Effective date: January 1, 2026 · Last updated: May 2026
Great Northern Gains ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
Lawful Basis for Processing (GDPR)
If you are located in the European Union or EEA, we process your personal data under the following lawful bases:
Contract performance (Art. 6(1)(b)): Processing necessary to deliver your coaching subscription, workout programs, and nutrition plans.
Legitimate interest (Art. 6(1)(f)): Monitoring program compliance and coaching effectiveness to improve service quality.
Explicit consent (Art. 6(1)(a) + Art. 9(2)(a)): Processing of special-category health data (height, weight, body composition, injuries, dietary restrictions, allergies, and date of birth) collected during onboarding. You may withdraw consent at any time by requesting account deletion.
Marketing consent (Art. 6(1)(a)): If you opted in via our free tools, we may send fitness tips and offers. You may withdraw this consent at any time via the unsubscribe link in any marketing email.
1. Information We Collect
Account Information: When you register, we collect your name, email address, phone number, and date of birth.
Health and Fitness Data: As part of your coaching intake, we collect information including your height, weight, fitness goals, experience level, injuries, dietary restrictions, and allergies. This information is used exclusively to provide personalized coaching services.
Usage Data: We collect data about how you use the platform, including workout logs, nutrition entries, check-in submissions, and compliance scores. This data is used to track your progress and improve coaching quality.
Communication Data: Messages exchanged with your coach through the platform are stored to maintain coaching continuity.
Payment Data: Payments are processed by Stripe. We do not store your full payment card information. We receive confirmation of payment status and a Stripe customer ID.
Device Data: If you install the app or enable push notifications, we store a push subscription token associated with your account.
2. How We Use Your Information
To deliver and personalize your coaching program
To process subscription payments and manage your account
To communicate with you about your program, check-ins, and important account updates
To send push notifications (only if you opt in)
To analyze aggregate usage trends for platform improvement (anonymized data only)
To comply with legal obligations
To send fitness tips, exclusive offers, and updates — only if you explicitly opted in via our free tools. You may unsubscribe at any time.
3. Data Sharing
We do not sell your personal data. We share your information only with the following categories of third parties:
Supabase: Our database and authentication provider. Data is stored in the US (us-east-2). Supabase Privacy Policy.
MailerSend: Transactional email delivery. Emails may contain your name and coaching-related content.
Cloudflare: Website hosting and CDN. No personal data is shared beyond standard request metadata.
We may disclose your information if required by law, court order, or to protect the rights and safety of Great Northern Gains or others.
4. Data Retention
We retain your data according to the following schedule:
Active accounts: All data retained for the duration of your subscription.
Post-cancellation: Personal data retained for 90 days, then permanently deleted. Aggregated, anonymized usage statistics may be retained indefinitely.
Messages: Automatically archived after 30 days (messages remain accessible). Permanently deleted 90 days after account cancellation.
Deletion requests: Processed within 30 days of submission.
You may request deletion of your account and all associated data at any time via your portal Settings or by emailing jonathonstotler@gmail.com.
5. Your Rights
You have the right to:
Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and personal data
Portability: Request your data in a machine-readable format
Opt-out: Disable push notifications at any time in your portal settings
Object / Restrict: Request that we stop or limit processing of your data in certain circumstances
Withdraw consent: Withdraw marketing email consent at any time (unsubscribe link in every marketing email)
Lodge a complaint: If you are in the EU/EEA, you have the right to lodge a complaint with your national data protection supervisory authority (e.g., your country's DPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
Right to Know: You may request disclosure of the categories and specific pieces of personal information we collected about you in the past 12 months, the sources, the business purpose, and the categories of third parties with whom we shared it.
Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale: We do not sell your personal information. We do not share it for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, email jonathonstotler@gmail.com with the subject line "CCPA Request" and your full name and email address. We will respond within 45 days.
6. Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), row-level security on all database tables, and hashed passwords via Supabase Auth. No system is 100% secure; please use a strong, unique password for your account.
7. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately.
8. Cookies
We use only essential cookies required for authentication (Supabase Auth session tokens stored in localStorage). We do not use tracking or advertising cookies.
Data Controller
Great Northern Gains is operated by Jonathon Stotler, Wasilla, Alaska, USA. For privacy questions, data requests, or to exercise your rights: jonathonstotler@gmail.com
Changes to This Policy
We may update this Privacy Policy. We will notify you of significant changes via email or in-app notice at least 30 days before changes take effect. Your continued use after the effective date constitutes acceptance.