Privacy Policy

Last updated: April 2, 2026

1. Who We Are

DonnaOS is owned and operated by BAL Analytics LLC. References to "we," "us," or "our" in this policy refer to BAL Analytics LLC.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, and authentication credentials when you create an account.
  • Profile information: age, gender, weight, height, training experience, training type, enhancement status, goals, equipment access, and injury history as provided during onboarding.
  • Training data: workout logs, exercise performance (sets, reps, weight, RPE), session duration, and AI-generated training plans.
  • Nutrition data: food logs, macro intake, body weight, and body fat percentage when you use the nutrition tracking features.
  • Assessment data: movement screening results, fiber type profiling, neural/CNS typing, and rep quality analysis from assessment stations.
  • Device information: browser type, device type, and IP address for security and rate limiting purposes.
  • Usage data: feature usage patterns and error logs for product improvement.

3. How We Use Your Information

  • To provide and personalize your training programming through our AI engine.
  • To learn your individual muscle response patterns and optimize exercise selection, volume, and intensity over time.
  • To track your nutrition and body composition progress.
  • To send push notifications you have opted into (rest timers, workout reminders).
  • To monitor application performance and fix errors.
  • To improve our AI engine and product features in aggregate.

4. AI Processing

All AI processing is performed by our proprietary Bayesian inference engine. We do not use OpenAI, GPT, Claude, or any third-party AI service to process your data. Your training data is processed by mathematical models (Beta/Gamma distributions, Thompson sampling) that run client-side or on our servers -- never sent to external AI providers.

5. Enhancement Status

If you choose to disclose your enhancement status (natural, TRT, or enhanced), this information is used solely to calibrate training variables such as volume landmarks, recovery windows, and deload frequency. We do not store, suggest, or reference specific compounds, dosages, or protocols. We do not share enhancement status with any third party.

6. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL with Row Level Security) hosted in the United States. Authentication is handled via Supabase Auth with encrypted tokens. We use HTTPS for all data transmission, and implement rate limiting to prevent abuse.

7. Third-Party Services

We use the following third-party services:

  • Supabase: database and authentication.
  • Vercel: application hosting and deployment.
  • Upstash: rate limiting and push notification scheduling.
  • Sentry: error monitoring and performance tracking.
  • PostHog: anonymized product analytics.
  • FatSecret: food database integration (only when you use nutrition tracking).

We do not sell your data to any third party.

8. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at the email below. Upon deletion, your data is permanently removed from our databases within 30 days.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Opt out of push notifications at any time.
  • Export your training data.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries, contact:
BAL Analytics LLC
Email: privacy@donna-os.ai