Privacy Policy

1. Introduction

Welcome to BRAWLER AI ("we," "our," or "us"). We are committed to protecting your privacy and providing transparency about how we collect, use, and safeguard your information. This Privacy Policy explains our practices regarding your Brazilian Jiu-Jitsu training data and personal information.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account & Profile Information

• Email address, name, and username
• BJJ belt rank and training experience level
• Physical attributes (height, weight, age) - optional
• Profile photos and avatars
• Gym/academy affiliations

2.2 Training & Performance Data

• Journal entries and training logs
• Technique tracking and proficiency assessments
• Sparring session records (partners, rounds, outcomes)
• Training goals and progress metrics
• Voice coaching session transcripts and interactions
• AI-generated insights and coaching recommendations

2.3 AI-Generated Data

• AI-generated search indexes for finding relevant training history
• Performance analysis and pattern recognition results
• Conversational context and coaching memory
• Personalized recommendations and adaptations

2.4 Social & Connection Data

• Training partner connections and permissions
• Shared content and collaboration data
• Community interactions and notifications

2.5 Technical & Usage Data

• Device information (type, operating system, browser)
• IP address and general location data
• App usage patterns and feature interactions
• Error logs and performance metrics
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Provide personalized BJJ coaching and training insights
• Track your progress and achievement milestones
• Enable voice coaching with real-time AI interactions
• Generate semantic search results for your training history
• Facilitate connections with training partners

3.2 Personalization & AI Features

• Adapt coaching style to your preferences and experience level
• Provide context-aware recommendations based on training patterns
• Maintain conversation continuity across coaching sessions
• Analyze performance trends and suggest improvements

3.3 Service Improvement

• Analyze usage patterns to enhance features
• Monitor system performance and fix technical issues
• Conduct research to improve AI coaching quality

3.4 Communication

• Send service-related notifications and updates
• Respond to support requests and feedback
• Notify you of new features and improvements (with consent)

3.5 Legal Basis (GDPR)

For EU users, we process your data based on: (a) your consent, (b) contract performance, (c) compliance with legal obligations, or (d) legitimate interests in improving our service.

4. How Information is Shared

4.1 Third-Party Services

4.2 Training Partners & Social Features

• Training partner connections require mutual consent
• You control what content is shared with partners
• Shared sessions and techniques visible only to authorized users

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety.

4.4 What We Don't Do

• We DO NOT sell your personal information
• We DO NOT share your training data with third parties for marketing
• We DO NOT use your data to train commercial AI models for resale

5. Your Privacy Rights

5.1 Rights for All Users

• Access: View all data we have about you
• Export: Download your training data in CSV/JSON format
• Correction: Update or correct inaccurate information
• Deletion: Request complete account and data deletion
• Opt-out: Disable AI analysis while maintaining core functionality

5.2 GDPR & UK GDPR Rights (EU/UK Users)

• Right to data portability (structured, machine-readable format)
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner's Office for UK users)

5.3 CCPA/CPRA Rights (California Users)

• Right to know what personal information is collected
• Right to know if information is sold or disclosed
• Right to opt-out of sale of personal information (we don't sell data)
• Right to non-discrimination for exercising your rights

5.4 LGPD Rights (Brazil)

• Right to access, correction, and deletion of personal data
• Right to data portability
• Right to information about shared data with third parties
• Right to revoke consent at any time
• Right to lodge a complaint with the ANPD (Autoridade Nacional de Proteção de Dados)

5.5 Additional International Rights

Users in other jurisdictions may have additional rights under local data protection laws, including but not limited to: PIPEDA (Canada), POPIA (South Africa), and APPI (Japan). These laws generally provide rights to access, correct, and delete personal data, and may impose additional requirements on cross-border data transfers. Where local law provides greater protection than this policy, the local law applies.

5.6 Exercising Your Rights

To exercise any of these rights, visit your account settings or contact us at info@brawler.ai. We will respond to requests within 30 days.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption at rest (AES-256) and in transit (TLS 1.2+)
• Row-level security in database with authenticated access only
• Secure API endpoints with authentication required
• Regular security audits and vulnerability assessments
• Access controls and least-privilege principles
• Regular backups with encrypted storage
• Incident response procedures for security breaches

While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

• Active accounts: Data retained while your account is active
• Deleted accounts: Personal data removed within 30 days of deletion request
• Backups: Retained for 90 days for disaster recovery, then purged
• Legal holds: Data retained as required by law or active legal processes
• Anonymized analytics: De-identified usage data may be retained indefinitely for service improvement

8. Voice Data & AI Coaching

Special considerations for voice coaching features:

• Voice audio is processed in real-time using OpenAI's Realtime API
• Transcripts are analyzed by Anthropic (Claude) for coaching insights
• Transcripts are stored for coaching continuity and context
• Voice audio is NOT permanently stored after session ends
• You can delete voice session history at any time
• Voice language preferences are customizable in settings
• Conversation memory can be disabled in privacy settings

9. Cookies & Tracking Technologies

9.1 Cookie Categories

• Strictly Necessary: Authentication, security (no consent required)
• Functional: User preferences, language settings, saved filters
• Analytics: Usage patterns, feature adoption, performance monitoring

9.2 Your Cookie Choices

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality of the service.

10. Age Restriction

Our service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately and we will take steps to delete the information. This minimum age exceeds COPPA requirements and satisfies GDPR default consent thresholds.

11. International Data Transfers

Your data is stored and processed in the United States. Your information may be transferred to and processed in the United States from countries with different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions for certain countries
• Your explicit consent for transfers

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to registered users (30-day advance notice)
• Prominent notice on the website
• Updated "Last Updated" date at the top of this policy

Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: