Privacy Policy

1. Our Privacy Commitment

SitStraight is built with privacy as a core principle. All AI posture detection runs entirely in your browser using TensorFlow.js. Your webcam video is never transmitted to, processed by, or stored on our servers.

2. Data We Collect

• Account information: Email address and name from Google OAuth sign-in.
• Posture session data: Posture scores, session duration, posture type ratios, and alert counts. This is numerical metadata only — no images or video.
• User preferences: Alert settings, language preference, and theme settings stored locally in your browser.

3. Data We Do NOT Collect

• Webcam images or video footage
• Screen recordings or screenshots
• Keystroke or mouse activity
• Location data

4. How We Use Your Data

We use collected data to:

• Provide posture tracking history and analytics
• Generate weekly posture reports
• Manage your subscription and billing
• Improve the Service

5. Data Storage

Your account and session data is stored securely on Supabase (PostgreSQL) with row-level security policies. Data is encrypted in transit (TLS) and at rest.

6. Third-Party Services

• Google OAuth: Authentication only. We receive your name and email.
• Supabase: Database and authentication infrastructure.
• Polar: Payment processing for subscriptions.

7. Data Deletion

You may request deletion of your account and all associated data at any time by contacting us. Upon account deletion, all posture session data will be permanently removed within 30 days.

8. Cookies

We use essential cookies for authentication (session tokens). We do not use advertising or tracking cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

10. Contact

For privacy-related inquiries, please contact us.