Privacy Policy

1. Introduction

Stickd (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered gymnastics scoring and coaching platform (the “Service”). Please read this policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). If you sign in through Google or Apple, we receive your name, email, and a unique identifier from the provider. For gym accounts, we also collect gym name, role information (coach, gymnast, parent), and team membership details.

Gymnast Profile Data

We collect athlete profile information including gymnast name, date of birth, competitive level, program (USAG JO, Xcel, FIG), and apparatus focus. This data is used to tailor AI analysis to the appropriate Code of Points rules.

Video Content

When you upload a routine video, the video file is stored on our cloud infrastructure. Videos are processed by our AI analysis pipeline to generate scoring results. You retain ownership of all videos you upload.

Pose Data

Our mobile app uses on-device pose detection to capture joint position data (19 body joints tracked at up to 60 frames per second) during video recording. This skeletal pose data is uploaded separately from the video and stored on our servers. Pose data is used for biomechanical analysis of technique and form, and does not include identifiable facial features.

AI Analysis Results

We store the results of AI analysis, including detected skills, deductions, start values, execution scores, artistry assessments, and drill recommendations. These results are linked to your routines and gymnast profiles.

Usage and Analytics Data

We automatically collect usage information such as pages visited, features used, device type, browser type, IP address, and interaction patterns. We use Vercel Analytics and Vercel Speed Insights to monitor performance and improve the Service. These tools collect anonymized web vitals and page view data.

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe collects and processes payment information in accordance with their own privacy policy. We store a reference to your Stripe customer ID and subscription status.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Service
Process your videos through our AI analysis pipeline to generate scoring, deduction breakdowns, and drill recommendations (only with your explicit consent to share data with third-party AI providers — see Section 4)
Personalize your experience based on gymnast level, program, and apparatus
Process payments and manage subscriptions
Track progress over time and generate performance analytics
Communicate with you about your account, updates, and support requests
Detect and prevent fraud, abuse, and security incidents
Improve our scoring accuracy using aggregated, de-identified performance data (your data is never used to train third-party AI models)

4. Third-Party Services

We share data with the following third-party services as necessary to operate the Service:

Google Gemini (primary) and Anthropic Claude (supplementary) — To score and analyze your routines, we send the following data to Google's Gemini API and Anthropic's Claude API: video frames or full video recordings, skeletal pose data (19 body joints — no facial features), gymnast profile information (level, apparatus, program), and physical descriptions when multiple people appear in the video. These providers process your data solely for the purpose of AI-powered skill recognition, form analysis, and deduction detection. Your data is not used by these providers to train their AI models and is not permanently stored by them. All data is encrypted in transit. These providers process your data in accordance with their respective privacy policies and data processing agreements, which provide the same or greater level of protection as described in this policy. You may decline AI data sharing in our mobile app — your routine videos will still be saved, but AI-powered analysis will not be performed.
Vercel — Our web application and video storage (Vercel Blob) are hosted on Vercel's infrastructure. Vercel processes web requests, stores uploaded videos, and collects anonymized analytics data.
Neon — Our PostgreSQL database is hosted on Neon. All account data, analysis results, and application data are stored in Neon's infrastructure.
Stripe — Web-based payment processing and subscription management. Stripe collects and processes payment information directly.
RevenueCat — Manages in-app purchases and subscription status for our iOS app. RevenueCat processes your Apple purchase history and subscription transactions to verify entitlements. It collects anonymized purchase events for subscription analytics. RevenueCat does not have access to your payment details, which are handled by Apple.
Google and Apple — If you use Google or Apple sign-in, authentication data is exchanged with these providers.

5. Data Retention

We retain your account data and associated content for as long as your account is active. You may delete individual routines and their associated analysis data at any time. When you delete your account, we will delete your personal data, videos, and analysis results within 30 days, except where we are required by law to retain certain information. Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for service improvement purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your personal data and account
Export: Request a portable copy of your data in a machine-readable format
Restriction: Request restriction of processing of your personal data
Objection: Object to processing of your personal data for certain purposes

To exercise any of these rights, please contact us at privacy@stickd.app. We will respond to your request within 30 days.

7. Children's Privacy (COPPA Compliance)

We recognize that our Service is used by and for minor athletes. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar regulations.

Children under 13 may not create an account directly. Accounts for children under 13 must be created and managed by a parent, legal guardian, or authorized coach.
Parents and guardians may upload videos of their minor children for analysis. By doing so, they consent to the processing of that content as described in this policy.
Gym and coaching accounts that manage gymnast profiles for minors must have obtained appropriate parental consent before adding minor athletes to the platform.
Parents and guardians may request access to, correction of, or deletion of their child's data at any time by contacting us.
We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we become aware that we have collected such information without consent, we will promptly delete it.

8. Cookies and Tracking

We use essential cookies required for authentication and session management. We use Vercel Analytics for anonymized page view and performance tracking, which does not use cookies for cross-site tracking. We do not use third-party advertising cookies or trackers.

9. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS/HTTPS) for all data transmitted between your device and our servers
Encryption at rest for stored data in our database
Bcrypt hashing for passwords (never stored in plain text)
JWT-based authentication with secure token management
Role-based access controls to ensure users can only access their own data and data they are authorized to view
Regular security reviews and monitoring of our infrastructure

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take steps to ensure that data transfers comply with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email to the address associated with your account. We encourage you to review this policy periodically. Changes become effective upon posting unless otherwise specified.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@stickd.app
General inquiries: support@stickd.app