Privacy Policy
Last updated: 14 July 2026
1. Introduction
JITSLAB ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our BJJ training application and related services (collectively, the "App").
By using the App, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please discontinue use of the App.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you register, we collect your name, email address, and password (hashed and salted).
- Profile Information: Optional details such as home gym, belt rank, belt progression dates, date of birth, training start date, session targets, default gi/nogi preference, and Smoothcomp profile URL.
- Training Data: Session logs including techniques practised, training partners, duration, location, gi/nogi type, notes, goals, focus items, and subjective ratings.
- AI Coach Interactions: Session notes and context submitted for AI-generated feedback.
- Video Annotations: Notes, timestamps, and technique tags associated with instructional videos.
2.2 Health Data
If you enable Health Wearable Sync (Beta), we may collect the following data from compatible wearables via the Open Wearables (OW) SDK and Health Connect:
- Workout duration and type
- Calories burned
- Heart rate data (average and maximum)
- Workout timestamps
This data is collected only with your explicit consent and is used solely to enrich your training log with health metrics. The OW SDK communicates with our server at 23.254.148.221:8000 (HTTP, no TLS).
2.3 Automatically Collected Information
- Device type and operating system version
- App usage patterns and feature interactions (page views, features used, session activity)
- IP address and approximate geographic location (city/country level)
- Browser type and language preferences
This information is collected via our third-party analytics provider, PostHog, to help us understand how the App is used and to continuously improve its performance and user experience. No personally identifying information is transmitted to PostHog.
For more details, see §5 — Third-Party Services below and PostHog's Privacy Policy.
3. How We Use Your Information
We use your information for the following purposes:
- Providing and Improving the App: To operate, maintain, and enhance the App's features, including the training log, AI Coach, video library, health sync, and email digests.
- AI Coach: To generate personalised training feedback and insights based on your session data and notes.
- Email Digests: To send periodic training summaries, goal progress, and AI Coach insights (Pro tier feature).
- Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical support.
- Analytics: To understand usage patterns, improve user experience, and plan feature development. We use PostHog (a third-party analytics platform) to collect anonymised usage data. You may opt out of analytics tracking at any time via App Settings.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. Data Storage & Security
4.1 Storage Locations
- Primary Database: Cloudflare D1 — your training data, profile, and settings are stored in D1, a serverless SQL database provided by Cloudflare, with data replicated across global points of presence.
- Health Data Server: Open Wearables (OW) server at 23.254.148.221:8000 — health/wearable data is stored on this server. Communication occurs over HTTP (no TLS).
4.2 Security Measures
We implement industry-standard security measures including:
- Encryption in transit via HTTPS for all web traffic (except OW server, which uses HTTP).
- Passwords are hashed and salted using bcrypt.
- API authentication via bearer tokens.
- Regular security reviews of code and infrastructure.
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
5. Third-Party Services
We engage the following third-party service providers who may process your data:
- Cloudflare (D1, Pages, Workers): Data hosting, storage, serverless compute, and CDN. Privacy Policy
- Stripe: Payment processing for Pro subscriptions. We do not store your payment card details. Privacy Policy
- Resend: Email delivery service for digests and account notifications. Privacy Policy
- OpenRouter: AI model routing for Pro-tier AI Coach. Session data may be processed by OpenRouter's upstream AI providers. Privacy Policy
- BYOK Provider (your choice): If you use the BYOK tier, your AI Coach requests are sent to the API provider you select (e.g., OpenAI, Anthropic). Your use of that provider's service is governed by their terms and privacy policy.
- PostHog: Self-hosted product analytics platform. We use PostHog to collect anonymised usage data (page views, feature interactions, session activity) to measure and improve site performance and user experience. No personally identifying information is sent to PostHog. Privacy Policy — EU-hosted (eu.posthog.com).
You may opt out of analytics tracking at any time via Settings → Privacy → Analytics Tracking.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the App's services. If you delete your account, we will permanently delete your personal data within 30 days, except where retention is required by law (e.g., billing records retained for 7 years as required by Australian tax law).
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal obligations). You can also delete your account directly via Settings → Danger Zone → Delete My Account.
- Data Export: Request a machine-readable export of your data.
- Withdraw Consent: Withdraw consent for health data collection at any time by disabling Health Sync in settings.
- Object to Processing: Object to certain processing activities, including automated decision-making (our AI Coach is optional).
To exercise any of these rights, contact us at admin@jfxyz.xyz. We will respond within 30 days.
8. Cookies
We use minimal cookies and local storage for essential functionality:
- Authentication Token: Stored in localStorage to maintain your login session. Cleared on sign-out.
- User Profile Cache: Stored in localStorage to avoid repeated API calls.
- Functional Cookies: Used by Cloudflare for network routing and security (__cfduid cookie).
We do not use tracking cookies or advertising cookies, and the App does not serve advertisements. However, the App does use a third-party analytics platform (PostHog) to collect anonymised usage data. PostHog stores session information via browser localStorage to distinguish unique visits and track feature interactions. This analytics tracking is optional and can be disabled at any time via Settings → Privacy → Analytics Tracking.
You may clear localStorage at any time via your browser settings. Doing so will sign you out and reset certain preferences.
9. Children's Privacy
The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that information. If you believe a child under 13 has provided us with personal data, please contact us immediately.
10. International Data Transfers
Your data may be processed in Australia, the United States, and other countries where our service providers operate. By using the App, you consent to the transfer of your data to these locations. Cloudflare's global network spans over 300 cities worldwide; your data may be processed in any of these locations.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email (if you have provided one) or through the App. Your continued use of the App after the effective date of the revised policy constitutes your acceptance of the changes.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: admin@jfxyz.xyz
Owner: Jonathan Farmer
Jurisdiction: Australia