Privacy Policy · Master Your Foundations

Overview

Who We Are

This Privacy Policy applies to the Master Your Foundations application ("the App") operated by Mens Health Collective Co. (ABN registered, NSW, Australia) ("we", "us", "our").

We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the App, you consent to the collection, use, and disclosure of your information as described in this policy.

Questions or concerns? Contact us at nathan@menshealthcollective.com

Section 1

Information We Collect

We collect the following categories of personal information:

Category	What we collect	How
Identity	First name, email address	When you join the Mens Health Collective community
Health metrics	Weekly check-in responses: energy, sleep quality, mood, digestion, libido, mental clarity, morning wood, strength, stress, nutrition score, hydration, cravings, wins, struggles, focus areas	When you voluntarily submit a weekly check-in in the App
Health assessment	Foundations quiz responses and calculated scores	When you voluntarily complete the foundations quiz
Usage data	Check-in history, streak data, last active date, engagement timestamps	Automatically when you use the App
Device data	Push notification subscription token	Only if you opt in to push notifications
Membership status	Active, paused, or cancelled status from your Circle community membership	Automatically via your Circle membership events

Sensitive Information: Your health check-in data and quiz responses constitute "sensitive information" under the Australian Privacy Principles. We treat this data with a higher standard of care and will not collect, use, or disclose it without your consent, except as required by law.

Section 2

How We Use Your Information

We use your personal information only for the purposes for which it was collected:

To provide and maintain the App and your personalised health coaching experience
To display your progress, streaks, and trends within the App
To allow your coach to review your check-ins and provide appropriate guidance
To send you transactional emails (login links, welcome, membership notifications)
To send you push notification reminders, if you have opted in
To manage your membership access (active, paused, or cancelled)
To improve the App and our coaching services

We will not use your health data for marketing purposes, sell it to third parties, or share it with any party not listed in this policy.

Section 3

Third-Party Services (Data Processors)

We use the following third-party services to operate the App. Each acts only on our instructions and is bound by their own privacy policies:

Service	Purpose	Data they handle
Supabase supabase.com	Database and authentication. Hosted on AWS infrastructure.	All member data including health metrics
Netlify netlify.com	App hosting and serverless backend functions	Request/response data, no persistent storage
Resend resend.com	Transactional email delivery	Email address, first name
Zapier zapier.com	Automation - passes membership events from Circle to the App	Email address, first name, membership status
Circle.so circle.so	Community platform - your membership is managed here	Email address, membership status
Stripe stripe.com	Payment processing for your membership subscription	Name, email, billing and card details (handled directly by Stripe; we never see or store card numbers)

Some of these services are hosted outside of Australia (primarily in the United States). By using the App, you consent to your information being transferred to and processed in these countries. We take reasonable steps to ensure these services maintain appropriate data protection standards.

Section 4

Data Storage and Security

Your data is stored securely in Supabase's database infrastructure (hosted on AWS). We implement the following security measures:

Row-level security (RLS) - you can only access your own data
All data transmitted over HTTPS/TLS encryption
Authentication via one-time magic links - no passwords stored
Access to all member data is restricted to authorised coach accounts only
Service role keys are stored as encrypted environment variables, never exposed to the client

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Section 5

Data Retention

We retain your personal information for as long as your membership is active and for a reasonable period thereafter.

Active members: All data retained for the duration of membership
Cancelled/archived members: Data retained for up to 24 months to allow for rejoining, after which it may be deleted
On request: You may request deletion of your data at any time (see Section 7)

Health check-in data may be retained in an anonymised, aggregated form for service improvement purposes after deletion of your identifiable records.

Section 6

Push Notifications

If you opt in to push notifications, your browser or device will generate a unique push subscription token. This token is stored in our database and used solely to deliver notifications to your device.

You can withdraw consent at any time through your device or browser settings
We will only send notifications relevant to your coaching experience (check-in reminders, milestones, coach messages)
We will not send marketing or promotional push notifications without your explicit separate consent

Section 7

Your Rights Under the Australian Privacy Principles

Under the Privacy Act 1988 (Cth) and the APPs, you have the right to:

Access - request a copy of the personal information we hold about you
Correction - request correction of inaccurate or incomplete information
Deletion - request deletion of your personal information (subject to legal retention requirements)
Opt out - withdraw consent for push notifications or non-essential communications at any time
Complain - lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at nathan@menshealthcollective.com. We will respond within 30 days.

Section 8

Cookies and Local Storage

The App uses browser localStorage (not cookies) to store your check-in history and preferences locally on your device for offline access and performance. This data never leaves your device except when synced to our database during an active session.

Supabase authentication may use session tokens stored in localStorage to keep you logged in. These tokens expire automatically and are cleared when you log out.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Section 9

Children's Privacy

The App is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us immediately and we will delete it.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

For material changes, we will notify active members via email.

Section 11

Contact Us

For any privacy-related questions, requests, or complaints:

Mens Health Collective Co.
NSW, Australia
nathan@menshealthcollective.com

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
oaic.gov.au/privacy/privacy-complaints · 1300 363 992