Privacy Policy
Last updated: 2026-07-03
This page is maintained by the operator of SOLO Hero. It is not legal advice — consult your own counsel before publishing to the App Store or Play Store.
SOLO Hero ("we", "us", "the app") is a fitness app designed for children ages 5–12 and their parents. This policy explains what we collect, why, and your choices. It applies to the SOLO Hero web app and mobile apps operated by [COMPANY LEGAL NAME].
1. Information we collect
- Account data: parent email address and password hash (via Lovable Cloud / Supabase Auth).
- Kid profile data (parent-provided): nickname, avatar, birth year, favorite color. This is entered by the parent, stored under the parent's account, and never shared publicly.
- Subscription data: plan, status, renewal date, and Stripe customer ID. Payment card details are handled entirely by Stripe and never touch our servers.
- Usage data (device only): voice, energy, and workout preferences saved in your device's local storage. This never leaves the device.
2. What we do NOT collect
- No third-party advertising SDKs.
- No behavioral tracking or cross-site profiles.
- No microphone, camera, or location data.
- No contact list, photo library, or file system access.
3. How we use data
Only to run the service: authenticate you, remember your kid profiles, deliver workouts, process subscriptions, provide support, and detect abuse.
4. Data sharing
We share data only with providers required to run the service:
- Supabase / Lovable Cloud — authentication and database hosting.
- Stripe — payment processing.
- OpenAI — coach voice text-to-speech (workout cue text only; no personal data).
We do not sell data. We do not share data for advertising.
5. Data retention & deletion
You can delete your account at any time from Account settings, or by emailing [SUPPORT EMAIL]. All associated data (kid profiles, subscription records, roles) is deleted within 30 days.
6. Children's privacy
See our separate Children's Privacy Notice for COPPA-specific details.
7. Security
Data is transmitted over HTTPS. Passwords are hashed by Supabase Auth. Access to the production database is restricted to authorized administrators.
8. International users
Data is stored on servers operated by Supabase. By using the app you consent to the transfer and processing of your data in those regions.
9. Changes
We will post updates to this page and update the "Last updated" date above.
10. Contact
[COMPANY LEGAL NAME]
[MAILING ADDRESS]
Email: [SUPPORT EMAIL]