Privacy Policy

v5.0

Last updated: July 14, 2026

DrivePhase LLC ("DrivePhase," "Company," "we," "us," or "our"), an Indiana single-member limited liability company governed by its managing member, provides an athletic performance app for sprint analysis, AI form feedback, DrivePhase Intelligence, nutrition tracking, training guidance, reminders, subscriptions, and related services (collectively, the "Service"). DrivePhase is a single-user app: it does not have public profiles, social feeds, friends, followers, discovery, or in-app messaging, and your account and information are private to you.

This Privacy Policy explains what information we collect, how we use it, how we share it, how long we keep it, and the choices you have. This Privacy Policy is incorporated into our Terms of Service.

DrivePhase is offered only to residents of the United States. See Section 11 (Geographic Scope — United States Only).

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, DO NOT USE DRIVEPHASE.

Table of Contents

DrivePhase LLC ("DrivePhase," "Company," "we," "us," or "our"), an Indiana single-member limited liability company governed by its managing member, provides an athletic performance app for sprint analysis, AI form feedback, DrivePhase Intelligence, nutrition tracking, training guidance, reminders, subscriptions, and related services (collectively, the "Service"). DrivePhase is a single-user app: it does not have public profiles, social feeds, friends, followers, discovery, or in-app messaging, and your account and information are private to you.

This Privacy Policy explains what information we collect, how we use it, how we share it, how long we keep it, and the choices you have. This Privacy Policy is incorporated into our Terms of Service.

DrivePhase is offered only to residents of the United States. See Section 11 (Geographic Scope — United States Only).

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, DO NOT USE DRIVEPHASE.

Defined Terms

  • "Service" means the DrivePhase mobile application, website, and related services.
  • "User Content" means videos, images, audio, food photos, messages, prompts, notes, and other content you create, upload, or transmit through the Service.
  • "Pose Data" / "Biometric-Derived Data" means the body-geometry data derived from your sprint videos, including 33-point skeletal pose landmarks, derived joint and limb angles, and the derived per-frame body-geometry coordinate time-series (for example, ankle and body-center pixel coordinates) described in Section 12.
  • "Consumer Health Data" means personal information that identifies your past, present, or future physical or mental health status, including the fitness, performance, nutrition, body-measurement, readiness, and related data described in Section 13.

We collect information directly from you, automatically from your use of the Service, from your device with permission, from app-store and authentication providers, and from third-party services used to operate DrivePhase.

1.1 Account and Authentication Information

  • Email address
  • Name, display name, and username
  • Password credentials through Supabase Auth; passwords are not stored by DrivePhase in plaintext
  • Optional phone number for phone authentication
  • Google or Apple sign-in profile information if you choose those login methods
  • Authentication metadata, session status, account status, trial status, and security events
  • Your confirmation that you are at least 13 years old, and parental or guardian approval if you are under 18 (we do not collect a date of birth or age at sign-up)
  • Legal acceptance timestamps for Terms, Privacy Policy, and Community Guidelines

1.2 Profile and Athlete Information

  • Profile photo, banner image, bio, sport, event, training background, competition level, goals, and personal records
  • Optional age, height, weight, city, state, and general athletic background
  • Optional city and state you type into your profile (we do not access your device's GPS or precise location)
  • Notification, marketing, and analytics preferences
  • Workout Mode roster data you create — the free-text athlete names and group labels you enter to organize your own training sessions (see Section 3.2)
  • Feedback and support requests you submit, and any safety or moderation records related to your account or to the content you submit, where applicable

1.3 Videos, Images, Audio, and Other User Content

  • Sprint videos you record, import, upload, or save
  • Annotated videos, video thumbnails, video titles, tags, notes, collections, favorites, weather/location labels, and video metadata
  • Profile photos, profile banners, and other images you upload
  • Food photos and product images you submit for nutrition analysis or logging
  • Messages and prompts you submit to DrivePhase Intelligence, shareable stat cards and other content you choose to export or share, and support and feedback requests
  • Audio captured as part of sprint videos if microphone recording is enabled
  • Voice input for speech-to-text features. Raw voice-to-text audio is handled by the operating system speech service where available; DrivePhase receives the resulting text, not the raw speech audio

1.4 Sprint Analysis and Biometric-Derived Data

When you upload or analyze sprint videos, DrivePhase generates:

  • Frame count, frame rate, clips, thumbnails, and annotated output
  • 33-point skeletal pose landmarks, derived joint and limb angles, and a derived per-frame body-geometry coordinate time-series (for example, ankle and body-center pixel coordinates)
  • Derived metrics such as hip angle, shin angle, torso lean, ground contact time, stride/phase detection, acceleration estimates, velocity estimates, scores, quality metrics, and trend data
  • Sprint analysis feedback, analysis reports, AI-generated summaries, and metric insights

Important — how this data is handled. Raw, full-resolution video frames are processed transiently to perform analysis. DrivePhase then retains the derived sprint metrics and a derived body-geometry coordinate time-series (the Biometric-Derived Data) for the duration of your account, subject to the written retention-and-destruction schedule in Section 12. This data is never used to identify you (no facial recognition, no identity verification) and is never sold. Some jurisdictions may treat body-geometry or pose-derived measurements as biometric or sensitive information. See Section 12.

1.5 AI, Intelligence, Memory, and Reminder Data

DrivePhase Intelligence and other AI features may collect or process:

  • User prompts, chat messages, questions, corrections, and feedback
  • AI responses, conversation history, source messages, saved memories, stable athlete facts, artifacts, reminders, tasks, recurrence rules, and notification lifecycle status
  • Compact app context used to answer a request, such as recent sprint metrics, training profile, goals, workouts, nutrition summaries, readiness check-ins, race calendar context, saved memories, and tool outputs
  • AI usage metadata such as model, token counts, cost estimates, rate limits, quotas, timestamps, and safety or quality flags
  • Pro-only web search queries and search results when Intelligence web search is used

1.6 Nutrition and Food Data

Nutrition features may collect or generate:

  • Meal logs, food names, serving sizes, calories, macronutrients, micronutrients, fiber, sugar, sodium, saturated fat, hydration, meal timing, notes, and meal photos
  • Food search queries, barcode numbers, brand and product names, product images, nutrition label reviews, food corrections, saved meals, favorite foods, recent foods, athlete foods, and food-source metadata
  • Nutrition goals, body weight used for macro calculations, preferences, race-day protocols, protocol outcomes, insights, usage counters, quality events, reminders, streaks, and disclaimer acceptance
  • AI nutrition estimates and corrections

Nutrition data is for performance tracking and educational purposes only. It is not medical advice.

1.7 Training, Readiness, Calendar, and Performance Data

Training features may collect or generate:

  • Training profile, competition events, primary event, season phase, goal race date, experience level, training age, training days, preferred days, facilities, equipment, strengths, weaknesses, limitations, injury history, notes, and schedule constraints
  • Generated plans, weeks, workouts, sessions, templates, exercises, completions, progress, RPE, energy, technique feel, notes, modifications, and plan regeneration history
  • Daily check-ins such as sleep, soreness, energy, stress, readiness, recovery, and subjective notes
  • Race calendar, milestones, personal records, custom PRs, goals, trackers, caffeine, electrolytes, sodium, iron, sleep, protein timing, and meal timing

1.8 Billing, Subscription, and Purchase Data

DrivePhase may receive:

  • Subscription tier, entitlement status, trial status, renewal status, expiration date, purchase history, transaction identifiers, app-store product identifiers, and RevenueCat customer identifiers
  • App Store or Google Play purchase events needed to provide paid features

DrivePhase does not collect or store payment card numbers, bank account numbers, CVV codes, or full payment credentials. Payment details are handled by Apple, Google, and their payment processors.

1.9 Usage, Diagnostics, Security, and Device Data

We may collect:

  • App opens, feature usage, screen views, interactions, quota usage, subscription-gate interactions, onboarding progress, and product analytics events when analytics is configured
  • Device type, operating system, app version, platform, network status, IP address, request metadata, authentication events, rate-limit events, and abuse-prevention data
  • For account security and abuse prevention, hashed session identifiers, hashed device keys where available, hashed user-agent values, hashed coarse IP-prefix signals, request identifiers, endpoint metadata, response status, timing metadata, and rate-limit or quota decision metadata. We do not use these signals to accuse users of account sharing; they are used to detect suspicious abuse patterns, investigate security issues, and enforce usage limits where appropriate
  • Error logs, crash logs, stack traces, screen/context labels, app version, platform, device information, user ID, and user email where needed to diagnose issues
  • Security logs, admin/audit events, webhook events, abuse flags, and support records

1.10 Device Permissions

Depending on how you use the app, DrivePhase may request permission for:

  • Camera, for sprint video recording, barcode scanning, food photos, and profile/media capture
  • Microphone, for video audio and voice-to-text features
  • Photo or media library, for importing or saving sprint videos, photos, and analysis results
  • Speech recognition, for converting speech into text
  • Notifications, for local reminders and training or Intelligence notifications
  • Local storage, for offline cache, pending uploads, preferences, encrypted local databases, and app-private media

You can change device permissions through your operating system settings, but disabling permissions may limit features.

1.11 Local Device Storage

DrivePhase may store data on your device, including encrypted SQLite/SQLCipher databases, secure-storage keys, saved account-session shortcuts for account switching, SharedPreferences values, cached content, thumbnails, pending video files, temporary upload files, and app-private media. Some local files may rely on operating-system device encryption and app sandbox protections rather than SQLCipher.

1.12 Information We Do Not Intend to Collect

DrivePhase does not intend to collect:

  • Payment card numbers, CVV codes, bank account numbers, or full app-store payment credentials
  • Contacts or address book data
  • HealthKit or Google Fit data unless a future feature separately asks for permission
  • Fingerprints, iris scans, retina scans, voiceprints, face-recognition templates, or biometric identifiers for identification
  • Raw GPS coordinate history for tracking user movement
  • Data for third-party targeted advertising or sale to data brokers

We use information to:

  • Create, authenticate, secure, and manage accounts
  • Provide sprint analysis, video processing, annotated media, metrics, reports, and trends
  • Provide AI form feedback, DrivePhase Intelligence, nutrition recognition, training generation, reminders, tasks, artifacts, and saved memories
  • Provide nutrition, hydration, tracker, readiness, calendar, race-day, and workout features
  • Provide profile, Workout Mode roster, content export/sharing, feedback, and content-safety/moderation features
  • Process subscriptions, trials, entitlements, renewals, cancellations, restores, and billing support
  • Sync data across devices and store User Content
  • Provide support, respond to requests, and communicate service, security, legal, and billing updates
  • Monitor performance, reliability, crashes, errors, fraud, abuse, safety, and policy compliance
  • Enforce our Terms, Community Guidelines, subscriptions, rate limits, and legal rights
  • Comply with law, lawful requests, tax/accounting duties, regulatory obligations, and dispute-resolution requirements
  • Operate, evaluate, improve, test, and develop the Service using aggregated, anonymized, or de-identified data where appropriate

DrivePhase does not train its own machine-learning models on identifiable User Content. We do not sell your personal information, and we do not use your personal information for third-party targeted advertising.

3.1 Content You Choose to Export or Share

DrivePhase does not have public profiles, social feeds, friends, followers, discovery, "communities," or in-app messaging features. Your account, profile, videos, sprint metrics, nutrition, training, and other information are private to your account and are not visible to other DrivePhase users inside the app.

The only way your information leaves the app is when you choose to export or share it:

  • When you use your device's share sheet to send a shareable stat card, a downloaded video, or a referral code to another app or person, that content goes to the destination you select and is then handled by that destination, not by DrivePhase.
  • Content you export or share outside DrivePhase is handled by the destination you choose.

Your videos and other User Content are private to your account by default; DrivePhase does not make them visible to other users (see Section 8).

3.2 With Service Providers

We share information with service providers (processors) that help us operate DrivePhase, such as those listed in Section 4. They may process information only for the purposes of providing services to us, are bound by written contracts that restrict their use of personal information to those purposes, and are subject to their own privacy and security obligations. A data processing addendum is available to service providers and, where applicable law requires, to users on request by emailing support@drivephaseai.com.

Workout Mode (roster data you create). Workout Mode lets you create a private roster to organize your own training sessions. The athletes on your roster are free-text names and group labels that you type in — they are not linked to other DrivePhase accounts, are not invited or notified, and cannot see your data. Your roster is stored under your account and synced only to your own devices; it is not visible to anyone else. If you add information about another person (for example, an athlete's name) to your roster, you are responsible for having any necessary permission to do so, and, where that person is a minor, any required parental or guardian consent (see Section 8).

3.3 With App Stores and Billing Providers

We share subscription identifiers, entitlement data, transaction status, and related purchase metadata with Apple, Google, and RevenueCat as needed to sell, restore, validate, and manage subscriptions.

Refund requests (Apple App Store). When you request a refund from Apple for an App Store purchase, Apple may ask us for information to help it decide the request. In that case, we (through RevenueCat) provide Apple with limited account and usage information associated with the purchase — such as account tenure, purchase and refund history, subscription usage status, and whether the purchased content or service was delivered — as permitted by Apple's App Store Server API. Apple makes the refund decision; this information is used by Apple to inform that decision and is handled under Apple's privacy policy. By using the Service and agreeing to this Privacy Policy, you consent to this sharing.

3.4 For Legal, Safety, and Security Reasons

We may disclose information if we believe disclosure is reasonably necessary to:

  • Comply with applicable law, subpoena, court order, government request, or legal process
  • Enforce our Terms, Community Guidelines, or policies
  • Investigate fraud, abuse, security threats, prohibited content, or illegal activity
  • Protect the rights, property, or safety of DrivePhase, users, minors, athletes, coaches, or the public
  • Report CSAM, credible threats, or other illegal content where legally required or appropriate

3.5 Business Transfers

If DrivePhase is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be transferred as part of that transaction. We will provide notice if required by law.

3.6 Aggregated or De-Identified Data

We may use or share aggregated, anonymized, or de-identified data that cannot reasonably identify you for analytics, product improvement, research, business, or safety purposes.

DrivePhase currently uses or may use the following service providers depending on configuration, platform, and feature availability:

ProviderPurposeData Categories
SupabaseAuthentication (email/Google/Apple/phone), PostgreSQL database, storage, RPCs, and auth/session servicesAccount data, profile data, app data, media, auth metadata
Google Cloud PlatformBackend hosting, Cloud Run, builds, artifact storage, secrets, logging, and computeAPI requests, temporary processing data, backend logs
OpenAI APIAI form feedback, DrivePhase Intelligence, training generation, food photo recognition, summaries, and other AI featuresPrompts, AI context, food photos, sprint key-moment still images, derived sprint metrics, training/nutrition context
MediaPipe/OpenCV/FFmpegBackend video processing and biomechanical analysisSprint video frames processed transiently on DrivePhase backend infrastructure
Google ML KitOn-device pose/person lock-on and barcode/camera support where usedOn-device camera/video frames; not intended to be sent to Google by DrivePhase
FatSecretNutrition database search and food dataFood search queries and barcode/product data
USDA FoodData CentralPublic nutrition dataFood search queries
Open Food FactsCommunity nutrition database and barcode/product dataBarcode/product lookup data
Apple App StoreiOS subscriptions, trials, refunds, and account billingPurchase and subscription status handled by Apple
Google Play StoreAndroid subscriptions, trials, refunds, and account billingPurchase and subscription status handled by Google
RevenueCatSubscription entitlement management, app-store purchase synchronization, and responding to Apple refund-request inquiries with consumption data (see Section 3.3)App user ID, customer ID, entitlement, purchase, and subscription metadata; account tenure, usage status, and purchase/refund history shared with Apple for refund decisions
PostHogProduct analytics when configured (opt-out available)App events, screen/interactions, user ID, device/app metadata
SentryCrash and error reporting when configuredCrash/error reports, stack traces, device/app metadata, user context if available
ResendOperational, security, and admin email delivery when configuredEmail addresses and email contents needed for delivery
TavilyPro-only Intelligence web search when configuredSearch queries and search result data
Apple Speech / Google Speech ServicesDevice speech-to-text featuresSpeech/audio processed by the operating system provider, subject to OS settings and provider policies
Google Sign-In / Sign in with AppleAuthenticationName, email, profile identifiers, and OAuth metadata authorized by you

4.1 OpenAI API Data Handling

When DrivePhase uses OpenAI's API, DrivePhase sends only the content and context needed for the feature. Based on OpenAI's current API data controls, API inputs and outputs are not used to train OpenAI models. OpenAI may retain abuse-monitoring logs for up to 30 days by default unless different approved retention controls apply. Image and file inputs may be scanned for CSAM and may be retained for manual review if flagged.

Sprint video analysis may extract a small number of still images ("key moments") from your sprint video and send those still images to OpenAI's vision API to generate visual observations; DrivePhase does not stream your full raw video to OpenAI. Nutrition photo recognition may send food photos to OpenAI. DrivePhase Intelligence may send user prompts, compact app context, derived sprint metrics, saved memory snippets, and tool outputs.

4.2 Analytics, SDKs, and Tracking Technologies

DrivePhase is a native mobile application and does not use third-party advertising SDKs or cross-context behavioral tracking. The Service relies on a limited set of SDKs and identifiers to function:

  • PostHog (product analytics): records a limited set of in-app events (such as app opens, feature usage, and lifecycle events) tied to a DrivePhase user ID and device/app metadata. These analytics events do not include your health, nutrition, sprint, or biometric data. Analytics is first-party and is not used for advertising or cross-context behavioral tracking. You can ask us to stop associating product-analytics events with your account by emailing support@drivephaseai.com with the subject "Privacy Request."
  • Sentry (crash/error reporting): records crash and error reports, stack traces, and device/app context, including a user ID or email where needed to diagnose an issue.
  • RevenueCat (subscription identifiers): uses an app user ID and customer ID to synchronize your App Store / Google Play entitlements; it does not receive payment card data.

These tools use first-party and SDK-generated identifiers within the app rather than browser cookies, and we do not use them to track you across other companies' apps or websites. Because the Service is delivered as a native app and we do not engage in cross-context behavioral tracking, there is no browser-based ad-targeting to opt out of. On the DrivePhase website, we honor Global Privacy Control (GPC) signals as described in Section 7.2.

4.3 Third-Party Policies

Third-party services are governed by their own terms and privacy policies. We are not responsible for their independent privacy practices.

We retain information for as long as reasonably necessary to provide the Service, comply with law, resolve disputes, enforce agreements, maintain security, and operate our business. Retention specific to Biometric-Derived Data is governed by the schedule in Section 12; retention for Sensitive Personal Information is summarized in Section 10.8.

Data TypeGeneral Retention
Account and profile dataDuration of account, unless deletion or longer legal retention applies
Videos, images, annotations, and analysis resultsDuration of account, subject to plan limits, deletion, archival, and backup schedules
Free-tier videosUp to 3 saved videos; may be deleted on or after 7 days from upload, as described in the Terms and app UI (derived sprint metrics are retained)
Pro-tier videosRetained while the account and applicable storage rights remain active, unless deleted
Biometric-Derived Data (derived metrics + body-geometry coordinate time-series)Duration of account; in no event more than 3 years after your last interaction; deleted on account deletion (see Section 12)
Intelligence conversations, memories, tasks, reminders, and artifactsDuration of account or until deleted, unless legal/security retention applies
Nutrition, training, readiness, tracker, PR, and workout dataDuration of account or until deleted, unless legal/security retention applies
Subscription and purchase recordsAs needed for billing, entitlement, tax, accounting, fraud prevention, legal, and app-store requirements
Usage analyticsGenerally up to 24 months where feasible, unless aggregated, de-identified, or needed for security/legal reasons
Error, crash, security, and audit logsAs needed for diagnostics, security, fraud prevention, and legal compliance
Backup dataTypically purged on a delayed schedule, generally within 90 days after deletion where feasible
Aggregated, anonymized, or de-identified dataMay be retained indefinitely

Account deletion can be requested in-app (Settings > Account > Delete Account) or by emailing support@drivephaseai.com, and is generally processed within 30 days, subject to legal, security, backup, billing, dispute, and fraud-prevention exceptions.

We use technical, administrative, and organizational safeguards designed to protect information, including:

  • TLS encryption in transit
  • Cloud provider encryption at rest where provided by Supabase and Google Cloud
  • Supabase Auth password handling and authentication controls
  • Row-level security and access controls for user-owned data where implemented
  • Private storage buckets and signed access patterns for private media where implemented
  • App sandboxing, secure storage, and encrypted local databases for selected local data
  • Rate limiting, logging, monitoring, and abuse-prevention controls
  • Restricted access to production systems and service-role credentials

No system is perfectly secure. You are responsible for protecting your credentials, devices, and account access.

6.1 Security Incident Notification

If we become aware of a security incident that compromises the security, confidentiality, or integrity of your personal information, we will investigate promptly and take reasonable steps to mitigate it. Where required by applicable law, we will notify affected users and the appropriate regulators or authorities without undue delay and within the timeframes required by law. Because the Service handles health and fitness information, we acknowledge that our breach-notification obligations may include the U.S. Federal Trade Commission's Health Breach Notification Rule (16 C.F.R. Part 318), and we will provide notice to affected individuals, the FTC, and (where required) the media in accordance with that Rule and applicable state breach-notification laws. Notices will describe, to the extent known, what happened, the categories of information involved, the steps we are taking, and steps you can take to protect yourself. You can report a suspected vulnerability or incident to support@drivephaseai.com with the subject "Security."

Depending on your state of residence and applicable law, you may have rights to:

  • Access or know the personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information
  • Export or receive a portable copy of personal information
  • Opt out of sale, sharing for cross-context behavioral advertising, targeted advertising, or profiling that produces legal or similarly significant effects (note: DrivePhase does not sell or share personal information or conduct such profiling)
  • Limit the use or disclosure of sensitive personal information where applicable
  • Withdraw consent where processing is based on consent
  • Appeal a denied privacy request (see Section 10.6)

You can exercise rights by using in-app settings where available or by emailing support@drivephaseai.com with the subject "Privacy Request." This single email method is available to all eligible residents. We may verify your identity before completing a request, and we will not discriminate against you for exercising your rights (see Section 10.7).

7.1 In-App Controls

Where available, you can:

  • Edit profile information
  • Delete videos and content
  • Manage notification preferences
  • Opt out of product analytics or marketing by emailing support@drivephaseai.com (subject "Privacy Request")
  • Delete your account
  • Control device permissions through iOS, Android, or macOS settings

Disabling data processing or permissions may make some features unavailable.

7.2 Global Privacy Control and Do Not Track

We do not sell personal information and do not share personal information for cross-context behavioral advertising. Because DrivePhase is a native app that does not perform browser-based cross-context tracking, there is generally no opt-out signal for the app to honor. On the DrivePhase website, where legally required, we will treat a Global Privacy Control (GPC) signal as a valid opt-out of sale or sharing. We do not respond to browser "Do Not Track" signals, which lack a common standard.

DrivePhase is intended for users 13 and older and is not directed to children under 13. At sign-up we require you to confirm that you are 13 or older and, if you are under 18, that a parent or guardian has reviewed and approved your use of the Service. We do not collect a date of birth or age for age-gating purposes.

  • Under 13: We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has created an account, we will take reasonable steps to delete the information and terminate the account.
  • Ages 13–17: Users between 13 and 17 must have parental or legal guardian consent before creating or using an account, and a parent or guardian may review, correct, or request deletion of the minor's information at any time by emailing support@drivephaseai.com.
  • All accounts are private: DrivePhase does not offer public profiles, discovery, social, or sharing-with-other-users features. Your profile and information are private to your account and are not visible to other DrivePhase users (see Section 3.1).
  • No weight-loss/deficit features for minors: Nutrition features oriented toward calorie deficits or weight loss/weight management are not intended for and not provided to minors. Minors should track nutrition, training, and performance only under the supervision of a parent, guardian, coach, or qualified professional.

Parents or guardians may contact support@drivephaseai.com to request review, correction, or deletion of a minor's information. Coaches who add minors to a Workout Mode roster are responsible for obtaining any required parental/guardian consent (see Section 3.2).

DrivePhase is operated from the United States, and your information is stored and processed in the United States by us and our service providers. We do not target our Service to, or intend to transfer personal information from, the EEA, the United Kingdom, or Switzerland. See Section 11.

This section supplements the rest of the Privacy Policy for residents of U.S. states with comprehensive consumer privacy laws, including California, Indiana, Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Florida, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, and Maryland, as those laws become effective and to the extent they apply to us.

10.1 Categories Collected

We may collect the following categories of personal information:

CategoryExamples
IdentifiersName, username, email, phone number, account ID, user ID, IP address
Customer recordsAccount, profile, subscription, support, and billing metadata
Protected classificationsAge or age range if provided
Commercial informationSubscription tier, entitlement, purchase history, trial status
Biometric-Derived or body-geometry data33-point pose landmarks, derived limb/joint angles, and the derived per-frame body-geometry coordinate time-series used for sprint analysis
Internet or electronic activityApp events, screen interactions, feature usage, logs
GeolocationCity and state you type into your profile (no GPS or precise-location access)
Sensory dataVideos, photos, and audio in videos
Health and fitness dataTraining, nutrition, readiness, sleep, soreness, body measurements, performance metrics
User ContentMessages, prompts, notes, uploaded content, reports, support requests
InferencesForm-feedback insights, recommendations, scores, trends, generated plans
Sensitive Personal InformationAccount credentials, health/fitness data, Biometric-Derived Data, and user-provided sensitive content

10.2 Sources

Sources include you, your device, app-store and authentication providers, service providers, analytics/diagnostic tools, and generated outputs from your use of the Service.

10.3 Purposes

Purposes are described in Section 2, including app functionality, personalization, security, analytics, legal compliance, subscriptions, customer support, and product improvement.

10.4 Disclosure (12-Month Look-Back)

In the preceding 12 months, we disclosed personal information to the categories of recipients described in Sections 3 and 4 (service providers/processors, app stores and billing providers, and legal/safety recipients) for the business purposes described in this Policy. We did not sell or share personal information for cross-context behavioral advertising.

10.5 Sale, Sharing, Targeted Advertising, and Profiling

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use personal information for third-party targeted advertising. We do not engage in profiling that produces legal or similarly significant effects about you. We have not sold or shared the personal information of consumers we know to be under 16.

10.6 Appeals

If we deny your privacy request, you may appeal by emailing support@drivephaseai.com with the subject "Privacy Request" and the word "Appeal." This appeal channel is available to residents of all states whose laws provide an appeal right (including, as applicable, Indiana, Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Florida, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, and Maryland). We will respond within the timeframe required by your state's law. If your appeal is denied, your state may allow you to contact your state Attorney General to submit a complaint.

10.7 Non-Discrimination

We will not discriminate or retaliate against you for exercising any privacy right. We will not deny you the Service, charge a different price or rate, or provide a different level or quality of the Service because you exercised a right, except where a difference is reasonably related to the value provided by your data or otherwise permitted by law.

10.8 Sensitive Personal Information — Use, Consent, and Per-Category Retention

We use Sensitive Personal Information only to provide and secure the Service, comply with law, and for other purposes permitted by applicable law, and not to infer characteristics about you. We do not sell Sensitive Personal Information, and we do not use or disclose it for purposes that require an opt-out under California law. Where your state requires opt-in consent to process sensitive data (such as Virginia, Colorado, Connecticut, and similar states), your acceptance of this Policy and your voluntary submission of the relevant data — for example, uploading a sprint video for analysis or logging health/nutrition data — constitutes your consent to the processing described here. You may withdraw consent by deleting the relevant data or your account, or by emailing support@drivephaseai.com.

Per-category retention for Sensitive Personal Information:

Sensitive categoryRetention
Biometric-Derived DataDuration of account; no more than 3 years after last interaction; deleted on account deletion (Section 12)
Health and fitness / Consumer Health DataDuration of account or until deleted, unless legal/security retention applies (Section 13)
Account credentialsDuration of account; managed by Supabase Auth

10.9 Authorized Agents

You may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof that you gave them signed permission to submit the request, may require you to verify your own identity directly with us, and may require you to directly confirm that you authorized the request.

10.10 Indiana Residents

DrivePhase LLC is organized in Indiana. The Indiana Consumer Data Protection Act took effect on January 1, 2026. Indiana residents may exercise applicable access, correction, deletion, portability, and opt-out rights, and may appeal a denial, by emailing support@drivephaseai.com (see Sections 7 and 10.6).

10.11 California "Shine the Light"

California residents may request information about disclosures of personal information to third parties for those parties' direct marketing purposes. DrivePhase does not disclose personal information to third parties for their direct marketing purposes.

DrivePhase is offered only to residents of the United States. The Service is not directed to, intended for, or offered to residents of the European Economic Area (EEA), the United Kingdom, or Switzerland, and we do not market the Service in those regions. Residents of the EEA, the United Kingdom, and Switzerland should not use the Service or provide personal information through it.

This Policy does not provide the substantive rights or controller obligations of the EU/UK General Data Protection Regulation, and we do not maintain an EU/UK representative, Standard Contractual Clauses, the UK International Data Transfer Agreement, or related cross-border transfer machinery. If we identify that personal information of an EEA, UK, or Swiss resident has been collected, we will handle it in accordance with applicable U.S. law and will delete it on request to support@drivephaseai.com (subject "Privacy Request").

This section provides the written notice, retention schedule, and consent framework that apply to Biometric-Derived Data, including for Illinois residents to the extent pose-derived sprint analysis data is considered biometric information under the Illinois Biometric Information Privacy Act.

12.1 What Is Collected

When you upload a sprint video for analysis, DrivePhase derives, from your video, 33-point skeletal pose landmarks, joint and limb angles, and a per-frame body-geometry coordinate time-series (for example, ankle and body-center pixel coordinates over the course of the clip), together with derived sprint metrics.

12.2 Purpose

Biometric-Derived Data is used solely to provide athletic biomechanical analysis — sprint metrics, annotated videos, AI form feedback, trends, and related Service features. DrivePhase does not use Biometric-Derived Data to identify you, and does not link it to fingerprints, facial-recognition templates, voiceprints, or other biometric identifiers.

12.3 How It Is Handled (Honest Disclosure)

  • Raw video frames: the full-resolution video is processed transiently in memory to perform analysis; DrivePhase does not retain a complete stored archive of every video frame.
  • Key-moment still images: for some analyses, DrivePhase extracts a small number of still images ("key moments") from your video and stores them with your analysis in private, account-scoped storage to support annotated playback and AI visual observations, and may send those stills to OpenAI's vision API (see Section 4.1). These stored stills are deleted when you delete the associated video or your account.
  • Derived sprint metrics: retained for the duration of your account to power trends, history, and comparisons.
  • Derived body-geometry coordinate time-series: retained for the duration of your account to support re-analysis, annotated playback, and accuracy/quality features. This means DrivePhase does store a derived coordinate time-series — it is not discarded immediately after analysis.

12.4 Written Retention and Destruction Schedule

DrivePhase maintains the following retention-and-destruction schedule for Biometric-Derived Data, consistent with BIPA-style requirements:

  • Biometric-Derived Data (derived metrics and the body-geometry coordinate time-series) is retained for the duration of your account.
  • Stored key-moment still images extracted from your videos are retained for the duration of your account and are deleted when you delete the associated video or your account.
  • In no event is Biometric-Derived Data retained for more than three (3) years after your last interaction with the Service, unless a valid legal requirement requires longer retention.
  • Upon account deletion (in-app or by request), Biometric-Derived Data is permanently deleted in accordance with our deletion and backup schedules, with backup copies purged on a delayed schedule (generally within 90 days where feasible).
  • When the retention period expires or its purpose is satisfied, the data is destroyed using reasonable measures so that it cannot be readily reconstructed.

12.5 Disclosure and No Sale

DrivePhase does not sell, lease, trade, or otherwise profit from Biometric-Derived Data. We disclose it only to service providers operating the Service on our behalf, as necessary to provide the requested feature, or as required by law. We do not disclose it without consent except as permitted by BIPA.

12.6 Consent

By uploading video for sprint analysis after receiving this notice, you consent to DrivePhase's collection, use, storage, and destruction of Biometric-Derived Data as described in this Section. If you are a minor (13–17), this consent must be provided by your parent or legal guardian (see Section 8). You may withdraw consent by stopping video uploads and requesting deletion of the relevant videos or your account.

This section summarizes how we handle Consumer Health Data for Washington residents (and others covered by similar laws). A standalone Consumer Health Data Privacy Policy is published separately and linked from this Policy and our website at https://drivephaseai.com/health-data; in the event of any conflict regarding Consumer Health Data, the standalone policy controls.

13.1 Consumer Health Data Collected

DrivePhase may collect Consumer Health Data including:

  • Fitness and performance metrics, sprint analysis, body geometry, training load, workouts, readiness, sleep, soreness, stress, energy, and recovery data
  • Nutrition, hydration, dietary preferences, macro/calorie data, meal logs, food photos, and race-day nutrition protocol data
  • Body measurements, age, height, weight, event, goals, limitations, injury history, and self-reported training context
  • AI-generated inferences related to training, performance, nutrition, readiness, and recovery

13.2 Sources

Sources include you, your device, videos/photos you upload, app interactions, generated analysis results, service providers, app-store providers, and connected authentication providers.

13.3 Purposes

We collect and use Consumer Health Data to provide sprint analysis, training, nutrition, readiness, AI form feedback, reminders, trends, personalization, safety, and support features you request.

13.4 Sharing and Opt-In

We share Consumer Health Data only with the categories of recipients needed to operate the features you use:

  • Cloud and storage providers (Supabase, Google Cloud)
  • AI providers (OpenAI) when needed for a requested AI feature
  • Nutrition database providers for searches and barcode lookups
  • Legal, security, or safety recipients where permitted or required

We do not sell Consumer Health Data, and we do not share Consumer Health Data for advertising. We also do not share your Consumer Health Data with our product-analytics or crash-diagnostics providers (such as PostHog and Sentry): our analytics events do not include health, nutrition, sprint, or biometric data, and crash diagnostics are limited to the technical error information needed to operate, secure, and debug the Service. Because we do not share Consumer Health Data with these tools, no separate opt-in is required. You may contact support@drivephaseai.com with the subject "Washington Health Data Request" with any question or request about this.

13.5 Rights

You may request to access, delete, or withdraw consent for future collection or sharing of Consumer Health Data by emailing support@drivephaseai.com with the subject "Washington Health Data Request." We will not discriminate against you for exercising these rights.

We may update this Privacy Policy from time to time. Material changes will be communicated by email, in-app notice, or other legally required method. Your continued use of DrivePhase after the effective date means you accept the updated policy.

In addition to the changes process above, if a security incident affects your personal information, we will provide notice as described in Section 6.1, including any notice required under the FTC Health Breach Notification Rule and applicable state breach-notification laws.

Version History

  • Version 5.3 (July 14, 2026): Corrected the free-tier video retention entry in Section 5 to match current product behavior: up to 3 saved videos, deletion on or after 7 days from upload (derived sprint metrics retained), replacing the prior 30-day description. Coordinated with the Terms of Service 5.1 free-tier quota corrections.
  • Version 5.2 (July 13, 2026): Added an Apple refund-request disclosure (Section 3.3): when a customer requests an App Store refund, limited account and usage information (consumption data) is shared with Apple via RevenueCat to inform Apple's refund decision, with no refund preference stated. Updated the RevenueCat entry in Section 4 to match.
  • Version 5.1 (June 4, 2026): Added explicit account-switching and account-security telemetry disclosures, including saved account-session shortcuts and privacy-minimized hashed session/device/coarse-IP signals used for security, abuse prevention, and usage-limit enforcement.
  • Version 5.0 (June 1, 2026): Set the Service to U.S.-only and replaced the European/UK/Swiss section with a "Geographic Scope — United States Only" statement; simplified international transfers to U.S.-only processing and removed GDPR legal-bases/Article 27/SCC machinery. Rewrote the biometric disclosures for honesty: DrivePhase retains derived sprint metrics and a derived per-frame body-geometry coordinate time-series for the duration of the account (no more than 3 years after last interaction; deleted on account deletion), with a written BIPA-style retention-and-destruction schedule, replacing the prior "raw pose processed transiently and not stored" framing. Added a Security Incident Notification commitment acknowledging the FTC Health Breach Notification Rule; added an "Analytics, SDKs & Tracking Technologies" subsection (PostHog/Sentry/RevenueCat identifiers + opt-out) with native-app-appropriate GPC/DNT language. Upgraded U.S.-state disclosures (non-discrimination, authorized-agent process, 12-month look-back, a general appeal channel, single-email method, per-category Sensitive PI retention, sensitive-data consent acknowledgment) and refreshed the 2026 state list (added Montana, Florida, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland). Added a Washington Consumer Health Data summary that links to a standalone policy at /health-data with opt-in for non-necessary health-data analytics sharing. Added service-provider/DPA language and clarified that DrivePhase is a single-user app with no public profiles, social, friends, followers, discovery, or in-app messaging features — all accounts and information are private — and reframed Workout Mode as a private, owner-only roster of free-text names you enter (not a coach/processor roster system); aligned children's section to 13+ with parental consent (self-attested for 13–17), a required 13+ self-attestation (no date of birth collected), all-private accounts, and no minor weight-loss/deficit features; clarified that DrivePhase does not train its own models on identifiable User Content; and added defined terms.
  • Version 4.0 (May 14, 2026): Rebuilt data collection disclosures, added active RevenueCat/PostHog/Sentry/Resend/Tavily disclosures, corrected OpenAI API data handling, updated AI retention language, expanded nutrition/training/Intelligence/social/local-storage disclosures, updated state privacy notices, and aligned with current product behavior
  • Version 3.0 (March 30, 2026): Comprehensive update with biometric, Washington health data, GPS, ML Kit, speech recognition, and state privacy disclosures
  • Version 2.0 (January 26, 2025): Comprehensive update for DrivePhase LLC
  • Version 1.0 (January 1, 2025): Initial release

Email: support@drivephaseai.com

Privacy Requests (and Appeals): support@drivephaseai.com with subject "Privacy Request"

Washington Health Data Requests: support@drivephaseai.com with subject "Washington Health Data Request"

Security Issues: support@drivephaseai.com with subject "Security"

DMCA/Copyright: support@drivephaseai.com with subject "DMCA Request"

Legal Inquiries: support@drivephaseai.com

Mailing Address:
DrivePhase LLC
65 East Garner Road, Suite 300
Brownsburg, IN 46112
United States

Website: https://drivephaseai.com

Consumer Health Data Privacy Policy: https://drivephaseai.com/health-data

Phone support is not available at this time.

BY USING DRIVEPHASE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS PRIVACY POLICY.

DrivePhase LLC. All rights reserved.