Introduction
Street TLT LLC ("we", "us", "our") operates the Street TLT application and website available at streettlt.com. We are committed to protecting your personal health data with the highest standards of security and transparency. By using Street TLT, you agree to the collection and use of information as described in this policy.
Information We Collect
Account Information
- Name and email address
- Password (hashed and secured via Supabase Auth — we never store plaintext passwords)
Health & Biometric Data
- Weight, height, age, and biological sex
- Calorie logs and nutrition entries
- Sleep data and movement data
- Stress scores and subjective wellness check-ins
Usage Data
- Check-in timestamps and session activity
- Prompt interactions and feature usage patterns
Payment Data
- Stripe processes all payments on our behalf
- We store only your subscription status — never card numbers, CVV codes, or full payment details
How We Use Your Information
- Deliver personalized coaching prompts and Foundation Gate feedback
- Calculate and continuously update your TDEE and health metrics
- Enable your assigned trainer to review your progress (1:1 clients only)
- Improve the platform through aggregated, anonymized analytics
- Send transactional emails including onboarding, check-in reminders, and billing notices
How We Store and Protect Your Data
- All data is stored in Supabase, hosted on AWS (us-east-1 region)
- Encryption at rest: AES-256 on all database records
- Encryption in transit: TLS 1.3 between your device and our servers
- Row-level security: your data is accessible only by your authenticated session and your assigned trainer
- Supabase is SOC 2 Type II certified
- We do NOT sell, rent, or share your health data with advertisers or third parties.
Data Retention
- Active accounts: Data retained for the duration of your subscription plus 90 days
- After deletion request: All personal data purged within 30 days
- Anonymized, aggregated data may be retained for platform research and improvement
Your Rights (CCPA / GDPR)
- Right to access: Request a copy of all data we hold about you
- Right to deletion: Request deletion of your account and all associated data
- Right to portability: Export your data in a machine-readable format upon request
- Right to opt out: Unsubscribe from marketing emails at any time via any email or your profile settings
To exercise any of these rights, contact us at privacy@streettlt.com. We will respond within 30 days.
Health Data — Special Notice
Important: Street TLT is not a HIPAA-covered entity and is not a licensed medical provider.
Health data you enter is used solely for coaching and wellness purposes within the platform.
We strongly recommend consulting a qualified physician before making significant dietary, exercise, or lifestyle changes.
Do not use Street TLT as a substitute for professional medical advice, diagnosis, or treatment.
Cookies
- We use session cookies solely for authentication — to keep you logged in securely
- We do not use advertising cookies
- We do not use third-party tracking pixels
Children's Privacy
Street TLT is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us at privacy@streettlt.com and we will delete that information promptly.
Changes to This Policy
We reserve the right to update this Privacy Policy. In the event of material changes, we will notify you by email and via an in-app notice at least 30 days before the changes take effect. Your continued use of Street TLT after that date constitutes acceptance of the updated policy.
Contact Us
For privacy-related questions or to exercise your data rights:
privacy@streettlt.comStreet TLT LLC | Address TBD