Privacy Policy
Effective date: March 27, 2026 · Last updated: March 27, 2026
1. Introduction
Juniper Labs LLC, doing business as S-TIER.AI ("we," "us," or "our"), operates the S-TIER.AI website and progressive web application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Service. By creating an account or using the Service you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Information We Collect
2.1 Information You Provide
- Account information. When you create an account we collect your email address, an optional display name, and your password (stored and managed by Firebase Authentication — we never store your password directly).
- Google OAuth data. If you sign up with Google, we receive your email address, display name, and profile photo URL from your Google account.
- Payment information. Subscription payments are processed by Stripe. We do not store credit-card numbers or bank details. We store your Stripe customer ID to manage your subscription.
- Fitness and training data. Programs, workouts, sets, reps, weights, RPE ratings, exercise preferences, exercise exclusions, gym locations, and equipment profiles you create or log within the Service.
- Coaching data. If you use the Coach tier, we store coach–client relationships and the email addresses you provide when inviting clients.
- Files you upload. If you use our AI program-parsing feature you may upload images, PDFs, or documents containing training programs. These files are processed in memory and are not permanently stored on our servers after parsing is complete.
2.2 Information Collected Automatically
- Session cookies. We set a secure, HTTP-only session cookie when you log in (see Section 6 — Cookies).
- Usage metadata. We record the number of AI program-parsing requests you make per month, along with performance metrics (processing duration, token counts) to enforce plan limits and improve the Service. These records are linked to your user account.
2.3 Information We Do Not Collect
- We do not use third-party analytics, advertising pixels, remarketing tags, or behavioral tracking tools.
- We do not sell, rent, or trade your personal information to any third party.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service.
- Authenticate your identity and manage your session.
- Process subscription payments and manage billing.
- Parse training programs using AI — your uploaded content is sent to our AI service provider (Anthropic) for processing (see Section 5).
- Match exercises semantically — exercise names extracted during parsing are compared against our database using embedding-based similarity search powered by Google Gemini.
- Enforce subscription-tier usage limits.
- Send transactional emails (e.g., coach-to-client invitations) via our email provider.
- Respond to your inquiries and provide customer support.
- Comply with legal obligations.
4. Legal Bases for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
- Performance of a contract. Processing necessary to provide the Service you subscribed to (account management, payment processing, AI parsing, workout tracking).
- Legitimate interests. Service improvement, security, and fraud prevention, provided these interests do not override your rights.
- Legal obligation. Compliance with applicable laws, regulations, or legal processes.
- Consent. Where required by law we will obtain your consent before processing (e.g., optional marketing communications, if any are introduced in the future).
5. Third-Party Service Providers
We share your information only with the following categories of service providers, solely for the purposes described above:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication | Email, password (hashed), display name, profile photo URL |
| Stripe | Payment processing | Email, subscription tier, user ID (metadata) |
| Anthropic (Claude API) | AI program parsing | Training-program content you upload (text, images, PDFs, DOCX) |
| Google (Gemini API) | Exercise-name matching | Exercise names extracted during parsing |
| Resend | Transactional email | Recipient email, coach display name |
| Neon (PostgreSQL) | Database hosting | All account and training data described in Section 2 |
| Google Fonts | Font delivery (CDN) | Your IP address (transmitted automatically when your browser fetches font files) |
Each provider is contractually required to process data only for the purposes we specify and in compliance with applicable data-protection laws. We do not sell your personal data to any third party.
6. Cookies and Local Storage
We use a minimal set of cookies, all strictly functional:
| Name | Type | Purpose | Duration |
|---|---|---|---|
| session | Strictly necessary | Authenticate your logged-in session | 14 days |
| subscription_active | Strictly necessary | Gate access to subscription-only features | 14 days |
Both cookies are HTTP-only, secure (transmitted only over HTTPS), and set with SameSite=Lax. We do not use any advertising or analytics cookies.
We also store a single user-preference value (secondary_volume_multiplier) in your browser's local storage to remember a display setting. This data never leaves your browser.
7. Data Retention
- Account and training data is retained for as long as your account is active. If you delete your account (see Section 8), all associated data — including programs, workout logs, coach–client relationships, locations, and AI usage records — will be permanently deleted within 30 days.
- Uploaded files (images, PDFs, DOCX) sent for AI parsing are processed in memory and are not stored after the response is returned.
- Stripe billing records may be retained by Stripe in accordance with Stripe's own privacy policy and applicable financial-record-keeping laws.
- Server logs containing request metadata may be retained for up to 30 days for debugging and security purposes.
8. Your Rights
Depending on your location, you may have the following rights with respect to your personal data:
- Access. Request a copy of the personal data we hold about you.
- Rectification. Request correction of inaccurate personal data.
- Deletion. Request deletion of your personal data ("right to be forgotten"). You may delete your account and all associated data by contacting us at the email address below.
- Data portability. Request a machine-readable export of your personal data.
- Restriction of processing. Request that we limit how we process your data in certain circumstances.
- Objection. Object to processing based on legitimate interests.
- Withdraw consent. Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, please contact us at privacy@s-tier.ai. We will respond within 30 days (or sooner if required by applicable law).
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you additional rights:
- Right to know. You may request the categories and specific pieces of personal information we have collected about you.
- Right to delete. You may request deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale or sharing. We do not sell or share (as defined by the CCPA/CPRA) your personal information.
- Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.
To submit a request, email privacy@s-tier.ai. We may need to verify your identity before processing the request.
10. International Data Transfers
Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We take appropriate safeguards (such as standard contractual clauses where applicable) to ensure your data is protected in accordance with this Privacy Policy and applicable law.
11. Data Security
We implement technical and organizational measures designed to protect your personal information, including:
- Encrypted data transmission (HTTPS/TLS).
- HTTP-only, secure, SameSite cookies for session management.
- Parameterized database queries to prevent injection attacks.
- Firebase-managed password hashing (never stored in plaintext).
- Server-side authentication verification on every API request.
- Subscription-based rate limiting on AI features.
No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
12. Children's Privacy
The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@s-tier.ai.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where required by law, by sending you an email or displaying a notice within the Service. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: privacy@s-tier.ai