Privacy Policy
Last updated: July 3, 2026
This policy explains what information Loaded collects, how it is used, and the choices you have. It applies to the Loaded website, web application, athlete portal, and forum (the “Service”).
Information We Collect
- Account data: email address, password (stored as a hash by our auth provider), display name, role (coach or athlete), optional username and avatar.
- Meet and training data: meet details, lifter names, bodyweight, gender (used for scoring formulas such as DOTS), flights, warm-ups, attempts, and results. Coaches enter data about their athletes; coaches are responsible for having permission to do so. Bodyweight and performance data can be sensitive — we treat it as private by default.
- Content you post: forum threads and replies, and public profile information you explicitly choose to publish.
- Push subscriptions: if you opt in to notifications, your browser's push endpoint (not your phone number) is stored so we can send meet alerts.
- Payment data: handled by Stripe. We never see or store full card numbers.
- Technical data: standard server logs (IP address, browser type, timestamps) used for security, rate limiting, and debugging.
What We Do Not Do
- We do not sell your personal information.
- We do not run third-party advertising or ad trackers.
- We do not make athlete data public unless the athlete explicitly turns on a public profile (which can be turned off at any time).
How We Use Information
To operate the Service (running meets, syncing devices, sending the notifications you asked for), to secure it (authentication, rate limiting, abuse prevention), to support you, and to improve the product. Legal bases where required: performance of a contract, legitimate interests, and consent (for notifications and public profiles).
Who We Share It With
Service providers that host and power Loaded: Supabase (database and authentication), Vercel (hosting and logs), Stripe (payments), and browser push services operated by your platform (e.g., Apple, Google, Mozilla) for notification delivery. Each processes data only to provide their service. We may disclose information if required by law or to protect the Service and its users.
Visibility Within the Service
Meet data is visible to the coach who runs the meet and, via athlete links, to the athletes in it. Forum posts are visible to signed-in users. Public athlete profiles are visible to anyone with the link — only if you opt in.
Retention and Deletion
We retain data while your account is active so your meet history works as intended. You may delete forum posts you authored, turn off your public profile, or request full account and data deletion by emailing us; we will delete or anonymize your personal data within 30 days except where retention is legally required (e.g., payment records).
Your Rights
Depending on where you live (including under GDPR and CCPA/CPRA), you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Contact us to exercise them; we do not discriminate for doing so.
Cookies
We use only essential cookies: authentication session cookies and security tokens. No advertising or cross-site tracking cookies.
Children
Accounts require the user to be at least 13 (or the digital consent age in your jurisdiction). Coaches who enter data about minor athletes must have consent from a parent or guardian. If you believe a child's data was provided without consent, contact us and we will delete it.
Security
Data is encrypted in transit, access is restricted with row-level security, and secrets are stored in managed infrastructure. No system is perfectly secure; if a breach affects your data we will notify you as required by law.
Changes and Contact
We will post any changes here with an updated date. Questions or requests: b.caporoth@gmail.com. See also our Terms of Service.