Privacy Policy

Effective Date: April 3, 2026
Last Updated: July 3, 2026

Privacy at a Glance

What we collect: Training data, profile information, journal entries, voice coaching transcripts, and usage analytics

How we use it: To provide personalized BJJ coaching, track your progress, and improve our AI-powered features

Your rights: Access, export, correct, or delete your data at any time

AI transparency: We use Anthropic (Claude) and OpenAI for AI-powered features. Your data is NOT used to train third-party AI models

1. Introduction

BRAWLER AI is operated by Stump & Forge, LLC, a limited liability company based in California, United States ("we," "our," or "us"). We are committed to protecting your privacy and providing transparency about how we collect, use, and safeguard your information. This Privacy Policy explains our practices regarding your Brazilian Jiu-Jitsu training data and personal information.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account & Profile Information

  • Email address, name, and username
  • BJJ belt rank and training experience level
  • Physical attributes (height, weight, age) - optional
  • Profile photos and avatars
  • Gym/academy affiliations

2.2 Training & Performance Data

  • Journal entries and training logs
  • Technique tracking and proficiency assessments
  • Sparring session records (partners, rounds, outcomes)
  • Training goals and progress metrics
  • Voice journal recordings and their text transcripts
  • AI-generated insights and coaching recommendations

2.3 AI-Generated Data

  • AI-generated search indexes for finding relevant training history
  • Performance analysis and pattern recognition results
  • Conversational context and coaching memory
  • Personalized recommendations and adaptations

2.4 Social & Connection Data

  • Training partner connections and permissions
  • Shared content and collaboration data
  • Community interactions and notifications

2.5 Technical & Usage Data

  • Device information (type, operating system, browser)
  • IP address and general location data
  • App usage patterns and feature interactions
  • Error logs and performance metrics
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

  • Provide personalized BJJ coaching and training insights
  • Track your progress and achievement milestones
  • Transcribe voice journal entries into structured training notes
  • Generate semantic search results for your training history
  • Facilitate connections with training partners

3.2 Personalization & AI Features

  • Adapt coaching style to your preferences and experience level
  • Provide context-aware recommendations based on training patterns
  • Maintain conversation continuity across coaching sessions
  • Analyze performance trends and suggest improvements

3.3 Service Improvement

  • Analyze usage patterns to enhance features
  • Monitor system performance and fix technical issues
  • Conduct research to improve AI coaching quality

3.4 Communication

  • Send service-related notifications and updates
  • Respond to support requests and feedback
  • Notify you of new features and improvements (with consent)

3.5 Legal Basis (GDPR)

For EU users, we process your data based on: (a) your consent, (b) contract performance, (c) compliance with legal obligations, or (d) legitimate interests in improving our service.

4. How Information is Shared

4.1 Third-Party Services

Anthropic (Claude) — AI Coaching & Analysis

  • Powers journal extraction, AI coaching, enrichment, and focus area generation
  • Data processed via Anthropic's API is NOT used to train Anthropic's models
  • All API communication encrypted in transit (TLS 1.2+)
  • Anthropic's privacy policy: anthropic.com/privacy

OpenAI — Voice Transcription & Search

  • Voice journal recordings are transcribed to text via OpenAI (speech-to-text)
  • Text embeddings generated for semantic search functionality
  • Data submitted through OpenAI's API is NOT used to train OpenAI's models
  • OpenAI's privacy policy: openai.com/policies/privacy-policy

Supabase — Database & Authentication

  • Database hosting with row-level security
  • User authentication and session management
  • Data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Supabase's privacy policy: supabase.com/privacy

Vercel — Application Hosting

PostHog — Product Analytics

  • Event tracking and feature-usage analytics, associated with your account after you sign in
  • Session replay may record in-app interactions to help us diagnose issues and improve usability
  • PostHog's privacy policy: posthog.com/privacy

Mux — Video Hosting

  • Technique reference video hosting and streaming
  • Video playback data subject to Mux's privacy policy
  • Mux's privacy policy: mux.com/privacy

Resend — Transactional Email

  • Password resets, notifications, and account communications
  • Email addresses processed for delivery only
  • Resend's privacy policy: resend.com/legal/privacy-policy

Apple (APNs) — Push Notifications (iOS)

  • Device tokens used for mobile push notification delivery on iOS
  • Tokens used solely for alert delivery, not for tracking
  • Apple's privacy policy: apple.com/legal/privacy

Google (Firebase Cloud Messaging) — Push Notifications (Android)

  • Device tokens used for mobile push notification delivery on Android
  • Tokens used solely for alert delivery, not for tracking or advertising
  • Google's privacy policy: policies.google.com/privacy

RevenueCat — In-App Purchases (iOS & Android)

  • Manages Pro subscription purchases and entitlements on iOS (Apple StoreKit) and Android (Google Play Billing)
  • Your Supabase user ID is used as the RevenueCat app user ID to link purchases to your account
  • Purchase receipts and subscription status are processed by RevenueCat on our behalf
  • RevenueCat's privacy policy: revenuecat.com/privacy

Google Play Billing — Android Subscriptions

  • Processes Pro subscription payments made through the Google Play Store on Android
  • Payment details are handled by Google; we do not receive your full payment information
  • Google Play's privacy policy: policies.google.com/privacy

Stripe — Web Subscriptions

  • Processes Pro subscription payments made through our website
  • Card and payment details are handled directly by Stripe; we do not store your full payment information
  • Stripe's privacy policy: stripe.com/privacy

4.2 BRAWLER MCP Integration (Connecting Claude & ChatGPT)

The BRAWLER MCP Integration is an optional paid feature that lets you connect a third-party AI client — such as Anthropic's Claude, OpenAI's ChatGPT, or another compatible Model Context Protocol (MCP) client — to your BRAWLER training data. You initiate and control this connection.

  • Connections use OAuth 2.1: you sign in and explicitly approve access, and you can revoke it at any time from Connected apps.
  • The MCP server only ever exposes data that already belongs to your account (your journal entries, sparring and technique history, goals, and related content). It cannot access other users' data.
  • When you connect a client, you authorize that client to retrieve your BRAWLER data at your direction. That data is then handled under the connected provider's privacy policy (for example, Anthropic's or OpenAI's), not just ours.
  • Tools that generate coaching, extraction, or analysis are processed by the same AI subprocessors described in section 4.1 (Anthropic and OpenAI), and are NOT used to train their models.
  • We record limited tool-usage metadata (which tool was called and when) to enforce plan quotas and prevent abuse. We do not sell this data or use it for advertising.
  • Setup and disconnection instructions: brawlerai.com/connect.

4.3 Training Partners & Social Features

  • Training partner connections require mutual consent
  • You control what content is shared with partners
  • Shared sessions and techniques visible only to authorized users

4.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety.

4.5 What We Don't Do

  • We DO NOT sell your personal information
  • We DO NOT share your training data with third parties for marketing
  • We DO NOT use your data to train commercial AI models for resale

5. Your Privacy Rights

5.1 Rights for All Users

  • Access: View all data we have about you
  • Export: Download your training data in CSV/JSON format
  • Correction: Update or correct inaccurate information
  • Deletion: Request complete account and data deletion
  • Opt-out: Disable AI analysis while maintaining core functionality

5.2 GDPR & UK GDPR Rights (EU/UK Users)

  • Right to data portability (structured, machine-readable format)
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner's Office for UK users)

5.3 CCPA/CPRA Rights (California Users)

  • Right to know what personal information is collected
  • Right to know if information is sold or disclosed
  • Right to opt-out of sale of personal information (we don't sell data)
  • Right to non-discrimination for exercising your rights

5.4 LGPD Rights (Brazil)

  • Right to access, correction, and deletion of personal data
  • Right to data portability
  • Right to information about shared data with third parties
  • Right to revoke consent at any time
  • Right to lodge a complaint with the ANPD (Autoridade Nacional de Proteção de Dados)

5.5 Additional International Rights

Users in other jurisdictions may have additional rights under local data protection laws, including but not limited to: PIPEDA (Canada), POPIA (South Africa), and APPI (Japan). These laws generally provide rights to access, correct, and delete personal data, and may impose additional requirements on cross-border data transfers. Where local law provides greater protection than this policy, the local law applies.

5.6 Exercising Your Rights

To exercise any of these rights, visit your account settings or contact us at info@brawlerai.com. We will respond to requests within 30 days.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Row-level security in database with authenticated access only
  • Secure API endpoints with authentication required
  • Regular security audits and vulnerability assessments
  • Access controls and least-privilege principles
  • Regular backups with encrypted storage
  • Incident response procedures for security breaches

While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

  • Active accounts: Data retained while your account is active
  • Deleted accounts: Personal data removed within 30 days of deletion request
  • Backups: Retained for 90 days for disaster recovery, then purged
  • Legal holds: Data retained as required by law or active legal processes
  • Anonymized analytics: De-identified usage data may be retained indefinitely for service improvement

8. Voice Journaling & AI Coaching

Special considerations for voice journaling features:

  • Voice journal recordings are sent to OpenAI for transcription (speech-to-text)
  • Transcripts are analyzed by Anthropic (Claude) for coaching insights
  • Transcripts are stored for coaching continuity and context
  • Voice audio is NOT permanently stored after session ends
  • You can delete voice session history at any time
  • Voice language preferences are customizable in settings
  • Conversation memory can be disabled in privacy settings

9. Cookies & Tracking Technologies

9.1 Cookie Categories

  • Strictly Necessary: Authentication, security (no consent required)
  • Functional: User preferences, language settings, saved filters
  • Analytics: Usage patterns, feature adoption, performance monitoring

9.2 Your Cookie Choices

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality of the service.

10. Age Restriction

Our service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately and we will take steps to delete the information. This minimum age exceeds COPPA requirements and satisfies GDPR default consent thresholds.

11. International Data Transfers

Your data is stored and processed in the United States. Your information may be transferred to and processed in the United States from countries with different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions for certain countries
  • Your explicit consent for transfers

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email notification to registered users (30-day advance notice)
  • Prominent notice on the website
  • Updated "Last Updated" date at the top of this policy

Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

info@brawlerai.com

Response Time

Within 30 days of your request

Important Disclaimer

Not Medical Advice: Our AI coaching and training insights are for informational and educational purposes only. They do not constitute medical, health, or professional training advice. Always consult qualified instructors and healthcare professionals for personalized guidance.

Injury Tracking: Information about injuries or physical limitations is collected solely to provide safer training recommendations and is treated as sensitive health data with enhanced protection.