Privacy Policy

Beast-Forge ("Beast-Forge," "we," "us," or "our") is a fitness and personal training application available on iOS. The app connects personal trainers (coaches) with their clients and includes the following features:

• Workout programs and exercise video library
• Coach-to-client and client-to-coach messaging
• Progress tracking and achievement milestones
• Nutrition posts created by coaches
• Subscription management for coach plans

This Privacy Policy explains how we handle personal information when you download, register for, or use the Beast-Forge app or visit beast-forge.com (the "Service"). By using the Service, you agree to the practices described here.

We collect only what is necessary to run the app. Here is a clear breakdown:

Every piece of data we collect is used solely to operate and improve the Beast-Forge app. Specifically:

• Provide the Service — to create your account, authenticate you, and run all app features
• Coach-Client Communication — to deliver messages between coaches and their clients inside the app
• Progress & Achievements — to store and display your workout history and milestone progress
• Subscription Management — to activate, update, or cancel your coach plan via Stripe
• Transactional Emails — to send magic links, password-reset emails, and account notifications via Supabase
• Customer Support — to respond to questions or requests you send us directly

Beast-Forge relies on two trusted infrastructure providers. We share only the minimum data each provider needs to do their job.

We have no other third-party integrations. We do not use Google Analytics, Firebase, Sentry, Mixpanel, Amplitude, Facebook SDK, or any similar analytics, crash reporting, or advertising tools.

Your data is stored on Supabase-managed infrastructure. Supabase operates on AWS and applies industry-standard security controls including encryption in transit (TLS) and encryption at rest.

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• Encrypted connections (HTTPS/TLS) for all data transmitted between the app and our servers
• Row-level security (RLS) policies in our database so each user can only access their own data
• Service-role keys and secrets stored server-side only — never exposed to the client
• Access to production systems is restricted to authorized personnel only

No method of transmission over the internet is 100% secure. While we take strong precautions, we cannot guarantee absolute security.

We keep your personal information for as long as your account remains active. Specifically:

• Active accounts — data is retained while you have an account with Beast-Forge
• Deleted accounts — when you request account deletion, we will delete your personal data from our active systems within 30 days, subject to any legal obligations that require us to retain certain records (e.g., billing records for legal/tax purposes)
• Support messages — retained for a reasonable period to resolve any follow-up issues, then deleted
• Payment records — Stripe retains transaction records in accordance with their own data retention policy and applicable financial regulations

Regardless of where you live, you have the following rights with respect to your personal information:

To exercise any of these rights, contact us at the email address listed in Section 13. We will respond within 45 days. We will not discriminate against you for exercising your privacy rights.

If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), grant you specific rights regarding your personal information.

Categories of personal information we collect (CCPA categories):

• Identifiers — name, email address, User ID
• Internet or other electronic network activity — in-app messages and workout log entries
• Commercial information — subscription and transaction records (via Stripe)

Your California rights:

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purpose for collecting it, and the categories of third parties we share it with.
• Right to Delete — You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct — You may request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to Limit Use of Sensitive Personal Information — We do not collect sensitive personal information as defined by CPRA.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a verifiable consumer request under the CCPA/CPRA, contact us using the email in Section 13. We will verify your identity before processing the request and respond within 45 days (extendable by an additional 45 days with notice).

In compliance with the California Online Privacy Protection Act (CalOPPA), we make the following disclosures:

• This Privacy Policy is posted at a conspicuous location: beast-forge.com/privacy
• We will notify users of any material changes to this policy by updating the "Last Updated" date at the top of this page
• Users who wish to review or correct their personal information may contact us at the address in Section 13
• We do not respond to browser "Do Not Track" (DNT) signals because we do not engage in any behavioral tracking or advertising across websites. There is nothing to track and nothing to disable.
• We do not permit third parties to collect personally identifiable information about users across websites or online services over time

We do not knowingly collect, solicit, or retain personal information from anyone under the age of 13. Our Service is intended for users who are at least 13 years old.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe that your child under the age of 13 has provided personal information to us without your consent, please contact us immediately at the email address in Section 13.

Beast-Forge is available worldwide with one exception: Beast-Forge is not available to users in the European Union (EU) or European Economic Area (EEA).

Accordingly, this Privacy Policy does not address rights or obligations under the General Data Protection Regulation (GDPR) or any other EU/EEA data protection laws. If you are located in the EU or EEA, you are not authorized to use the Service.

By using Beast-Forge, you represent that you are not located in the EU or EEA and that your personal data may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy at beast-forge.com/privacy
• Send an email notification to registered users if the changes are significant

Your continued use of Beast-Forge after any changes become effective constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data — including account deletion requests, data access requests, or CCPA/CPRA inquiries — please reach out to us: