Privacy Policy

OpenMat ("we", "our", or "us") operates the OpenMat platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By using OpenMat, you agree to the collection and use of information in accordance with this policy.

We collect information that you provide directly to us:

• Account information: name, email address, username, password, and profile details
• Profile information: belt rank, training history, gym affiliations, and bio
• Content you create: posts, comments, messages, and media uploads
• Communication data: messages sent to other users and contact form submissions
• Payment information: processed securely through our payment providers (Stripe)

We also automatically collect:

• Device and usage information: IP address, browser type, pages visited, and interaction data
• Location data: approximate location based on IP address or gym check-in data
• Cookies and similar technologies: session tokens, preferences, and analytics data

We use the information we collect to:

• Provide, maintain, and improve our services
• Create and manage your account and facilitate social connections
• Match you with training partners based on your preferences
• Send notifications, updates, and promotional communications
• Process payments and manage subscriptions
• Analyze usage patterns to improve the platform experience
• Detect, prevent, and address fraud and security issues
• Comply with legal obligations

We do not sell your personal information. We may share your information in the following circumstances:

• With other users: your public profile, posts, and activity are visible based on your privacy settings
• With service providers: third-party services that help us operate the platform (hosting, analytics, email delivery, payment processing)
• For legal reasons: when required by law, legal process, or to protect our rights and safety
• With your consent: when you explicitly authorize sharing with third parties

When you choose to sign in or register with Google, we use Google OAuth to authenticate you. This section describes specifically how OpenMat accesses, uses, stores, shares, and retains Google user data, in addition to the general practices described elsewhere in this policy.

Data we access.

Through Google Sign-In we request only the basic profile scopes (openid, email, and profile). This gives us access to:

• Your name
• Your email address
• Your Google profile picture
• Your Google account identifier

We do not request access to any other Google services or data (such as Gmail, Google Drive, Contacts, or Calendar).

How we use it.

We use this Google user data solely to:

• Create and authenticate your OpenMat account
• Populate your profile (display name and profile photo) and contact email
• Communicate essential account and service information

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, and we do not sell it.

How we share it.

We do not sell Google user data and do not transfer it to third parties except:

• to service providers (sub-processors) that operate the platform on our behalf — our authentication and database provider (Supabase), and, where you use those features, our email provider (Resend), payment processor (Stripe), and analytics provider (PostHog) — strictly to provide the OpenMat service to you;
• when required by law or to protect our rights and safety; or
• with your explicit consent.

We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models.

How we store and protect it.

Google user data is stored in our managed database and infrastructure (Supabase). It is encrypted in transit (TLS) and at rest, and protected by access controls and the technical and organizational measures described in the "Data Security" section below.

Retention and deletion.

We retain Google user data for as long as your account is active. You can delete your account and associated data at any time through your account settings, or by contacting us through our contact page. Upon account deletion, we delete the associated Google user data, except where retention is required for legal or legitimate business purposes (such as fraud prevention or compliance).

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze platform usage. You can control cookie settings through your browser preferences.

We use analytics tools (PostHog) to understand how users interact with our platform. This data helps us improve the user experience.

We retain your personal information for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time through your account settings.

Some information may be retained for legal or legitimate business purposes, such as fraud prevention and compliance with legal obligations.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to or restrict processing of your information
• Request portability of your data
• Withdraw consent at any time

To exercise these rights, please visit your account settings or contact us through our contact page.

OpenMat is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

If you have questions about this Privacy Policy or our data practices, please contact us through our contact page.