Training Memberships Gear Community

1) Scope

This policy covers our websites and apps, including bjj365.club and any related coaching tools or integrations (the “Services”). It applies to visitors and registered members.

2) Data We Collect

  • Account & Membership: name, email, password hash, plan, status, support tickets.

  • Payment: handled by processors (e.g., Stripe). We receive transaction IDs and status, not full card numbers.

  • Training Content: journal entries, goals, notes, uploaded files, links, and media you provide.

  • WHOOP (optional): if you connect via OAuth, we may read recovery, HRV, resting HR, strain, sleep, workouts, profile/body measurements, and related timestamps.

  • Device/Usage: IP address, device/browser, pages viewed, referrers, crash logs, and basic analytics.

  • Cookies: necessary cookies for login and preferences; optional analytics cookies if enabled.

3) Sources

  • Directly from you (forms, uploads, OAuth connections).

  • From integrated providers you authorize (e.g., WHOOP).

  • From service logs and analytics.

4) How We Use Data

  • Provide and improve the Services and member features.

  • Personalize coaching insights, charts, and progress tracking.

  • Customer support, security, debugging, and fraud prevention.

  • Compliance with law and our Terms.

5) Legal Bases (where applicable)

  • Consent (e.g., connecting WHOOP).

  • Contract (to deliver your membership).

  • Legitimate interests (site security, product improvement).

  • Compliance with legal obligations.

6) Sharing

We do not sell personal data. We share with vetted processors under data-processing terms, for example:

  • Hosting and databases (e.g., Vercel, Supabase, Google Cloud).

  • Payments (e.g., Stripe).

  • Communications/support (e.g., email service desk).

  • Analytics/monitoring (e.g., privacy-respecting analytics).

  • Model/AI features when you use them (e.g., OpenAI features you invoke).
    We may disclose if required by law or to protect rights, safety, and integrity of the Services.

7) WHOOP Integration

Connecting WHOOP is optional. If connected, you authorize us to access read-only data via OAuth scopes you approve. You can revoke access at any time in WHOOP or within the Services. Revocation stops future syncs; previously stored data can be deleted upon request.

8) Data Retention

We keep data while your account is active and as needed for the purposes above, then delete or anonymize it. Backups may persist for a limited period ([e.g., up to 30–90 days]).

9) Security

We use reasonable administrative, technical, and physical safeguards (encryption in transit, least-privilege access, token management). No method is 100% secure.

10) Your Choices & Rights

  • Access, correct, export, or delete your data.

  • Revoke WHOOP access.

  • Opt out of non-essential cookies where offered.

  • Object or restrict certain processing where applicable.
    Request via [support@yourdomain]. We may need to verify your identity.

11) Children

The Services are not directed to children under 13 (or under the age required by local law). We do not knowingly collect data from children.

12) International Transfers

We may process and store data in the United States and other regions where our providers operate. We use appropriate safeguards for cross-border transfers where required.

13) Third-Party Links

Our Services may link to third-party sites. Their privacy practices are separate and not covered by this policy.

14) Changes

We may update this policy. The “Effective date” shows the latest version. Material changes will be noted at this page.

15) Contact

Questions or requests: [email protected]