Privacy Policy

Introduction

JSB Labs LLC ("Company," "we," "our," or "us") operates Rex, an AI-powered training platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Information We Collect

Account Information

When you create an account, we collect your email address and any profile information you choose to provide.

Health and Fitness Data

With your permission, we collect data from connected services including:

• Workout history and exercise performance
• Heart rate variability (HRV) and recovery metrics
• Sleep duration and quality data
• Activity and training load data

Workout Logs

We store workout data you log directly in the app, including exercises, sets, reps, weights, and personal records.

Usage and Analytics Data

We automatically collect certain information when you use the Service, including device type, browser type, pages visited, feature usage patterns, and interaction data. We use PostHog for product analytics and Vercel Analytics for performance monitoring. These services may use cookies or similar technologies to collect and store this information.

How We Use Your Information

We use your information to:

• Generate and personalize your training plans and daily coaching briefs
• Recalibrate recommendations based on your recovery and performance
• Track your progress and personal records
• Improve our AI algorithms and service quality
• Communicate with you about your account and updates
• Process payments and manage subscriptions
• Analyze usage patterns to improve the Service

Data Sharing with AI Providers

To generate personalized coaching recommendations, we send your fitness and recovery data to third-party AI providers (currently Anthropic) for processing. This data is sent via API and is used solely to generate your coaching output.

Our AI providers are contractually prohibited from using your data to train their models or for any purpose other than generating responses to our API requests. We select providers with strong data protection practices and review their policies regularly.

Third-Party Integrations

Rex integrates with third-party services such as Garmin, Whoop, Strava, and Apple Health. When you connect these services, we access data according to the permissions you grant. These services have their own privacy policies that govern how they handle your data. We also use Stripe to process payments; your payment information is handled directly by Stripe and is not stored on our servers.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. These include:

• Essential cookies: Required for authentication and core functionality
• Analytics cookies: Used by PostHog and Vercel Analytics to understand how the Service is used

We do not use advertising cookies or sell data to advertisers. You can control cookie preferences through your browser settings, though disabling essential cookies may affect Service functionality.

Data Security

We implement appropriate technical and organizational measures to protect your personal information. Your data is encrypted in transit (TLS) and at rest. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, the types of data affected, steps we are taking to address it, and recommended actions you can take to protect yourself. We will also notify relevant regulatory authorities as required by applicable law.

Data Retention

We retain your data for as long as your account is active or as needed to provide you services. You can request deletion of your account and associated data at any time. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Disconnect third-party integrations at any time
• Export your workout data
• Opt out of non-essential analytics tracking

To exercise any of these rights, contact us at privacy@rexcoach.com. We will respond to verified requests within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: You can request the categories and specific pieces of personal information we have collected about you
• Right to delete: You can request that we delete your personal information, subject to certain exceptions
• Right to opt out of sale: We do not sell your personal information. We do not share your data with third parties for their own marketing purposes
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email privacy@rexcoach.com with the subject line "CCPA Request." We will verify your identity before processing your request.

Children's Privacy

Rex is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and sending an email notification for significant changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at: