrition, and stress levels. Post-session feedback, including difficulty, soreness, and energy ratings, may also be collected.

Payment Information

Subscription payments are processed through Stripe. BarMetrics does not store your full credit card number, CVV, or other sensitive payment details. Stripe handles payment data in accordance with PCI-DSS standards. We store only a Stripe customer ID and subscription status to manage your account.

Device and Usage Data

We collect basic technical information necessary to operate the Service, including browser type, device type, and session timestamps. If you enable push notifications, we store a push subscription endpoint for your device.

We use the data we collect for the following purposes:

• Service delivery: To provide, maintain, and operate the BarMetrics platform, including displaying training programs, tracking performance, calculating analytics, and enabling coach-athlete communication.
• Notifications: To send in-app notifications (such as new PR alerts, variance alerts, and coach notes) and push notifications (such as session reminders) when you have opted in.
• Billing: To process subscription payments, manage plan changes, and communicate about billing-related matters.
• Service improvement: To understand usage patterns through anonymized, aggregated data, identify issues, and develop new features.
• Account security: To authenticate your identity, protect against unauthorized access, and detect fraudulent activity.
• Communication: To send transactional emails related to your account, such as password resets, email confirmations, and athlete invitation links.

BarMetrics does not sell your personal data. We share data only in the following limited circumstances:

• Coach-athlete relationship: Coaches can view their athletes' training data, session logs, readiness scores, and performance records. Athletes can view training programs assigned to them by their coach.
• Stripe: Payment information is shared with Stripe to process subscriptions and manage billing. Stripe's privacy policy governs their handling of your payment data.
• Push notification services: If you enable push notifications, your device's push subscription endpoint is used to deliver notifications through standard web push protocols (VAPID-authenticated).
• Legal requirements: We may disclose data if required by law, subpoena, or court order, or to protect the rights, safety, or property of BarMetrics, our users, or the public.

We do not currently use third-party analytics services or advertising trackers. If this changes in the future, we will update this policy and notify you.

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

• Active accounts: All data is retained while your account remains active.
• Deleted accounts: When you delete your account, personal data is permanently removed within 30 days. Billing records may be retained for up to 7 years as required for tax and legal compliance.
• Deactivated athletes: When a coach deactivates an athlete or an athlete leaves a coach, the athlete retains access to their own training logs and performance data. The coaching relationship data is archived but not deleted.
• Anonymized data: Aggregated, anonymized data from which individuals cannot be identified may be retained indefinitely for service improvement.

BarMetrics uses cookies and local storage for the following purposes:

• Session cookies: We use essential session cookies to authenticate your identity and maintain your login state. These cookies are required for the Service to function and cannot be disabled.
• CSRF tokens: We use tokens to protect against cross-site request forgery attacks.
• IndexedDB (offline storage): If you use BarMetrics as a progressive web app (PWA), session data may be cached locally in IndexedDB to enable offline training functionality. This data is stored only on your device and is synchronized with our servers when connectivity is restored.

We do not use tracking cookies, advertising cookies, or any third-party cookies.

You have the following rights regarding your data:

• Access: You can view all data associated with your account through the BarMetrics dashboard at any time.
• Export: You may request a copy of your data in a portable format by contacting us.
• Correction: You can update your account information at any time through your profile settings.
• Deletion: You can request deletion of your account and associated data by contacting us. Deletion will be completed within 30 days, subject to legal retention requirements.
• Opt out of notifications: You can disable push notifications at any time through your browser or device settings. In-app notification preferences can be managed in your account settings.

To exercise any of these rights, contact us at support@trashpandatraining.com.

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data protection laws, you may have additional rights under the General Data Protection Regulation (GDPR) or similar legislation. These include:

• Legal basis for processing: We process your data based on contractual necessity (to provide the Service), legitimate interests (to improve and secure the Service), and your consent (for optional features like push notifications).
• Right to restriction: You may request that we restrict the processing of your data under certain circumstances.
• Right to object: You may object to certain types of data processing based on legitimate interests.
• Data portability: You may request your data in a structured, commonly used, machine-readable format.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

BarMetrics's servers are located in the United States. If you use the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

We take the security of your data seriously. Measures we employ include:

• Passwords are hashed using bcrypt before storage
• All data in transit is encrypted via HTTPS/TLS
• Authentication tokens (JWT) are used for session management
• Payment data is handled by Stripe in PCI-DSS compliant infrastructure
• Push notifications use VAPID authentication for secure delivery

While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach.

BarMetrics is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@trashpandatraining.com.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through an in-app notification at least 14 days before the changes take effect. We encourage you to review this policy periodically. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at support@trashpandatraining.com.