MYFC, LLC (“MYFC,” “we,” “us,” or “our”) operates the MYFC website at myfc.app and the MYFC mobile applications for iOS and Android (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

By using the Service, you agree to the practices described in this Policy. If you don't agree, please don't use the Service.

• Account information — your name and email address when you create an account. If you sign in with Apple or Google, we receive your name and email from those providers.
• Payment information — when you subscribe, you provide payment details directly to our payment processor, Stripe. We don't store full card numbers; we receive limited information (card brand, last four digits, expiration, country) for billing display, receipts, and fraud prevention.
• Preferences and practice content — settings such as focus areas, notification preferences, and any optional content you save in the app (e.g., progress photos, notes).
• Communications — messages you send us via email, support requests, or contact forms.

• Usage data — workouts started and completed, streaks, session durations, feature interactions, and other activity within the Service.
• Device and log information — IP address, device type and operating system, browser type, app version, time zone, language, and crash or diagnostic logs.
• Cookies and similar technologies — see the Cookies section below for details.

Face tracking data stays on your device. When you use face tracking in the iOS or Android app, your camera feed and the 68 facial landmark points used to guide your practice are processed entirely on your device using Apple's Vision framework (iOS) or Google MediaPipe (Android).

The video stream and biometric landmark data never leave your phone, are never transmitted to our servers, and are not stored remotely. We only receive aggregated, non-identifying session results — for example, rep counts or completion status.

• Provide, maintain, and improve the Service
• Authenticate you and secure your account
• Process subscriptions, payments, refunds, and disputes
• Personalize content and recommendations based on your goals and preferences
• Send transactional messages such as sign-in codes, receipts, billing notices, security alerts, and important account updates
• Send marketing communications you've opted into — with an unsubscribe link in every email
• Analyze how the Service is used so we can improve it
• Detect, prevent, and respond to fraud, abuse, and security issues
• Comply with legal obligations

We share personal information only as described below:

• Service providers — third parties that perform services on our behalf (see the list below). They may access personal information only as needed to perform those services and are contractually obligated to protect it.
• Legal and safety — when required by law, court order, subpoena, or to protect the rights, safety, or property of MYFC, our users, or others.
• Business transfers — in connection with a merger, acquisition, financing, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction.
• With your consent — for any other purpose disclosed to you at the time of collection.

We do not sell your personal information. We do not share personal information with third parties for their own marketing purposes.

• Supabase — authentication and hosted database for accounts, preferences, and practice history.
• Stripe — payment processing and subscription management.
• Apple — Sign in with Apple authentication; on-device Vision framework for face tracking.
• Google — Google Sign-In; MediaPipe for on-device face tracking on Android.
• Vercel — website and application hosting.
• Cloudflare R2 — storage and delivery of media files (videos, images).
• Mux — video streaming and playback.
• Resend — transactional and marketing email delivery.
• PostHog — product analytics.
• Sentry — error monitoring and crash reporting.

We use the following categories of cookies and local storage:

• Strictly necessary — required for the Service to function, including session cookies that keep you signed in and tokens that prevent fraud and abuse. These cannot be disabled.
• Analytics — we use PostHog to understand how the Service is used so we can improve it. You can opt out by enabling your browser's Global Privacy Control (GPC) or “Do Not Track” signal.

We do not use advertising cookies, retargeting pixels, or sell information to third-party advertisers.

We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information to comply with legal obligations (e.g., tax records), resolve disputes, prevent fraud or abuse, or enforce our agreements.

We use industry-standard administrative, technical, and physical safeguards to protect your information — including TLS encryption in transit, encryption at rest for sensitive data, restricted internal access on a need-to-know basis, and regular review of our security practices. No method of transmission or storage over the internet is 100% secure, and we cannot guarantee absolute security.

MYFC is based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. By using the Service, you consent to such transfers.

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to update or correct inaccurate information.
• Deletion — request that we delete your personal data, subject to legal retention obligations.
• Portability — receive your data in a structured, commonly used format.
• Restriction & objection — limit or object to certain processing activities.
• Withdraw consent — for any processing based on your consent.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to know what personal information we collect, delete it, correct it, opt out of any “sale” or “sharing,” and limit our use of sensitive personal information. We do not sell or share your personal information, and we do not use sensitive information for purposes outside those described in this Policy. You will not receive discriminatory treatment for exercising your rights.

If the EU/UK GDPR applies to you, our lawful bases for processing include performance of our contract with you (providing the Service), our legitimate interests (improving the Service, security, fraud prevention), your consent (marketing), and compliance with legal obligations. You may lodge a complaint with your local data protection authority.

Contact us at hello@myfc.app or via our contact page. We may need to verify your identity before fulfilling certain requests. We will respond within the timeframe required by applicable law.

MYFC is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please contact us and we will promptly delete it.

You can delete your account at any time from inside the app (Account → Delete Account) or by contacting us at hello@myfc.app. We will delete your account and associated personal data within 30 days, subject to the retention exceptions described above.

Transactional emails (sign-in codes, receipts, billing notices, security alerts, important account updates) are a necessary part of the Service and cannot be opted out of while your account is active.

Marketing emails — product announcements, updates, and promotional messages — include an unsubscribe link in every email. You can also unsubscribe from your account settings or by emailing hello@myfc.app.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via a notice on the Service before the changes take effect. The “Last updated” date at the top of this page reflects the current version.

Questions or concerns about this Privacy Policy or our privacy practices? Get in touch:

MYFC, LLC
hello@myfc.app
myfc.app/contact