Legal
Privacy Policy
Last updated: June 13, 2026
This Privacy Policy explains what information Gainsplain collects, how we use and share it, how long we keep it, and the choices and rights you have. By using Gainsplain, you agree to the practices described here.
01Overview
Gainsplain (“we,” “us,” or “our”) operates an AI fitness assistant that answers questions using peer-reviewed research. We are based in the Commonwealth of Virginia, United States. This policy applies to information we process through our website and chat service (the “Service”). It does not apply to third-party services we link to, which have their own privacy practices.
02Information we collect
We collect the following categories of information:
- Account information. Your email address, display name, and authentication identifiers. If you sign in with Google, we receive basic profile information from Google as permitted by your Google settings.
- Phone verification. To prevent abuse, we verify a mobile phone number during onboarding. We store the phone number only in a hashed (irreversible) form for deduplication, together with the carrier-type result from our verification provider. We do not retain your phone number in plain text after verification.
- Chat content. The questions you submit and the AI responses you receive, stored as your conversation history (up to a capped number of recent conversations) and associated with your account.
- Usage & subscription data. Query counts, plan tier, billing status, reset dates, and similar account-state information. Your preferred unit system (metric/imperial) and other profile preferences.
- Payment information. When you subscribe, payment is processed by Stripe. We receive limited billing metadata (such as subscription status and customer/subscription identifiers) but do not collect or store your full payment-card numbers.
- Device & anti-abuse signals. Your IP address — which we store only as a hashed value for rate-limiting and abuse prevention. This is used only for security, not advertising.
- Technical & log data. Standard server and security logs such as request timestamps, error events, and approximate technical details needed to operate and protect the Service.
03How we use information
We use the information above to:
- Provide, operate, and maintain the Service and generate responses to your queries;
- Authenticate you, manage your account, and store your conversation history;
- Process subscriptions, billing, and quota enforcement;
- Verify phone numbers and detect, prevent, and investigate fraud and abuse (including multi-accounting);
- Maintain the security, integrity, and reliability of the Service;
- Respond to your requests and provide support;
- Comply with legal obligations and enforce our Terms & Conditions.
We do not sell your personal information, and we do not use your chat content to serve advertising.
04AI processing of your chats
To answer your questions, the content of your messages (and relevant conversation context) is sent to our third-party AI provider for embedding and response generation, and to our vector database to retrieve relevant research. This processing is necessary to provide the Service.
We do not use your chat content to train third-party foundation models, and we instruct our AI provider not to use your content to train their models. To improve performance and reduce cost, anonymized, normalized representations of common questions may be cached for a limited period; cached entries are tied to the query text, not to your identity.
06Service providers we use
We rely on the following key providers to operate the Service. Each processes data only as needed to provide its function:
- Supabase — authentication, database, and storage of account and conversation data.
- OpenAI — embeddings and AI response generation from your queries.
- Stripe — subscription payment processing.
- Twilio — SMS phone-number verification and carrier lookup.
- Upstash — caching of common query responses.
- Vercel — application hosting, delivery, and edge rate-limiting.
These providers may process data in the United States and other countries. Their own privacy policies govern their handling of data.
07Data retention
We retain your account information for as long as your account is active. Your conversation history is retained subject to a cap on the number of recent conversations; older conversations are automatically deleted once the cap is exceeded, and you may delete individual conversations at any time.
When you delete your account, we hard-delete your conversations and profile, cancel any active subscription, and delete your authentication record. Certain limited records (such as hashed anti-abuse signals or records we must keep for legal, tax, or fraud-prevention purposes) may be retained for a longer period as permitted or required by law.
08Security
We use technical and organizational measures designed to protect your information, including row-level access controls, server-side handling of secrets, hashing of phone numbers and IP addresses, and encrypted transport. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
09Your privacy rights
Depending on where you live — including under the Virginia Consumer Data Protection Act (VCDPA), the California Consumer Privacy Act (CCPA/CPRA), and similar U.S. state laws — you may have the right to:
- Access or obtain a copy of the personal information we hold about you;
- Correct inaccurate personal information;
- Delete your personal information;
- Obtain a portable copy of certain information you provided;
- Opt out of the sale or sharing of personal information, or targeted advertising — note that we do not sell or share your information for these purposes;
- Not be discriminated against for exercising your rights.
You can exercise many of these rights directly in the app: edit your profile, delete individual conversations, or permanently delete your account from your profile settings. For any other request, contact us at support@gainsplain.com. We will verify your request using your account credentials and respond within the timeframe required by applicable law. You may appeal a denied request by replying to our decision, and you may have the right to contact the Virginia Attorney General or your state regulator.
11Children
The Service is intended only for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it. If you believe a minor has provided us information, contact us at support@gainsplain.com.
12International users
We are based in the United States and process information there. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States and other countries, which may have data-protection laws different from those in your jurisdiction. By using the Service, you consent to this transfer and processing.
13Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14Contact
For questions about this Privacy Policy or to exercise your rights, contact us at support@gainsplain.com.
