Privacy Policy

1. Introduction

Fuel Different (“we,” “us,” or “our”) operates a performance nutrition tracking platform designed for athletes, general fitness enthusiasts, coaches, and parents. We are committed to protecting the privacy and security of all users, with special attention to the data of minor athletes. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our application and services (the “Service”).

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and role (athlete, general fitness, coach, parent, or administrator). For athlete and general fitness accounts, we also collect age, sex, sport (if applicable), position, team assignment, activity level, and training style.

2.2 Health and Nutrition Data

To provide personalized nutrition recommendations, we collect and process the following health-related data:

• Height, weight, and body composition data (including InBody scan results)
• Daily meal logs, including food photos and descriptions
• Hydration tracking data
• Supplement usage and requests
• Daily wellness check-ins (energy, stress, soreness, sleep)
• Training schedules and season phases
• Calculated nutrition targets (calories, macronutrients)

2.3 Body Composition Data (InBody Scans)

If you use the InBody scan feature, we collect body composition metrics including but not limited to: body fat percentage, skeletal muscle mass, lean body mass, fat-free mass, body water content, BMI, segmental lean analysis, ECW/TBW ratio, visceral fat area, and basal metabolic rate (BMR). This data may be entered manually or extracted from uploaded photos of InBody result sheets using AI image analysis.

Clarification regarding Illinois BIPA:Body composition metrics (weight, body fat percentage, skeletal muscle mass, BMI, etc.) are health and wellness measurements, not “biometric identifiers” as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14). We do not collect fingerprints, retina scans, voiceprints, facial geometry, or other biometric identifiers through the Service.

2.4 Photos and Images

We process meal photos for AI-powered nutritional analysis and InBody result sheet photos for data extraction. Meal photos are processed by our AI service and the extracted nutritional data is stored. InBody scan photos may be stored in our secure cloud storage for reference purposes.

2.5 Payment Information

Payment processing is handled by Stripe, a PCI-compliant payment processor. We do not store credit card numbers or full payment details on our servers. We retain subscription status, plan type, and billing history for account management purposes.

3. How We Use Your Information

We use the collected information to:

• Provide personalized nutrition recommendations and calorie/macro targets
• Analyze meals and provide coaching feedback using AI
• Evaluate supplement safety for athletes
• Track wellness trends and alert coaches to potential concerns
• Enable coaches to monitor and support their assigned athletes and members
• Generate progress reports and body composition trend analysis
• Process payments and manage subscriptions
• Improve our services and algorithms
• Communicate with you about your account, updates, and service changes

4. Consumer Health Data Privacy Policy

4.1 Categories of Health Data Collected

We collect the following categories of consumer health data:

• Body measurements: Height, weight, body fat percentage, skeletal muscle mass, lean body mass, BMI, visceral fat area
• Nutrition data: Meal logs, calorie intake, macronutrient intake, hydration levels
• Wellness indicators: Energy levels, sleep quality, soreness levels, stress levels
• Supplement usage: Supplement names, dosages, and safety evaluations
• Fitness information: Sport, position, training phase, activity level, training style, goals

4.2 Purpose of Collection

Consumer health data is collected solely for the purpose of providing personalized nutrition recommendations, enabling coach oversight, tracking progress, and improving the Service. We do not sell consumer health data. We do not share consumer health data for advertising purposes.

4.3 Consent

We collect consumer health data only with your affirmative, voluntary consent. You provide this consent when you create an account, enter health data into the Service, or upload InBody scan photos. You may withdraw consent at any time by contacting us or deleting your account.

4.4 Your Rights Under State Health Data Laws

If you are a resident of Washington, Connecticut, Nevada, or any state with consumer health data privacy laws, you have the right to:

• Confirm whether we are collecting or processing your consumer health data
• Access the specific consumer health data we have collected about you
• Request deletion of your consumer health data
• Withdraw consent for future collection of consumer health data
• Be free from discrimination for exercising these rights

5. Data Sharing and Access

5.1 Within the Platform

Athlete and member data is accessible to their assigned coach(es) and team administrators. Coaches can view their athletes' nutrition logs, wellness check-ins, biometric data, supplement requests, and messages. Administrators have access to all user data for platform management purposes.

5.2 Third-Party Services

We share data with the following third-party services strictly for operational purposes:

• Supabase — Database hosting and user authentication
• Anthropic (Claude AI) — Meal photo analysis, supplement safety evaluation, and InBody scan data extraction
• Stripe — Payment processing
• Vercel — Application hosting

We do not sell, rent, or trade your personal information or consumer health data to third parties for marketing, advertising, or any other purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including: encrypted data transmission (HTTPS/TLS), row-level security policies in our database ensuring users can only access their own data, authenticated API endpoints, secure session management, and role-based access controls. Biometric scan photos are stored in private cloud storage buckets with access restricted to authorized users.

7. Data Breach Notification

In the event of a data breach involving your personal information or health data, we will notify affected users without unreasonable delay and no later than 60 days after discovery of the breach. Notification will be provided via email to the address associated with your account. If the breach involves the health data of 500 or more individuals, we will also notify the Federal Trade Commission as required by the FTC Health Breach Notification Rule. We maintain an internal incident response plan to ensure timely detection, containment, and notification of data security incidents.

8. Minors and Parental Consent (COPPA Compliance)

Our platform serves student athletes, some of whom may be under 18 years of age. We take the following measures to protect minor users:

8.1 Users Under 13

In compliance with the Children's Online Privacy Protection Act (COPPA), users under 13 years of age may not create an account or use the Service without verifiable parental consent. Parents or guardians must contact us at crossfitironflag@gmail.com to complete a parental consent verification process before an account for a child under 13 is activated. If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information and deactivate the associated account.

8.2 Users Ages 13–17

• Athletes between 13 and 17 should have parental or guardian consent before creating an account
• Parents may request access to their child's data or account deletion at any time
• Supplement requests flagged as high-risk require parental approval

If you are a parent or guardian and believe your child has provided personal information without your consent, please contact us immediately at crossfitironflag@gmail.com.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of your sensitive personal information (including health data) to purposes necessary to provide the Service.

To exercise any of these rights, contact us at crossfitironflag@gmail.com. We will verify your identity before processing your request and respond within 45 days.

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Nutrition logs, wellness check-ins, and biometric scan history are retained to enable progress tracking and trend analysis.

Retention schedule:

• Account data: Retained while account is active; deleted within 30 days of account deletion request
• Health and nutrition data: Retained while account is active; deleted within 30 days of account deletion request
• Body composition data (InBody): Retained while account is active; deleted within 30 days of deletion request
• Meal photos: Processed for nutritional analysis; retained while account is active
• Payment records: Retained as required by applicable tax and financial regulations
• Chat messages: Retained while account is active; deleted within 30 days of account deletion request

If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

11. Your Rights

Regardless of your state of residence, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your data in a portable format
• Withdraw consent for data processing at any time
• Opt out of non-essential data collection

12. AI Processing Disclosure

Our platform uses artificial intelligence to analyze meal photos, evaluate supplement safety, and extract data from InBody scan result sheets. These AI analyses are provided as informational tools and should not be considered medical or dietary advice. AI-generated nutritional estimates may not be 100% accurate. Photos submitted for AI analysis are processed by Anthropic's Claude AI service and are subject to Anthropic's data handling policies. We recommend consulting with a qualified nutritionist or healthcare provider for personalized dietary guidance.

13. Educational Records (FERPA)

If our platform is used in connection with an educational institution, certain data may be considered educational records under the Family Educational Rights and Privacy Act (FERPA). We will cooperate with educational institutions to ensure compliance with FERPA requirements and will not disclose student information to unauthorized parties.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised “Last updated” date and, where required by law, by sending email notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us at: