Privacy Policy
Contact: [email protected]
1. Introduction
Sparta Mind ("we", "our", or "us") is a body transformation platform that provides personalized nutrition plans, strength-based workout programming, and optional human coaching through certified trainers. We are committed to protecting your personal information and being transparent about what we collect, why we collect it, and how we use it.
This Privacy Policy applies to the Sparta Mind mobile application (iOS and Android), the trainer CMS portal, and any associated web properties operated by Sparta Mind.
By creating an account and using Sparta Mind, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.
2. Who We Are & How to Contact Us
Sparta Mind operates as a fitness and nutrition technology platform. For any privacy-related questions, requests, or concerns, please contact us:
Email: [email protected]
We will respond to all privacy requests within 30 days.
3. Information We Collect
We collect only the information necessary to provide you with a personalized transformation program. We do not collect information for advertising purposes.
3.1 Information You Provide Directly
Account Information
We collect your email address as your unique account identifier, your password (stored as a secure hash — we never see your plain-text password), and your first name for personalization purposes.
Health & Body Data (collected during onboarding)
During onboarding we collect your date of birth or birth year, gender, height, current body weight, waist and arm circumference measurements, and estimated body fat percentage. We also collect your target weight, fitness goal (toning, fat loss, or muscle gain), sleep hours, activity level, and the number of days per week you are available to exercise.
Dietary Preferences & Restrictions
We collect your preferred protein food sources (e.g., chicken, fish, eggs, legumes), any food allergens or dietary restrictions, and any custom allergy notes you choose to provide.
Fitness & Activity Data
We collect your workout effort level preference, any body regions with physical limitations or injuries, and your logged workout sessions including exercises, sets, reps, and weights. Completed training session records and cardio sessions are also logged if provided.
Weekly Check-In Data
Each weekly check-in captures your current body weight and waist measurements, a self-reported hunger and energy score (1–10 scale), the number of workouts completed that week, and any notes on dietary deviations or physical changes.
Communication Data (Elite tier only)
For Elite tier subscribers, we store messages sent to and received from your assigned certified trainer through the in-app chat.
3.2 Information Collected Automatically
When you use the Sparta Mind app, we or our service providers may automatically collect:
- Device type and operating system version
- App version
- Session activity for the purpose of maintaining your login state
- Error logs if the app crashes (used for debugging only)
3.3 Information from Third-Party Integrations
Google Health Connect (Android only)
If you grant permission, Sparta Mind reads activity data from Google Health Connect including daily step count, active energy burned, exercise sessions, and heart rate data. This data is used exclusively to give your trainer a more accurate picture of your physical activity for plan adjustment purposes. It is never sold or shared with third parties.
Google OAuth (Optional)
If you choose to sign in with Google, we receive your email address and display name from Google. We do not receive access to your Google contacts, files, or other Google account data.
3.4 Progress Photos
4. How We Use Your Information
We use the information we collect exclusively to operate the Sparta Mind platform and deliver your personalized transformation program.
To Deliver Your Personalized Plan
- Calculate your Basal Metabolic Rate (BMR) and Total Daily Energy Expenditure (TDEE) using the Mifflin-St Jeor formula
- Generate your personalized 5-meal daily nutrition plan with accurate macro targets
- Display your workout plan tailored to your effort level, training days, and physical limitations
- Filter meal content based on your allergens and dietary preferences
To Track and Display Your Progress
- Plot your weight and measurement trends on your progress charts
- Calculate your progress toward your target weight
- Identify milestones such as your first kilogram lost
To Support Trainer-Client Collaboration (Elite Tier)
- Share your profile, check-in data, and Health Connect activity data with your assigned certified trainer
- Enable your trainer to adjust your meal plan and workout plan based on your progress
- Facilitate real-time messaging between you and your trainer
To Operate the Service
- Authenticate your account and maintain your login session
- Process your subscription payment via our payment provider
- Send transactional emails (account verification, password reset, subscription confirmations)
- Send push notifications for workout reminders, check-in prompts, and re-engagement (where you have granted notification permissions)
We Do Not Use Your Data To
- Serve you advertisements
- Build advertising profiles
- Sell or rent your personal information to any third party
5. Legal Basis for Processing (GDPR)
For users in the European Union, European Economic Area, or other regions where GDPR applies, we process your personal data on the following legal bases:
- Contract performance: Processing your account information, health data, and payment data to deliver the services you subscribed to.
- Legitimate interest: Error logging and app performance monitoring to maintain service stability.
- Consent: Health Connect data access (you may revoke permission at any time in your device settings), push notification delivery (you may revoke permission at any time in your device settings), and optional Google Sign-In.
- Legal obligation: Maintaining subscription and payment records as required by applicable tax and financial regulations.
6. Data Sharing & Third-Party Service Providers
We do not sell your personal data. We share your data only with carefully selected third-party service providers who are contractually required to keep it confidential and use it solely to deliver their specific service on our behalf.
Database & Authentication
Your account data, profile, measurements, workout logs, and check-in data are stored in a secure, encrypted database with access controls that ensure each user can only access their own data.
Payment Processing
Subscription payments are processed by a licensed and PCI-DSS compliant payment gateway. We never store your full card number, CVV, or bank details on our servers. Only a secure reference token is retained for subscription management purposes.
Transactional Email
Your email address is shared with an email delivery provider solely to send transactional messages such as account verification, password reset links, and subscription confirmations. Your email is never used for unsolicited marketing by this provider.
Push Notifications
If you enable push notifications, your device token is shared with a notification delivery service to send you reminders and alerts. This provider does not receive your health or fitness data.
Your Assigned Trainer (Elite Tier Only)
If you subscribe to the Elite tier, your profile data, meal plan, workout plan, check-in history, and Health Connect activity summary are accessible to your assigned certified trainer through the Sparta Mind platform. Trainers are bound by a professional confidentiality agreement and may not share your data with third parties.
Food & Nutrition Data
When trainers search for food items to build your meal plan, queries are sent to a nutritional food database. Your personal data is never included in these queries — only food search terms are transmitted.
7. Data Retention
We retain your personal data for as long as your account is active. Specific retention rules:
- Account data is retained for the duration of your subscription and for 12 months after account closure, to allow you to reactivate your account and retrieve your transformation history.
- Weekly check-in data and progress measurements are retained for the lifetime of your account so your full transformation arc remains visible.
- Payment records are retained for 7 years as required by Israeli and EU financial regulations.
- If you request account deletion, all personal data is deleted within 30 days, except payment records required by law.
- Progress photos are stored on your device only and are not subject to our retention policies.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Right to Access
You may request a copy of all personal data we hold about you. We will provide this in a structured, machine-readable format within 30 days.
Right to Rectification
You may correct inaccurate personal data through the app's Settings screen at any time. For data that is locked (such as gender or height, which require trainer approval to change), contact us directly.
Right to Erasure ("Right to be Forgotten")
You may request deletion of your account and all associated personal data by contacting us. We will process this within 30 days. Payment records required by law are excluded from deletion.
Right to Data Portability
You may request an export of your personal data in a portable format (JSON or CSV). Contact us to request this.
Right to Object or Restrict Processing
You may object to or request restriction of certain processing activities. Where we process data based on consent (Health Connect, push notifications), you may withdraw consent at any time through your device settings without affecting the lawfulness of prior processing.
How to Exercise Your Rights
To exercise any of the above rights, email [email protected] with the subject line "Privacy Request". We will verify your identity before processing any request.
9. Data Security
We take data security seriously and implement industry-standard safeguards:
- Passwords are hashed using bcrypt with a cost factor of 12 — your plain-text password is never stored
- All data in transit is encrypted using HTTPS/TLS
- Access tokens expire after 15 minutes; refresh tokens expire after 7 days
- Database access is governed by row-level security policies — each user can only access their own data
- Payment webhook events are verified using cryptographic signature validation to prevent tampering
- Payment card data is never stored on our servers — all payment data is handled by our PCI-DSS compliant payment provider
- Photos are stored on your device only — they are never transmitted to our servers
While we implement these safeguards, no system is completely secure. If you believe your account has been compromised, contact [email protected] immediately.
10. Children's Privacy
Sparta Mind is intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal data, please contact [email protected] and we will delete it promptly.
11. International Data Transfers
Sparta Mind is operated primarily from Israel and serves users globally. Your data may be stored and processed in countries outside your home country, including the United States and the European Union, where our service providers operate secure infrastructure.
Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR. Israel is recognized by the European Commission as providing an adequate level of data protection.
12. Push Notifications
We may send push notifications to your device for the following purposes:
- Weekly check-in reminders
- Workout day reminders
- Re-engagement messages if you have not opened the app in 3 or more days
- Subscription renewal reminders
- Milestone and achievement notifications
You may disable push notifications at any time through your device's notification settings (iOS: Settings > Notifications > Sparta Mind; Android: Settings > Apps > Sparta Mind > Notifications). Disabling notifications does not affect your ability to use the app.
13. Cookies & Local Storage
The Sparta Mind mobile app does not use browser cookies. The app uses AsyncStorage (React Native's local data store) to persist your login session and onboarding draft data on your device. This data does not leave your device except as part of normal API authentication flows.
The Sparta Mind web CMS uses localStorage to maintain trainer login sessions. No third-party tracking or advertising cookies are used on any Sparta Mind web property.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the effective date at the top of this document
- Notify you via email to your registered address
- Display an in-app notification on your next login
Your continued use of Sparta Mind after the effective date of an updated policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you may close your account by contacting [email protected].
15. Governing Law
This Privacy Policy is governed by the laws of the State of Israel, including the Protection of Privacy Law, 5741-1981 and its regulations. For users in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies in addition to Israeli law.
Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts of Israel, without prejudice to your rights as a consumer under applicable local law.
16. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data:
Privacy requests & general support: [email protected]
We are committed to resolving any concerns you have. If you are located in the EU and feel we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.