Privacy Policy

1. Introduction

WarriorForge AI (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including AI warrior conversations, physical training tracking, mirror check-ins, brotherhood communities, and merchandise store.

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), and other applicable privacy laws.

2. Information We Collect

We collect several types of information from and about users of our Service to provide a comprehensive masculine transformation platform:

2.1 Personal Information

• Account Information: Email address, name, display name, and authentication credentials (via Supabase Auth)
• Profile Information: Avatar image, bio, subscription tier, role (member, admin, brotherhood leader)
• Contact Information: When you contact our support team or appeals process

2.2 Physical Training Data

• Workout Logs: Exercise type (push-ups, pull-ups, dips, burpees, squats, planks), repetition count, duration in seconds, timestamps
• Personal Records: Highest counts and longest durations per exercise type
• Challenge Data: Daily challenge acceptance, completion status, streaks, warrior persona assignments
• Usage Metrics: Workout frequency, challenge participation rates (for tier limit enforcement)

2.3 Mirror Check-In Data (Social Content)

• Photo Uploads: Images of your body/progress stored in Supabase Storage (bucket: mirror-check-ins, path structure: images/{userId}/{filename})
• Captions: Text descriptions accompanying your mirror check-ins
• Social Interactions: Likes, comments on your and others’ posts
• Metadata: Upload timestamps, image dimensions, file sizes
• User Likeness: Your face and body as depicted in uploaded photos (see Section 8 for biometric data details)

2.4 Brotherhood Community Data

• Membership Information: Which brotherhoods you’ve joined, join dates, membership status
• Posts and Comments: Your contributions to brotherhood feeds, timestamps, edit history
• Social Interactions: Likes on brotherhood posts
• Brotherhood Leader Data: If you’re a verified leader: social media links (Instagram, YouTube, etc.), verification status, leadership metrics

2.5 AI Conversation Data

• Chat Messages: Your conversations with AI warrior personas (Spartacus, Leonidas, Musashi, Goggins, Jocko)
• AI Responses: Generated responses from AI models
• Conversation Metadata: Warrior persona selected, conversation titles, timestamps, message counts
• Positive Words Reflection: Selected word IDs, reflection conversation history
• Voice Synthesis Logs (Phase 2): Text-to-speech conversion logs for ElevenLabs API (no user voice recordings—only synthesized warrior voices)

2.6 Merchandise and Order Data

• Shipping Address: Full name, email, street address, apartment/suite number, city, state/province, postal code, country
• Order Information: Product IDs, sizes, colors, quantities, order totals, Stripe payment IDs, tracking numbers
• Order Status: Processing, shipped, delivered, refund status (not_refunded, partially_refunded, fully_refunded)
• Refund History: Refund amounts, refund dates, reasons for refunds

2.7 Payment Information

• Billing Details: Stripe customer ID, subscription status
• Transaction History: Records of your subscription and merchandise payment history
• Note: Payment processing is handled by Stripe; we do not store full payment card details (only last 4 digits for reference)

2.8 Usage Information

• Feature Usage: AI chats per week, mirror check-ins posted, brotherhoods joined, challenges accepted/completed
• Tier Limit Tracking: Usage event logs for enforcing Free/Warrior/Elite tier limits
• Performance Data: Response times, error rates, service availability
• Preferences: Theme choices, warrior persona preferences, filter settings

2.9 Technical Information

• Device Information: Browser type, operating system, device identifiers, screen resolution
• Log Data: IP addresses, access times, pages viewed, referrer URLs
• Cookies: Browser cookies and similar tracking technologies (see Section 10 and Cookie Policy)

3. How We Use Information

We use the collected information for the following purposes:

3.1 Service Provision

• Provide and maintain all WarriorForge features (AI chat, training tracking, mirror check-ins, brotherhoods, merchandise store)
• Process your requests and facilitate AI warrior conversations via OpenRouter
• Manage your account, subscription tier, and payment processing
• Store and retrieve your workout history, conversation history, and mirror check-ins
• Display your content in social feeds (mirror check-ins, brotherhood posts)
• Fulfill merchandise orders through Printify

3.2 Tier Limit Enforcement

• Track usage against Free/Warrior/Elite tier limits (AI chats, mirror check-ins, brotherhoods, challenges)
• Prevent circumvention of usage restrictions
• Provide real-time usage metrics in your profile

3.3 Community Moderation

• Review user-generated content (mirror check-ins, brotherhood posts) for Community Guidelines violations
• Investigate reports of harassment, body shaming, or prohibited content
• Enforce content removal and account suspensions as necessary
• Process appeals of moderation decisions

3.4 Communication

• Send service-related notifications (order shipped, challenge issued, brotherhood invitation)
• Respond to your support inquiries and appeals
• Notify you of changes to our Service or policies
• Send marketing communications (with opt-out option)

3.5 Service Improvement

• Analyze usage patterns to improve AI warrior personas, workout tracking, and social features
• Monitor service performance and reliability
• Develop new features based on user behavior
• Optimize challenge difficulty and warrior persona responses

3.6 Legal and Security

• Comply with legal obligations and regulations
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and Community Guidelines
• Resolve disputes and investigate violations
• Report illegal activity to law enforcement when required

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below:

4.1 Service Providers

• Payment Processing: Stripe for secure subscription and merchandise payment processing
• Database & Authentication: Supabase for user authentication, database storage, and image hosting (RLS policies protect your data)
• Merchandise Fulfillment: Printify for printing and shipping physical products (we share shipping addresses and order details)
• Infrastructure: Vercel for cloud hosting and service delivery

4.2 Third-Party AI Services

Our Service integrates with third-party AI providers via OpenRouter API gateway:

• OpenRouter: AI gateway that routes conversations to underlying model providers (we share your messages and conversation context)
• Underlying AI Models: Your conversations may be processed by Llama, GPT, Claude, Gemini, or other models available through OpenRouter
• ElevenLabs (Phase 2): For voice synthesis of warrior personas (we share text for text-to-speech conversion; no user voice is recorded)
• Data Usage Policy: OpenRouter does not train models on your conversation data per their privacy policy

We encourage you to review the privacy policies of OpenRouter, ElevenLabs, and underlying AI model providers.

4.3 Public Display

Certain information you share is publicly visible within the WarriorForge community:

• Mirror Check-Ins: Your photos, captions, and profile name are visible to all users in the community feed
• Brotherhood Posts: Your posts and comments are visible to all members of that brotherhood
• Profile Information: Your display name, avatar, and subscription tier badge may be visible to other users

You control what you share publicly. Do not post information you wish to keep private.

4.4 Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Investigate potential violations of our Terms of Service or Community Guidelines
• Report child exploitation or illegal activity to authorities

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.6 With Your Consent

We may share your information with third parties when you explicitly consent, such as:

• Sharing your transformation progress on external social media (if you choose to do so)
• Participating in research studies or case studies (with explicit opt-in)

5. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

5.1 Account and Profile Data

• Account Information: Until you delete your account plus 30 days for backup/recovery purposes
• Avatar and Profile Data: Until account deletion
• Subscription Status: Retained for billing history and tax compliance (7 years)

5.2 Training and Fitness Data

• Workout Logs: Until account deletion or manual deletion by user
• Personal Records: Until account deletion
• Challenge History: Until account deletion
• Aggregated Analytics: Anonymized workout trends retained indefinitely for service improvement

5.3 Social Content

• Mirror Check-In Photos: Until manually deleted by user or account deletion (stored in Supabase Storage with RLS policies)
• Mirror Check-In Captions: Until post deletion or account deletion
• Brotherhood Posts: Posts may be retained after you leave a brotherhood for community continuity (attributed to “Former Member” if you leave)
• Comments: Retained with posts until manually deleted

5.4 AI Conversations

• Conversation History: Until you manually delete conversations or close your account
• User Control: You can delete individual messages or entire conversations at any time
• OpenRouter Retention: Per OpenRouter’s privacy policy (conversations not used for training)

5.5 Merchandise Orders

• Shipping Addresses: Retained for 7 years for tax, accounting, and legal compliance
• Order History: 7 years for financial recordkeeping
• Tracking Numbers: 1 year after delivery

5.6 Usage and Analytics Data

• Usage Event Logs: 90 days for tier limit enforcement
• Anonymized Analytics: Retained indefinitely in aggregated form

5.7 Payment Information

• Stripe Customer ID: Until account deletion or subscription cancellation
• Payment History: 7 years for tax/accounting purposes (required by law)
• Full Card Details: Never stored (handled by Stripe)

5.8 Legal Holds

• Exception: Information may be retained longer if required by law, legal proceedings, or ongoing investigations

You can request deletion of your data at any time by contacting us at privacy@warriorforge.ai or using account deletion features in our Service.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Encryption: Data encryption in transit (TLS/SSL) and at rest (database and storage encryption)
• Access Controls: Limited access to personal information on a need-to-know basis via role-based access controls
• Row Level Security (RLS): Supabase RLS policies ensure users can only access their own data (workout logs, conversations, images)
• Authentication: Multi-factor authentication for administrative access, secure password hashing for user accounts
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Procedures for detecting and responding to security breaches
• Content Moderation: Manual review of reported content by trained moderators

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information using industry-standard practices, we cannot guarantee absolute security.

If you become aware of any security vulnerability or breach, please report it immediately to security@warriorforge.ai.

7. Image Content and Biometric Data

Mirror check-ins involve uploading photos of your body and potentially your face. This section explains how we handle this sensitive data.

7.1 What Image Data We Collect

• Mirror Check-In Photos: Images you voluntarily upload showing your fitness progress
• User Likeness: Your face and body as depicted in uploaded photos
• Image Metadata: Upload timestamps, file dimensions, file sizes (not EXIF location data—stripped on upload)

7.2 No Biometric Analysis

We do NOT perform biometric scanning, facial recognition, or biometric data extraction on your images.

• Images are stored as-is without facial recognition processing
• We do not create biometric templates or faceprints
• We do not use images to identify you via facial recognition in other contexts
• We do not sell or share images with third-party biometric analysis services

7.3 Consent to Public Display

By uploading mirror check-in photos, you explicitly consent to:

• Your images being displayed publicly in the WarriorForge community feed
• Other users viewing, liking, and commenting on your photos
• Your display name being associated with the photos

You can delete your mirror check-ins at any time, which removes them from the public feed and our storage immediately.

7.4 Image Storage and Security

• Storage Location: Supabase Storage (bucket: mirror-check-ins, path: images/{userId}/{filename})
• Access Control: RLS policies ensure only you can delete your images; all users can view them in the public feed
• Encryption: Images encrypted at rest in Supabase infrastructure
• Retention: Until you delete them or close your account

7.5 Minor Protection

Users under 18 are prohibited from posting mirror check-ins due to body image content. We enforce age verification and remove any content from minors immediately upon detection.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information (download workout history, conversations, etc.)
• Correction: Update your profile, avatar, display name, or other inaccurate information
• Deletion: Delete your account and all associated data (with exceptions for legal retention requirements)
• Portability: Export your data in JSON/CSV format (workout logs, conversations, order history)
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests (e.g., marketing)
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis (e.g., marketing emails)

8.1 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under the GDPR:

• Legal Basis: We process your data based on contract performance (providing the Service you signed up for), legitimate interests (service improvement, security), and consent (marketing)
• Data Protection Officer: You can contact our DPO at privacy@warriorforge.ai
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
• Automated Decision-Making: We do not engage in automated decision-making that significantly affects you (AI conversations are for entertainment, not life-impacting decisions)

8.2 CCPA Rights (California Users)

If you are a California resident, you have specific rights under the CCPA:

• Right to Know: Request disclosure of personal information collected, used, or shared in the last 12 months
• Right to Delete: Request deletion of personal information (with exceptions for legal obligations)
• Right to Opt-Out: Opt-out of the sale of personal information (we do NOT sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights
• Authorized Agent: You may designate an authorized agent to make requests on your behalf

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@warriorforge.ai
• Subject Line: “Privacy Rights Request”
• Include: Your email address, specific request, and verification information

We will respond within 30 days (or as required by applicable law). We may request additional information to verify your identity before processing sensitive requests.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for basic site functionality, authentication, and security (supabase-auth-token, session-id)
• Preference Cookies: Remember your settings (theme preference, warrior persona favorites, filter preferences)
• Analytics Cookies: Help us understand how you use our Service (anonymized usage tracking)

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our Service (e.g., you may be logged out frequently). For more detailed information, please see our Cookie Policy.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own (primarily the United States where our servers are located). We ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate data protection laws recognized by the EU
• Standard Contractual Clauses: EU-approved contractual protections with service providers
• Service Provider Agreements: All third-party providers (Supabase, Stripe, OpenRouter, Printify, ElevenLabs) have data protection agreements in place
• Consent: Your explicit consent for transfers where required

By using WarriorForge, you consent to the transfer of your data to the United States and other countries where our service providers operate.

11. Children's Privacy

11.1 Age Restrictions

WarriorForge has different age requirements for different features:

• Under 13: Not permitted to use WarriorForge at all (COPPA compliance)
• Ages 13-17: May use AI warrior conversations with parental consent; may NOT post mirror check-ins, track workouts, join brotherhoods, or purchase merchandise
• 18+: Full access to all features

11.2 COPPA Compliance

We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@warriorforge.ai.

If we learn that we have collected personal information from children under 13 without verification of parental consent, we will take immediate steps to delete that information from our servers and ban the account.

11.3 Parental Controls (Ages 13-17)

If your child (ages 13-17) uses WarriorForge with your consent:

• They can only access AI warrior conversations (no social features)
• You may request to review their conversation history by contacting us
• You may request deletion of their account at any time
• We will enforce age restrictions and remove any prohibited content (mirror check-ins) posted by minors

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, features, or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our website with a new “Last Updated” date
• Sending an email notification to your registered email address (for material changes affecting your rights)
• Displaying a prominent notice in the app

Your continued use of our Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may request account deletion.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your requests within the timeframes required by applicable law, typically within 30 days.

Last Updated: 2025-11-05