Effective date: January 1, 2026 · Last updated: May 2026
Great Northern Gains ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
Lawful Basis for Processing (GDPR)
If you are located in the European Union or EEA, we process your personal data under the following lawful bases:
Contract performance (Art. 6(1)(b)): Processing necessary to deliver your coaching subscription, workout programs, and nutrition plans.
Legitimate interest (Art. 6(1)(f)): Monitoring program compliance and coaching effectiveness to improve service quality. We also rely on legitimate interest for analytics — specifically, understanding aggregate platform usage via Google Analytics to improve the service.
Explicit consent (Art. 6(1)(a) + Art. 9(2)(a)): Processing of special-category health data (height, weight, body composition, injuries, medications, dietary restrictions, allergies, and date of birth) collected during onboarding. You may withdraw consent at any time by requesting account deletion.
Marketing consent (Art. 6(1)(a)): If you opted in via our free tools, we may send fitness tips and offers. You may withdraw this consent at any time via the unsubscribe link in any marketing email.
1. Information We Collect
Account Information: When you register, we collect your name, email address, phone number, and date of birth.
Health and Fitness Data: As part of your coaching intake, we collect information including your height, weight, fitness goals, experience level, injuries, current medications, dietary restrictions, allergies, and any other health details you choose to share. This information is used exclusively to provide personalized coaching services.
Usage Data: We collect data about how you use the platform, including workout logs, nutrition entries, check-in submissions, and compliance scores. This data is used to track your progress and improve coaching quality.
Communication Data: Messages exchanged with your coach through the platform are stored to maintain coaching continuity.
Payment Data: Payments are processed by Stripe. We do not store your full payment card information. We receive confirmation of payment status and a Stripe customer ID.
Device Data: If you install the app or enable push notifications, we store a push subscription token associated with your account.
Analytics Data: We use Google Analytics 4 (GA4) on this platform. Google Analytics collects information such as your IP address, device type, browser, operating system, pages visited, time spent on the site, and general geographic location. This data is transmitted to and stored by Google. Google may use this data in accordance with its own privacy policy.
2. How We Use Your Information
To deliver and personalize your coaching program
To process subscription payments and manage your account
To communicate with you about your program, check-ins, and important account updates
To send push notifications (only if you opt in)
To analyze platform usage via Google Analytics and improve the service
To comply with legal obligations
To send fitness tips, exclusive offers, and updates — only if you explicitly opted in via our free tools. You may unsubscribe at any time.
3. Data Sharing
We share your information with the following categories of third parties:
Google Analytics: We use Google Analytics 4 to understand how the platform is used. Analytics data (including device identifiers, IP address, and usage behavior) is transmitted to Google LLC and may be used by Google for its own purposes, including improving Google's products and services. Under the California Consumer Privacy Act (CCPA), this data sharing may constitute a "sale" or "sharing" of personal information. See the CCPA section below for your opt-out rights.
Supabase: Our database and authentication provider. Data is stored in the US (us-east-2). Supabase Privacy Policy.
MailerSend: Transactional email delivery. Emails may contain your name and coaching-related content.
Cloudflare: Website hosting and CDN. No personal data is shared beyond standard request metadata.
Your coaching health data (workout logs, meal plans, check-ins, health intake information, and messages) is never sold or shared with any third party for commercial purposes. We may disclose your information if required by law, court order, or to protect the rights and safety of Great Northern Gains or others.
4. Data Retention
We retain your data according to the following schedule:
Active accounts: All data retained for the duration of your subscription.
Post-cancellation: Personal data retained for 90 days, then permanently deleted. Aggregated, anonymized usage statistics may be retained indefinitely.
Messages: Automatically archived after 30 days (messages remain accessible). Permanently deleted 90 days after account cancellation.
Deletion requests: Processed within 30 days of submission.
You may request deletion of your account and all associated data at any time via your portal Settings or by emailing jonathonstotler@gmail.com.
5. Your Rights
You have the right to:
Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and personal data
Portability: Request your data in a machine-readable format
Opt-out: Disable push notifications at any time in your portal settings
Object / Restrict: Request that we stop or limit processing of your data in certain circumstances
Withdraw consent: Withdraw marketing email consent at any time (unsubscribe link in every marketing email)
Lodge a complaint: If you are in the EU/EEA, you have the right to lodge a complaint with your national data protection supervisory authority (e.g., your country's DPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request disclosure of the categories and specific pieces of personal information we collected about you in the past 12 months, the sources, the business purpose, and the categories of third parties with whom we shared it.
Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale or Sharing: We share analytics data (device identifiers, IP address, browsing behavior) with Google via Google Analytics. Under CCPA's broad definition, this may constitute a "sale" or "sharing" of personal information. You may opt out by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser's cookie settings to block analytics cookies (_ga, _ga_*). Your coaching health data (meal plans, workout logs, check-ins, messages) is never sold.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, email jonathonstotler@gmail.com with the subject line "CCPA Request" and your full name and email address. We will respond within 45 days.
6. Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), row-level security on all database tables, and hashed passwords via Supabase Auth. No system is 100% secure; please use a strong, unique password for your account.
7. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately.
8. Cookies and Tracking
We use the following types of cookies and similar technologies:
Essential cookies: Supabase Auth session tokens stored in your browser's localStorage. These are required for the service to function and cannot be disabled.
Analytics cookies: Google Analytics 4 sets cookies including _ga and _ga_* to distinguish users and track usage sessions. These cookies persist for up to 2 years. You may opt out using the Google Analytics Opt-out Browser Add-on or by blocking analytics cookies in your browser settings.
We do not use advertising or retargeting cookies.
Data Controller
Great Northern Gains is operated by Jonathon Stotler, Wasilla, Alaska, USA. For privacy questions, data requests, or to exercise your rights: jonathonstotler@gmail.com
Changes to This Policy
We may update this Privacy Policy. We will notify you of significant changes via email or in-app notice at least 30 days before changes take effect. Your continued use after the effective date constitutes acceptance.