The Trellis Way ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect information in several ways to provide and improve the Service:

a. Account Information

When you create an account, we collect:

• Name and email address
• Password (stored in encrypted form)
• Date of birth
• Profile photo (optional)
• Payment information (processed securely by our third-party payment processor)

b. Health and Fitness Data

To personalize your experience, we may collect:

• Height, weight, and body measurements
• Fitness goals and experience level
• Dietary preferences, restrictions, and food allergies
• Exercise history and workout logs
• Progress photos (stored securely and only visible to you unless you choose to share)
• Daily check-in data (mood, energy levels, sleep quality)
• Menstrual cycle data (if voluntarily provided for cycle-aware programming)
• Medical conditions or injuries disclosed during the assessment

c. Device and Usage Information

We automatically collect certain information when you use the Service:

• Device type, operating system, and browser type
• IP address and general location data (city/region level)
• App usage patterns and feature interactions
• Crash reports and performance data
• Referring URLs and pages visited

d. Community and Communication Data

• Community posts, comments, and interactions
• Support communications and feedback
• Survey responses

2. How We Use Your Information

We use the information we collect to:

• Provide and personalize the Service: Generate customized meal plans, training programs, and macro calculations based on your profile and goals
• Track your progress: Display your fitness journey including weight trends, measurements, and workout history
• Improve the Service: Analyze usage patterns to enhance features, fix bugs, and develop new functionality
• Communicate with you: Send account notifications, program reminders, support responses, and optional marketing communications
• Process payments: Handle one-time purchases and refund requests
• Ensure safety and security: Detect and prevent fraud, abuse, and unauthorized access
• Comply with legal obligations: Fulfill legal requirements and respond to lawful requests
• Aggregate analytics: Create anonymized, aggregated data sets for research and platform improvement (individual users cannot be identified from this data)

3. Data Sharing and Disclosure

We do not sell your personal data to third parties. We will never sell, rent, or trade your personal information, including your health and fitness data, to advertisers, data brokers, or any other third parties for their marketing purposes.

We may share your information only in the following limited circumstances:

• Service providers: We work with trusted third-party providers who assist us in operating the Service (e.g., payment processing, cloud hosting, email delivery, analytics). These providers are contractually obligated to protect your data and use it only to perform services on our behalf.
• Legal requirements: We may disclose your information when required by law, legal process, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With your consent: We may share your information when you explicitly consent to such sharing (e.g., sharing a progress post in the community).

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential cookies: Maintain your login session and remember your preferences
• Analytics cookies: Understand how users interact with the Service so we can improve it
• Performance cookies: Monitor the speed and performance of the Service

We do not use advertising or targeted marketing cookies. You can control cookie settings through your browser preferences. Disabling essential cookies may impact the functionality of the Service.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account data: Retained for the duration of your account and deleted within 30 days of account deletion request
• Health and fitness data: Retained as long as your account is active. Deleted upon account deletion or upon your specific request
• Payment records: Retained for up to 7 years as required for tax and accounting purposes
• Usage and analytics data: Retained in anonymized form and may be kept indefinitely for analytical purposes
• Community posts: Retained until you delete them or request their removal. Note that other users may have seen or interacted with your posts prior to deletion

Health Data Retention & Handling

We collect and store health-related data including cycle tracking information, pregnancy status, training logs, and nutrition data. This data is retained while your account is active and is used to provide personalized recommendations. Upon account deletion, all health data is permanently removed within 30 days. You may request data deletion at any time through your account settings or by contacting privacy@thetrellisway.com.

We treat health-related data with special care, including:

• Menstrual cycle data: Cycle dates, phase information, and symptoms are retained only while your account is active and cycle tracking is enabled. You may disable cycle tracking at any time in your profile settings.
• Pregnancy & postpartum status: Due dates, delivery type, OB-GYN clearance status, and postpartum recovery data are retained only while your account is active.
• Body measurements & composition: Height, weight, waist/hip/neck measurements, and body fat estimates are retained for the duration of your account.
• Training & nutrition logs: Workout history, meal plans, and dietary restriction data are retained while your account is active.

Upon account deletion, all health data is permanently removed within 30 days. We do not retain de-identified copies of individual health records after account deletion.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data, subject to certain legal exceptions
• Export: Request a portable copy of your data in a commonly used, machine-readable format (e.g., CSV or JSON)
• Restriction: Request restriction of processing of your personal data in certain circumstances
• Objection: Object to processing of your personal data for certain purposes
• Withdraw consent: Withdraw your consent at any time where we rely on consent as the legal basis for processing

To exercise any of these rights, please contact us at support@thetrellisway.com. We will respond to your request within 30 days. You may also manage some of these settings directly in your account dashboard.

7. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information.

Users between the ages of 13 and 17 may use the Service only with verifiable parental or guardian consent. Parents or guardians who believe their child has provided us with personal information without their consent should contact us at support@thetrellisway.com.

8. Security Measures

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing and storage
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal data on a need-to-know basis
• Secure cloud infrastructure with reputable hosting providers
• Incident response procedures for potential data breaches

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest reasonable standard of data protection.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Provide notice through the Service (e.g., in-app notification or banner)
• Send an email notification to registered users for significant changes

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to opt out of sale: We do not sell personal information. However, you have the right to opt out if our practices change in the future.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your California privacy rights, contact us at support@thetrellisway.com or use the data management tools in your account settings.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR including: the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, contact us at privacy@thetrellisway.com. We will respond within 30 days.

• Legal basis for processing: We process your data based on: (a) your consent, (b) the necessity to perform our contract with you, (c) our legitimate interests, or (d) compliance with legal obligations.
• Data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.
• International transfers: If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11a. Brazil Privacy Rights (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD). Contact us to exercise your data protection rights.

11b. General Data Protection Compliance

We comply with applicable data protection laws in all jurisdictions where we operate. If local law provides you with additional rights beyond what is described in this policy, those rights are preserved.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: