1. Information We Collect
We collect the following information when you use BJJ App:
- Account information — email address and display name provided by your OAuth provider (Google / GitHub) or directly by you
- Training data — session logs, technique records, streak data, goals, and notes you enter in the app
- Profile data — belt rank, gym name, BJJ start date, and any other profile fields you choose to fill in
- Usage data — anonymous page-level analytics via Vercel Analytics (no personally identifiable information)
2. How We Use Your Information
- To provide and improve the Service
- To display your training data back to you in the dashboard
- To process subscription payments (via Stripe)
- To send product updates if you opt in to email notifications
- To analyze aggregate usage patterns and improve features
3. Data Storage
Your data is stored in Supabase (PostgreSQL), hosted on AWS. Data is encrypted at rest and in transit. Row-Level Security (RLS) ensures that each user can only access their own data.
4. Third-Party Services
We use the following third-party services:
- Supabase — database and authentication
- Vercel — hosting and deployment
- Stripe — payment processing (Pro subscriptions)
- Vercel Analytics — anonymized page-level analytics
Each of these services has its own privacy policy. We only share the minimum data necessary with each provider.
5. Cookies & Tracking
BJJ App uses a minimal set of cookies, organized into three categories:
- Essential — authentication session cookies (Supabase). These cannot be disabled and are required for the Service to function.
- Analytics — anonymized page-level usage data via Vercel Analytics. No personally identifiable information is collected. You may opt out via the cookie preferences banner.
- Marketing — currently not used. If we introduce marketing cookies in the future, they will require your explicit opt-in consent.
You can manage your cookie preferences at any time by clearing your browser cookies for bjj-app.net, which will re-display the consent banner on your next visit. We do not use advertising cookies, tracking pixels, or fingerprinting techniques.
6. Data Sharing
We do not sell your personal data. We do not share your individual training data with third parties, except as required by law or to provide the Service through the processors listed above.
7. Your Rights
You have the right to:
- Access all data we hold about you (available via the dashboard export feature)
- Correct inaccurate data (editable in your profile)
- Delete your account and all associated data (Profile → Settings → Delete Account)
- Withdraw newsletter consent at any time via the unsubscribe link in any email
- Export your data in machine-readable format at any time (see Data Portability below)
8. Data Portability
You own your training data. BJJ App supports free data export for all users — regardless of subscription tier — in the following machine-readable formats:
- CSV — training logs, technique records, streak history (compatible with Excel, Google Sheets, Numbers)
- PDF — a printable summary report with statistics and charts
Export is available from the dashboard at any time. Even if you cancel a Pro subscription or delete your account, you can download your full data set beforehand. This satisfies the data portability requirement under GDPR Article 20 and similar regulations.
9. Data Retention
We retain your data for as long as your account is active. Specific retention periods by data category:
| Data Category | While Active | After Deletion |
|---|
| Training logs & techniques | Retained indefinitely | Purged within 30 days |
| Profile & account data | Retained indefinitely | Purged within 30 days |
| Payment records (Stripe) | Retained per Stripe policy | Retained for tax/legal compliance (up to 7 years) |
| Push notification tokens | Until unsubscribed or expired | Deleted immediately on account deletion |
| Analytics (Vercel) | Anonymized, no PII | Not linked to individual accounts |
Upon account deletion, your data enters a 30-day soft-delete period during which you may request restoration. After this window, data is permanently removed from our primary database. Encrypted backups may retain data for an additional 30 days before automatic purge.
10. Children's Privacy
BJJ App is not directed at children under 13 (United States, per COPPA) or under 16 (European Economic Area, per GDPR). We do not knowingly collect personal information from individuals below these age thresholds.
If you are a parent or guardian and believe your child has provided personal information to BJJ App without your consent, please contact us at 307239t777@gmail.com. We will promptly verify the request and delete any data associated with the child's account within 48 hours.
Minors between 13 and 16 (or the applicable age of digital consent in their jurisdiction) may use BJJ App only with verifiable parental or guardian consent.
11. Security Incident Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users via email within 72 hours of confirmed discovery, as required by GDPR Article 33
- Describe the nature of the breach, the categories of data affected, and the approximate number of individuals impacted
- Outline the measures taken to contain and remediate the breach
- Provide guidance on steps you can take to protect yourself
We also maintain appropriate technical and organizational security measures — including encryption at rest and in transit, Row-Level Security, and regular access reviews — to minimize the risk and impact of security incidents.
12. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information:
- Right to Know — you may request the categories and specific pieces of personal information we have collected about you
- Right to Delete — you may request deletion of your personal information (available via Profile → Settings → Delete Account)
- Right to Opt-Out of Sale — BJJ App does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. Therefore, there is no need to opt out
- Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights
To exercise any of these rights, contact us at 307239t777@gmail.com. We will verify your identity and respond within 45 days as required by the CCPA.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via an in-app notice. Continued use of the Service constitutes acceptance of the updated policy.