Privacy Policy
Last updated: February 2026
This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use BESTLEVEL LLC's SaaS platform and tells you about your privacy rights and how the law protects you.
1. INTERPRETATION AND DEFINITIONS
1.1 Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
1.2 Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for trainers to access our SaaS platform or parts of our Service.
- Application refers to the BESTLEVEL mobile application used by end users (trainer's clients).
- Company (referred to as either "the Company", "We", "Us" or "Our") refers to BESTLEVEL LLC.
- Device means any device that can access the Service such as a computer, cellphone or digital tablet.
- End Users means the clients of our trainers who use the mobile application.
- Personal Data is any information that relates to an identified or identifiable individual.
- Platform refers to our SaaS web platform used by trainers to manage their clients and create workouts.
- Service refers to both our SaaS platform and mobile application.
- Service Provider means any natural or legal person who processes data on behalf of the Company.
- Trainers means our direct clients who are personal trainers or sports clubs using our platform.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
2. DATA WE COLLECT
2.1 Trainer Data (Our Direct Clients)
When trainers register and use our platform, we collect:
- Email address and password
- First name and last name
- Phone number
- Business information (gym/club name, certifications)
- Payment information (processed through Stripe)
- Workout content and training programs created
- Client management data entered into the platform
2.2 End User Data (Trainer's Clients)
Through our mobile application, we collect data about end users on behalf of trainers:
- Name and contact information provided by the trainer
- Training progress and performance data
- Photos and videos related to exercises (with permission)
- Device information and app usage data
- Communication between trainer and end user through the app
2.3 Usage Data
We automatically collect:
- IP addresses and device identifiers
- Browser type and version
- Pages visited and time spent on our platform
- Mobile device information and operating system
- App usage patterns and feature interactions
3. HOW WE USE YOUR DATA
3.1 For Trainers
- Provide access to our SaaS platform and its features
- Process payments and manage subscriptions
- Provide customer support and technical assistance
- Send service updates and important notifications
- Improve our platform based on usage patterns
- Ensure platform security and prevent fraud
3.2 For End Users
- Enable communication between trainers and their clients
- Provide workout content and track progress
- Store and sync data across devices
- Improve app functionality and user experience
- Ensure app security and proper functioning
Important:
We act as a data processor for end user data. Trainers are responsible for obtaining proper consent from their clients and ensuring compliance with applicable privacy laws in their jurisdiction.
4. DATA SHARING AND DISCLOSURE
4.1 We may share data in the following situations:
- With Service Providers: Stripe for payment processing, cloud hosting providers for data storage
- Between Trainers and End Users: Data is shared within the trainer-client relationship as intended
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In case of merger, acquisition, or sale of company assets
- Safety and Security: To protect rights, property, or safety of our users
4.2 We do NOT:
- Sell personal data to third parties
- Share data between different trainers
- Use end user data for our own marketing purposes
- Access trainer-client communications unless required for technical support
5. DATA SECURITY AND RETENTION
5.1 Security Measures
We implement industry-standard security measures including:
- Encryption of data in transit and at rest
- Regular security audits and updates
- Access controls and authentication systems
- Secure cloud infrastructure with reputable providers
- Regular backups and disaster recovery procedures
5.2 Data Retention
- Trainer Data: Retained while account is active and for 90 days after cancellation
- End User Data: Retained as long as the trainer maintains their account
- Usage Data: Typically retained for 2 years for analytics and improvement purposes
- Payment Data: Retained according to legal requirements and Stripe's policies
- Inactive Accounts: Accounts with no login activity for 12 consecutive months are considered inactive. We will send a notification email 30 days before automatic deletion. If no activity occurs during the 30-day notice period, the account and all associated data (including End User data) will be permanently deleted. Users can prevent deletion simply by logging in during the grace period.
6. YOUR RIGHTS
6.1 For Trainers
- Access and download your data
- Correct or update your information
- Delete your account and associated data
- Export client data before account deletion
- Object to certain data processing activities
6.2 For End Users
End users should contact their trainer directly for data requests. However, end users can also contact us directly at contact@thebestlevel.com for:
- Questions about how their data is processed
- Requests to delete their data from our systems
- Complaints about data handling
7. INTERNATIONAL DATA TRANSFERS
As a global SaaS platform, your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:
- Standard contractual clauses with service providers
- Compliance with GDPR, CCPA, and other applicable privacy laws
- Regular assessment of data protection measures
- Ensuring service providers meet our security standards
8. CHILDREN'S PRIVACY AND COPPA COMPLIANCE
COPPA Compliance Declaration:
BESTLEVEL LLC complies with the Children's Online Privacy Protection Act (COPPA) with respect to the collection and use of personal information from children under the age of 13 in the United States.
8.1 Verifiable Parental Consent
Our platform is intended for trainers and sports clubs who are 18 years or older. When a Trainer or Club adds an athlete under the age of 13 to the platform, the following safeguards are in place:
- The platform requires a parent or guardian email address for all athletes under 13 years of age.
- All account-related communications (welcome emails, notifications, payment reminders) are sent to the parent/guardian email, not to the child directly.
- The Club or Trainer, acting as the Data Controller, is responsible for obtaining verifiable parental consent before adding any minor under 13 to the platform.
- BESTLEVEL LLC does not knowingly collect personal information directly from children under 13 without parental involvement through the Data Controller.
8.2 Data Collected from Minors
When a minor athlete is added to the platform by their Club or Trainer, the following data may be collected and processed:
- Identity Information: Full name, date of birth
- Physical Measurements: Height, weight (for athletic performance tracking)
- Performance Data: Training progress, workout completion, exercise metrics
- Health/Injury Data: Injury records, availability status, recovery tracking (for coaching communication and availability tracking purposes only — see Medical Disclaimer)
- Media Content: Photos and/or videos of training sessions (uploaded by the Trainer or through the mobile app with the consent managed by the Data Controller)
8.3 Parental Rights
Parents or legal guardians of minor athletes have the right to:
- Review the personal information collected about their child by contacting the Data Controller (their Club or Trainer) or by contacting BESTLEVEL LLC directly at contact@thebestlevel.com.
- Request deletion of their child's data from the platform.
- Refuse further collection of their child's personal information, which may result in the child's account being deactivated.
- Receive a copy of their child's data in a portable format upon request.
To exercise any of these rights, parents may contact the Club/Trainer directly (as Data Controller) or reach out to BESTLEVEL LLC at contact@thebestlevel.com.
8.4 Minors Between 13 and 18
For athletes between the ages of 13 and 17, the Trainer or Club remains responsible for ensuring that appropriate parental awareness and/or consent is obtained in accordance with applicable laws in their jurisdiction. The platform supports optional parent/guardian email fields for athletes of all ages.
9. THIRD-PARTY SERVICES
9.1 Integrated Services
We use the following third-party services to operate our platform. Each service has its own privacy policy, and we encourage you to review them:
- Firebase (Google Cloud) — Authentication, real-time database, data synchronization, and push notifications. Google Cloud Privacy Policy
- Cloudflare (R2 Storage & Workers) — File and media storage (including training videos), CDN, and serverless proxy functions. Cloudflare Privacy Policy
- Stripe — Payment processing for subscriptions and trainer-client payments. Stripe Privacy Policy
- Supabase (PostgreSQL) — Analytics, health/injury data, and structured data storage. Supabase Privacy Policy
- Modal — Serverless GPU processing for video analysis (player tracking, tactical analysis). Modal Privacy Policy
- PostHog — Product analytics with anonymized usage data for platform improvement. PostHog Privacy Policy
We only share data with these service providers as necessary to operate the Service. We do not sell personal data to any third party.
10. DATA PROCESSOR AND DATA CONTROLLER RELATIONSHIP
Important Distinction:
Under applicable data protection laws (including GDPR, COPPA, and similar frameworks), the roles of Data Processor and Data Controller carry different responsibilities.
10.1 BESTLEVEL LLC as Data Processor
BESTLEVEL LLC operates as a Data Processor. This means:
- We provide the secure technical infrastructure ("Privacy by Design") to store, process, and transmit data on behalf of our clients (Trainers and Clubs).
- We process personal data only as instructed by the Data Controller (the Trainer or Club) and in accordance with these terms.
- We implement appropriate technical and organizational measures to ensure the security and integrity of the data entrusted to us.
- We do not independently decide the purposes or means of processing End User data.
10.2 Clubs and Trainers as Data Controllers
The Club, Academy, or Trainer using BESTLEVEL LLC is the Data Controller. This means they:
- Determine the purposes and means of processing their athletes' personal data.
- Are responsible for obtaining proper consent (including verifiable parental consent for minors under 13 per COPPA).
- Must comply with data protection laws in their jurisdiction.
- Are the primary point of contact for End Users (athletes/parents) regarding their data rights.
10.3 Data Processing Agreement (DPA)
A formal Data Processing Agreement (DPA) is available for all institutional clients, including high schools, clubs, and academies. The DPA details BESTLEVEL LLC's obligations under FERPA and COPPA, sub-processor disclosures, security measures, breach notification procedures, and data retention/deletion policies.
You can review the full DPA at: Data Processing Agreement
For institutions requiring a signed, bilateral version with custom terms, contact us at contact@thebestlevel.com.
11. POLICY UPDATES
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Sending email notifications to trainers for significant changes
- Displaying prominent notices on our platform
- Updating the "Last updated" date at the top of this policy
12. CONTACT US
If you have any questions about this Privacy Policy or our data practices, contact us:
- Email: contact@thebestlevel.com
- Website: www.thebestlevel.com
- Data Protection Officer: Available through the above contact methods
For EU Residents:
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with applicable law.