Project Strong

Privacy Policy

Last updated: February 24, 2026

Myles With A Y, LLC, doing business as Project Strong ("we," "us," or "our"), operates the projectstrong.co website and the Project Strong mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

Information We Collect

We collect information you provide directly to us when you create an account, use our Service, or communicate with us:

  • Account information: name, email address, phone number, and password
  • Profile information: profile photo, bio, and role within an organization
  • Fitness data: workout logs, exercise metrics (weights, reps, times), personal records, and progress measurements
  • Scheduling data: session bookings, availability preferences, and calendar information
  • Payment information: billing details and transaction history (payment card details are processed and stored by Stripe — we do not store your card numbers)
  • Communications: messages sent through the platform, contact form submissions, and support inquiries
  • Device information: when using our mobile apps, we may collect device type, operating system, and app version for troubleshooting purposes

How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions through Stripe
  • Send transactional notifications (booking confirmations, reminders, package expiration alerts)
  • Enable communication between trainers and clients within an organization
  • Track workout progress and generate fitness reports
  • Respond to your support requests and inquiries
  • Detect and prevent fraud, abuse, and security issues

We do not sell your personal information. We do not use your data for advertising purposes.

Third-Party Services

We use the following third-party services to operate our platform. Each has its own privacy policy governing their handling of your data:

  • Stripe — payment processing. Stripe processes and stores payment card details on our behalf. Stripe Privacy Policy
  • Amazon Web Services (AWS) — cloud hosting and infrastructure. Your data is stored on AWS servers in the United States. AWS Privacy Policy
  • Amazon SES — transactional email delivery (booking confirmations, reminders, password resets)
  • Sentry — error monitoring in our mobile apps to help us identify and fix crashes. Sentry may receive device and app state information when an error occurs. Sentry Privacy Policy
  • Umami — privacy-focused, cookieless website analytics. Umami collects anonymous, aggregated usage data (pages visited, referrer, browser type, device type, and country). It does not use cookies, does not collect personal information, and does not track users across sites. Umami Privacy Policy

We do not share your fitness data, workout logs, or personal records with any third party.

Organization Data

Project Strong is a multi-tenant platform. Your data belongs to you, but certain information (such as your name, booking history, and workout logs) is visible to trainers and administrators within the organization(s) you belong to. Organization owners and admins can view member data for the purpose of managing their fitness business. If you leave an organization, the organization may retain records of completed sessions and payments for their business records.

Cookies and Tracking

We use only essential cookies required for the Service to function:

  • Session cookie — keeps you signed in as you navigate the site
  • CSRF token cookie — protects against cross-site request forgery attacks

We do not use advertising cookies, tracking pixels, or fingerprinting. Our analytics provider (Umami) does not use cookies or any form of persistent client-side storage. We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as an opt-out of any non-essential data collection. For more details, see our Cookie Policy.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes (such as payment records, which we may retain for up to 7 years). Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics purposes.

Data Security

We take reasonable measures to protect your information, including encryption in transit (TLS/HTTPS), encryption at rest for sensitive data, and secure credential storage using AWS Secrets Manager. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that we correct inaccurate or incomplete data
  • Deletion: request that we delete your personal data
  • Export: request a portable copy of your data in a common format
  • Opt-out: opt out of non-essential data collection (we honor GPC signals automatically)

California residents (CCPA/CPRA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. You may exercise your rights by contacting us at the email below. We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us. We will respond within 30 days.

Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us.