Privacy Policy

Effective: April 24, 2026

BeStrong Powerlifting LLC ("BeStrong HQ," "we," "our," or "us") provides powerlifting coaching analytics software at bestronghq.com and its subdomains (the "Service"). This Privacy Policy explains what data we collect, how we use it, and the choices you have.

We designed the Service with a simple principle: a coach's training data belongs to the coach, an athlete's data belongs to the athlete, and we are the custodian — not the owner — of what you put in.

If you have questions, contact us at privacy@bestronghq.com.

1. Who this policy covers

  • Visitors to our public marketing pages at bestronghq.com
  • Coaches who create an account on a BeStrong HQ tenant and use the app
  • Athletes whose profiles are created by their coach inside the app
  • Users of any additional service we offer under the bestronghq.com domain

Different sections apply to different groups. We'll call out which is which where relevant.

2. What we collect

2.1 Information you give us

When visiting our site, you may submit:

  • Your email address, if you subscribe to updates or contact us
  • Messages you send via contact forms

When creating a coach account, we collect:

  • Your name, email address, and profile picture from Google (via Google Sign-In — see Section 6 for specifics)
  • Billing information if you subscribe to a paid plan (see Section 5: Stripe)

When using the app as a coach, you enter:

  • Information about athletes you coach (name, email, sex, bodyweight, weight class, competition history, training maxes)
  • Training programs, session logs, exercise data, rep maxes
  • Wellness and subjective entries athletes log (sleep, stress, mood)
  • Optional notes and comments

Google Drive access (optional): if you connect Google Drive, we receive a scoped OAuth token that lets us read the training program spreadsheets you share with the Service. See Section 6.2.

2.2 Information collected automatically

When you visit any page on bestronghq.com, our servers and service providers may automatically log:

  • IP address
  • Browser type and version, operating system, device type
  • Pages viewed, referring site, time of visit
  • Session cookies to keep you signed in

We use this for security monitoring, error diagnosis, and basic analytics. We do not sell or share this information for advertising.

2.3 Information we do NOT collect

  • We do not request, store, or process any financial card numbers — those are handled entirely by Stripe (see Section 5).
  • We do not use third-party advertising cookies or tracking pixels.
  • We do not scan or index the contents of your Google Drive beyond the training-program spreadsheets you explicitly share with the Service.

3. How we use your information

  • To run the Service — parse spreadsheets, render charts, send notifications, show your athletes to you and only you.
  • To keep you signed in — session cookies tied to your account.
  • To communicate with you — service notices, billing receipts, and replies to support requests. We do not send marketing email without your explicit opt-in.
  • To keep the Service secure — detect abuse, investigate errors, enforce our Terms.
  • To meet legal requirements — respond to lawful requests, keep audit logs for security purposes.

We do not sell your personal information. We do not share it with advertisers. We do not train machine-learning models on your training data.

4. Tenant isolation

BeStrong HQ is multi-tenant. Each coaching team ("tenant") has its own database and its own subdomain ({teamname}.bestronghq.com). A coach on one tenant cannot see another tenant's athletes, programs, or any other data, even if the two teams share a coach by email.

The platform operator (BeStrong Powerlifting LLC) can access tenant databases for support, billing, and incident response. Every such access is logged.

5. Third-party services we share data with

We share the minimum necessary data with a short list of service providers whose privacy practices we trust:

  • Google LLC — OAuth sign-in (name, email, profile picture); optional Drive access for spreadsheet parsing. Google's Privacy Policy.
  • Stripe, Inc.— billing and payment processing for paid tenants. We store only Stripe's subscription identifier; all card data lives at Stripe. Stripe's Privacy Policy.
  • Sentry (Functional Software, Inc.) — error and crash reporting. May receive technical details of errors, including your user ID and the URL that triggered the error. Does not receive training data. Sentry's Privacy Policy.
  • GoDaddy.com, LLC — domain registration.
  • Oplink Communications, LLC — server hosting.

We do not sell, rent, trade, or otherwise transfer your personal information to any other party.

We may disclose information if legally compelled (subpoena, court order) or to protect the rights, property, or safety of BeStrong HQ or its users.

6. Google user data

This section applies specifically to data obtained through Google Sign-In and Google Drive access.

6.1 Sign-In (identity)

When you sign in with Google, we receive:

  • Your Google account email address
  • Your name
  • Your profile picture URL

We use this exclusively to:

  • Identify you across sessions
  • Display your name and avatar inside the app
  • Associate actions you take with your account

We do not sell, share, or transfer this information to any other party for advertising, profiling, or any purpose other than providing the Service you signed up for.

6.2 Google Drive access

If a coach chooses to connect Google Drive, we request the .../auth/drive scope. We use this access solely to:

  • List folders you select for program tracking
  • Read training program spreadsheets you organize into those folders
  • Download those spreadsheets so we can parse their contents

We do not read, modify, or delete any Google Drive files outside the folders and files you associate with the Service. We do not use Drive content for training AI models. You can revoke our access at any time via your Google Account permissions, or by disconnecting Drive inside the app.

6.3 Limited Use disclosure

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide or improve user-facing features that are prominent in the Service.
  • We do not transfer Google user data to third parties except as necessary to provide or improve these features, comply with the law, or as part of a merger or acquisition (with notice to you).
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless we have your affirmative consent for specific messages, doing so is necessary for security (e.g., investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized.

7. Cookies

We use a small number of cookies:

  • Session cookies — keep you signed in between page loads. Deleted when you sign out or close your browser.
  • Tenant fingerprint cookies— verify you're seeing the correct tenant's data after you navigate.

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking.

8. How long we keep your data

  • Account data (name, email, profile picture): as long as your account is active. Deleted within 30 days of account closure.
  • Training data (athletes, programs, logs): as long as the owning tenant is active. If a tenant is deleted or closed, all associated data is deleted within 90 days, except for backups which age out within 365 days.
  • Server logs: 90 days, then purged.
  • Billing records: retained for 7 years to satisfy tax and accounting obligations (required by law).

You can request deletion at any time — see Section 10.

9. How we protect your data

  • All data in transit is encrypted (HTTPS / TLS).
  • Tenant databases are isolated at the storage layer.
  • Access to production systems is limited and logged.
  • We follow industry best practices for password storage, session management, and credential rotation.

No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you consistent with applicable law.

10. Your rights

10.1 All users

You can, at any time:

  • Ask us what personal information we have about you
  • Ask us to correct inaccurate information
  • Ask us to delete your account and associated personal information
  • Export your training data in a machine-readable format
  • Revoke Google Drive access via your Google Account permissions

To exercise any of these rights, email privacy@bestronghq.com.

10.2 California residents (CCPA/CPRA)

If you are a California resident, in addition to the rights above, you have the right to:

  • Know what categories of personal information we collect and the business or commercial purpose for collecting it
  • Know whether we sell or share your personal information (we do not)
  • Opt out of the sale or sharing of your personal information (there is nothing to opt out of — we do not sell or share it)
  • Non-discrimination for exercising your rights

To exercise these rights, email privacy@bestronghq.com with the subject line "California Privacy Request."

10.3 EU / UK / EEA residents (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion
  • Object to or restrict processing
  • Request portability of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

The legal bases we rely on:

  • Contract — to provide the Service you signed up for
  • Legitimate interest — security, fraud prevention, product improvement
  • Consent — for optional features like Google Drive access
  • Legal obligation — billing records, lawful requests

BeStrong Powerlifting LLC is the data controller. Email privacy@bestronghq.com to exercise any of these rights.

11. International data transfers

BeStrong HQ is operated from the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the US. Where required by law, we rely on appropriate safeguards for these transfers (Standard Contractual Clauses or equivalent).

12. Children

BeStrong HQ is designed for adult coaches managing adult and youth athletes. If an athlete under 13 has a profile created by their coach, that coach is responsible for obtaining parental consent where required under the Children's Online Privacy Protection Act (COPPA) or equivalent. We do not knowingly collect data directly from children under 13.

If you believe a child under 13 has provided us personal information without parental consent, email privacy@bestronghq.com and we will delete that information.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a prominent notice in the app before the changes take effect. The "Effective" date at the top of this page will be updated.

14. Contact and governing law

BeStrong Powerlifting LLC
Texas, United States
privacy@bestronghq.com

This Privacy Policy is governed by the laws of the State of Texas, without regard to its conflict-of-law principles.