Privacy Policy

CatalysAI, a company based in Brazil. 📧 Controller contact: support@catalysai.app

We collect the following personal data: • Trainer data: name, email, password (hashed), account settings • Client data: name, email, age, weight, height, goals, training data, restrictions, session history • Check-in data: sleep, energy, mood, pain, adherence • Physical assessment data: body measurements, body composition • Financial data: payment history, payment method (processed by Stripe) • Technical data: IP address, browser type, access logs

We use personal data to: • Provide the AI-powered personal training management platform • Generate personalized workout plans using artificial intelligence • Analyze feedback and generate reports • Process payments and manage subscriptions • Send service-related communications (reminders, alerts) • Improve the platform and user experience Legal basis: performance of a contract (Art. 6(1)(b) GDPR; Art. 7, V LGPD) and consent where applicable.

Data is stored on the Supabase platform (cloud infrastructure) with encryption at rest (AES-256) and in transit (TLS 1.2+). We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or destruction, including: • Secure authentication with password hashing (bcrypt) • Row Level Security policies • Automatic backups • Restricted access to personal data

Your personal data is retained while your account is active. After account deletion or erasure request: • Personal data is deleted within 30 days • Financial data may be retained for up to 5 years for legal and tax compliance • Backups are deleted within the rotation cycle (maximum 90 days)

Under the LGPD and GDPR, you have the right to: • Access: request a copy of your personal data • Rectification: correct inaccurate or incomplete data • Erasure: request deletion of your personal data • Data portability: receive your data in a structured format • Objection: object to the processing of your data • Withdrawal of consent: withdraw your consent at any time • Information: know with whom your data has been shared

You can exercise your rights in two ways: • By email: send a request to support@catalysai.app • Through the platform: use the buttons available in account settings We will respond within 30 days (GDPR) or 15 business days (LGPD).

We share data only with the following third parties, strictly necessary for the operation of the service: • OpenAI / Anthropic: AI content generation (workout plans, analyses). No personally identifiable data is stored by these providers. • Stripe: payment processing. Stripe acts as an independent data controller for payment data. • Supabase: data hosting and storage. • Resend: transactional email delivery. We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use only strictly necessary session cookies for the platform to function (authentication and preferences). We do not use tracking cookies, advertising cookies, or third-party analytics.

Your data may be transferred to servers outside Brazil (United States) for cloud processing. These transfers are protected by appropriate contractual clauses and provider certifications (SOC 2, ISO 27001), in compliance with Art. 33 of the LGPD and Chapter V of the GDPR.

For questions regarding the protection of your personal data, contact us: 📧 support@catalysai.app A formal DPO designation will be published when applicable, as required by law.

We may update this Privacy Policy periodically. Significant changes will be communicated by email or through a notice on the platform. The current version will always be available on this page.

📧 Email: support@catalysai.app 🌐 Website: catalysai.app