1. Introduction

Dryden Labs (“we,” “us,” or “our”) operates Mental Pushup. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

2. Information We Collect

Information You Provide

Account information: name, email address, and password when you create an account
Profile data: any additional information you add to your profile
Health and wellness data: check-in habits, workout logs, weight entries, body measurements, macro targets, and journal entries
Goal data: vision board items, sprint goals, and weekly plans
Photos and files: transformation photos, recipe photos, and files you upload
Social data: Tribe connections, circle memberships, and shared activity
Payment information: processed securely through Stripe — we do not store your credit card details

Information from Third-Party Integrations

If you connect third-party services, we may receive:

Oura Ring: sleep scores, readiness scores, activity data, heart rate variability
Strava: workout activities, distances, durations, calories
Apple Health: steps, heart rate, nutrition data
Google Drive: file metadata for the Files and Legacy features — files are stored in your own Google Drive account

Information Collected Automatically

Browser type and version
Device type
Pages visited and time spent
IP address (for security purposes)

3. How We Use Your Information

We use your information to:

Provide, maintain, and improve the Service
Process your subscription and payments
Generate your personal reports and analytics
Enable social features (Tribe, Circles, leaderboards)
Send transactional emails (account verification, password reset)
Send optional notifications (daily reminders, weekly reports — you can opt out)
Respond to support requests
Detect and prevent fraud or abuse

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

Tribe members: only the data you choose to share within your Circles, as controlled by your privacy settings
Service providers: Supabase (database), Stripe (payments), Vercel (hosting) — bound by their own privacy policies
Account Guardians: only if you designate them and they complete the verification process
Legal requirements: if required by law, court order, or governmental request

5. Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS). Files stored through the Files and Legacy features are kept in your personal Google Drive account — we do not host these files. We implement industry-standard security measures including encryption in transit (HTTPS) and at rest. However, no method of transmission or storage is 100% secure.

6. Data Retention

We retain your data for as long as your account is active. If you cancel your Pro subscription, your data is preserved (not deleted) and remains accessible if you resubscribe. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to:

Access: request a copy of your personal data
Correction: update or correct inaccurate data
Deletion: request deletion of your personal data
Export: download your data using the Export feature in Settings
Opt out: unsubscribe from optional notifications at any time
Revoke integrations: disconnect third-party services at any time

To exercise these rights, contact us at privacy@mentalpushup.com.

8. Cookies and Local Storage

We use cookies for authentication and session management. We also use browser local storage to cache your data for faster performance. You can clear local storage at any time through your browser settings or the Data section in Settings.

8a. Analytics and Crash Reporting

We use Google Analytics 4 to measure aggregate product usage (page views, feature adoption, conversion rates). We do not sell or share your personal data with advertisers. We do not use ad networks, ad IDs, Meta Pixel, or any behavioral advertising tracker.

On iOS, we respect your App Tracking Transparency choice. If you decline tracking, no device identifiers (IDFA) are transmitted and analytics events are anonymized. On Android, analytics follow the Google Play Families Policy and the Advertising ID Policy.

On the native apps (iOS and Android), we use Sentry for crash reporting. Stack traces and device metadata (OS version, app version, free memory) are sent on unhandled errors only — never your habit data, journal entries, or personal information. You can opt out in Settings → Privacy.

8b. Push Notifications (Native Apps)

On iOS and Android, we use Firebase Cloud Messaging (FCM) to send daily check-in reminders and streak alerts. Your device token is stored in our database linked to your user account. Push notifications can be disabled at any time from your device Settings or in-app Settings.

9. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new “Last updated” date. Your continued use of the Service after changes constitutes acceptance.

11. Contact

If you have questions about this Privacy Policy, please contact us at privacy@mentalpushup.com.