Security & Privacy

Privacy Compliance

Privacy Laws We Follow:

Build Stability complies with major privacy regulations:

GDPR (EU/UK):

• Right to access your data • Right to rectification (correct errors) • Right to erasure (deletion) • Right to data portability • Right to restrict processing

CCPA (California):

• Right to know what data we collect • Right to delete your data • Right to opt-out of data sales (we don't sell data) • Non-discrimination for exercising rights

Australian Privacy Act:

• Compliance with Australian Privacy Principles • Data stored securely with appropriate safeguards

How to Exercise Your Rights:

1. Contact support@buildstability.com 2. Include "Data Subject Rights Request" in the subject line 3. Specify which right you're exercising 4. We'll respond within 30 days

Third-Party Services:

Stripe: Payment processing (PCI compliant) • Supabase: Database hosting (SOC 2 Type II certified) • Google Analytics: Usage analytics (can be disabled) • OpenAI: AI assistant and workout generation (client names and session context shared; emails and phone numbers are never sent)`, links: [ { text: 'Privacy Policy', href: '/privacy', external: false }, { text: 'Terms of Service', href: '/terms', external: false } ] }, { id: 'security-faq', title: 'Security FAQ', content: `Common Questions About Security:

Q: Can other trainers see my client data?

A: No. Each business is completely isolated. Row-level security at the database level ensures you can only access data belonging to your business. Even if someone guesses a client ID, they cannot access records from another business.

Q: Is my information safe?

A: Yes. We use Stripe for all processing. Your card details go directly to Stripe—they never touch our servers. Stripe is PCI DSS Level 1 certified, the highest level of security certification.

Q: What happens to my data if I cancel?

A: You have 90 days of read-only access to view and export your data. After 90 days of inactivity, data may be archived or permanently deleted. You can renew your subscription at any time to restore full access.

Q: Do you share my data with third parties?

A: We share data only with essential service providers: • Stripe for membership processing • Supabase for database hosting • OpenAI for AI features (client names and session context; no emails, phone numbers, or payment data) • Email providers for transactional emails

We do not sell your data or use it for advertising.

Q: What about AI-generated workout plans?

A: When you use AI workout generation, we send exercise parameters (sets, reps, equipment) to OpenAI. The AI Assistant also sends client names, schedules, and session notes to provide contextual advice. We never send emails, phone numbers, or payment data to OpenAI. All AI features use zero-retention mode (store: false). You can use manual features if you prefer not to use AI.

Q: How do I report a security concern?

A: Email security@buildstability.com with details. We take all reports seriously and will respond promptly.

Q: Is my data backed up?

A: Yes. Our database provider maintains automated backups. However, we recommend periodically exporting your data for your own records.

Q: Do you have certifications?

A: Our infrastructure providers (Supabase, Stripe) maintain SOC 2 and PCI DSS certifications. As a growing platform, we follow security best practices and regularly review our security measures.

Ready to implement these strategies?

Join thousands of trainers using BuildStability to automate engagement tracking and prevent churn.

Start Your Free Trial