Summary
- We collect account data (name, email, password hash), billing data (handled by Stripe — we never see your full card number), usage data (what videos you play, when you log in), and a small amount of device data (IP, browser).
- We use it to run the platform, send you transactional emails, and improve the product. We don't sell your data and we don't use it for advertising on third-party sites.
- You can email privacy@powerpause.health any time to access, correct, export, or delete your data.
- California, Colorado, Connecticut, Texas, Virginia, Utah, and EU/UK residents have additional rights — see sections 8 and 9.
1. Who we are
The data controller is The Power Pause Project, LLC, an Arizona limited liability company doing business as “Power Pause” (referred to in this policy as “we,” “us,” or “Power Pause”). Our service is delivered at powerpause.health and the related member dashboard.
Mailing address: 3260 N Hayden Rd, Suite 210-1402, Scottsdale, AZ 85251
For privacy-related questions or to exercise your rights, contact privacy@powerpause.health.
2. Information we collect
2.1 Information you give us
- Account information — your name, email address, and the password you choose (stored only as a one-way hash, never in plaintext).
- Profile preferences — anything you fill in on your account page (display name, time zone, dietary preferences).
- Communications — messages you send us via email, the contact form, or our admin assistant.
- Payment details — when you subscribe, payment is processed by Stripe. We receive only the last four digits of the card, the brand (e.g. Visa), expiration, and a Stripe customer/payment-intent identifier. We never receive your full card number, CVC, or PIN.
2.2 Information we collect automatically
- Usage data — videos you play, pages you visit, PDFs you download, time stamps. This helps us improve content and detect bugs.
- Device data — IP address, browser type, operating system, and approximate location (city / country, derived from IP). We do not collect precise GPS location.
- Authentication cookies set by Supabase (see § 5).
2.3 What we do not collect
We do not collect biometric identifiers, genetic data, or precise location. We do not ask for health diagnoses or medical history. If you choose to share health information in a message to us (e.g. asking Lauren a coaching question), please omit anything you don't want stored in our email systems.
3. How we use information
We use the information described above to:
- Create your account and grant you access to the right tier;
- Process payments and manage subscriptions, including installment schedules;
- Send transactional emails (account confirmation, password reset, receipts, billing notices, trial-expiry reminders);
- Personalize your dashboard (which week you're on, what you've completed);
- Provide customer support and respond to questions you send us;
- Detect and prevent fraud, abuse, and security threats;
- Improve our content and platform by analyzing aggregated usage patterns; and
- Comply with legal obligations and enforce our Terms.
Legal basis (EU/UK): we process your data on the basis of (i) the contract between you and us for the paid/trial service, (ii) legitimate interests in running and improving the service and securing it, (iii) your consent where required (e.g. optional newsletters), and (iv) legal obligations (tax, accounting, fraud).
5. Cookies & tracking
We use a minimal set of strictly necessary cookies:
sb-*— Supabase authentication cookies that keep you signed in (session and refresh tokens). These are essential for the service.__stripe_midand related cookies set by Stripe during checkout for fraud prevention. Subject to Stripe's own privacy policy.
We do not run third-party advertising trackers, social-media pixels, or cross-site behavioral profilers. We do not use Google Analytics, Facebook Pixel, or similar tools at this time. If we add product analytics in the future, we'll update this section before turning them on.
You can clear or block cookies in your browser; doing so will sign you out and may break parts of the dashboard.
6. Data retention
We keep your account and entitlement data for as long as you have an active account and for a reasonable period after deletion to satisfy tax, accounting, and legal-defense obligations. Specific retention windows:
- Account & profile: until you delete your account, then up to 30 days in backups before permanent removal.
- Purchase & billing records: retained for 7 years after the last transaction to meet US and EU tax / accounting law.
- Server logs: typically 30 days, longer where necessary to investigate abuse or fraud.
- Email communications: retained for 2 years.
7. Your rights (everyone)
Regardless of where you live, you can:
- Access — request a copy of the personal data we hold about you.
- Correct — fix inaccurate or incomplete data.
- Delete — close your account and have your data removed (subject to the retention windows in § 6).
- Export — receive a portable copy of your data.
- Object or restrict certain processing.
- Opt out of marketing — every promotional email includes an unsubscribe link. Transactional emails (receipts, password resets) are part of the service and continue while your account is active.
Email privacy@powerpause.health to make a request. We will respond within 30 days (45 days for complex requests) and will verify your identity before disclosing or deleting data.
8. US state-specific notices
California (CCPA / CPRA)
In the past 12 months we have collected the categories of personal information described in § 2: identifiers, customer records, commercial information, internet activity, geolocation (derived, imprecise), and inferences. We have not sold or shared (for cross-context behavioral advertising) any personal information. We do not knowingly collect personal information about residents under 16 without the required opt-in.
Your California rights:request access, deletion, correction, the right to know what we've collected, and the right to limit the use of sensitive personal information. To exercise them, email privacy@powerpause.health with the subject “CCPA Request.” You may also use an authorized agent; we will verify their authority. We do not discriminate against you for exercising these rights.
Texas, Virginia, Colorado, Connecticut, Utah, Oregon, Montana, New Jersey, and other state privacy laws
Residents of states with comprehensive consumer-privacy laws have rights similar to those described above: access, correction, deletion, portability, and opt-out of sale, sharing, targeted advertising, and certain profiling. Because we do none of those activities, opting out is not necessary — but you can still request access or deletion at the email above. Where required, you have the right to appeal a denied request by replying to our decision; we will respond within 60 days.
9. EU / UK notices (GDPR & UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply. The data controller is The Power Pause Project, LLC; we do not have an EU representative because we are not subject to Article 27 (our processing is occasional and limited).
Your rights:access, rectification, erasure (“right to be forgotten”), restriction of processing, portability, objection (including to processing based on legitimate interests), and the right not to be subject to solely automated decision-making with legal effects (we do not engage in such decision-making).
Withdrawing consent: where we rely on your consent, you can withdraw it at any time. Withdrawal does not affect processing that took place before withdrawal.
Complaints:you have the right to lodge a complaint with your supervisory authority — in the UK that is the Information Commissioner's Office (ico.org.uk); in the EU it is your local data protection authority.
10. Children's privacy
The service is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 13 (COPPA) or knowingly market to minors under 18. If we learn that we have collected information from a child under 13, we will delete it. Parents or guardians who believe their child has provided data may contact privacy@powerpause.health.
11. International transfers
We are based in the United States and our service providers (Stripe, Supabase, Mux, Vercel, Resend, Anthropic) primarily host data in the United States. If you access the service from outside the US, your information will be transferred to and processed in the United States. For transfers from the EEA, UK, or Switzerland, we rely on (i) the European Commission's Standard Contractual Clauses (and UK addendum), (ii) the EU-US Data Privacy Framework where the receiving provider participates, and (iii) your continued use as informed consent.
12. Security
We use industry-standard safeguards: encryption in transit (TLS 1.2+), encryption at rest for the database and stored files, JWT signed playback URLs for paid videos, hashed passwords (bcrypt), and role-gated administrative access. No system is perfectly secure; we cannot guarantee absolute security. If we discover a breach affecting your data, we will notify you and the relevant authority where required by law.
13. Changes to this policy
We may update this Privacy Policy from time to time. We'll update the “Last updated” date at the top and, for material changes, notify active members by email at least 14 days before the change takes effect. Your continued use of the service after a change indicates acceptance.
Questions about this policy?
Email hello@powerpause.health. For privacy or data-deletion requests, use privacy@powerpause.health.
Mailing address: 3260 N Hayden Rd, Suite 210-1402, Scottsdale, AZ 85251
This policy is provided by The Power Pause Project, LLC, doing business as Power Pause, registered in Arizona. For other policies, see Terms, Privacy, Refunds, and Waiver.