Privacy Policy

Effective April 8, 2026

James Nunan (Cold Brew Performance)

Cold Brew Performance is a coaching service. To coach you well, we read health data you choose to share from Apple Health and store it securely so your coach can review it. We do not sell your data, we do not use it for advertising and we do not share it with anyone outside the people directly coaching you. This page explains exactly what we collect, where it lives and how you can take it back at any time.

1. Health Data We Collect

With your permission, the Cold Brew Performance iOS app reads the following data types from Apple Health. All access is read-only. We never write to Apple Health.

  • Sleep Analysis: time in bed, total sleep and sleep stages (Awake, REM, Core, Deep)
  • Heart Rate: individual heart rate samples throughout the day
  • Resting Heart Rate
  • Heart Rate Variability (HRV SDNN)
  • Steps
  • Active Energy (active calories burned)
  • Exercise Minutes
  • Stand Hours
  • Workouts: workout type, start/end time, duration, heart rate zones and calories

2. How We Collect It

When you first open the app, iOS shows you an Apple Health permission prompt listing each data type above. You choose which ones to share. You can change those choices at any time. If you deny a data type, the app simply skips it.

3. How We Store It

Health data is stored in a Supabase Postgres database hosted in the United States. Data is encrypted at rest (AES-256) and in transit (TLS). Row-level security policies ensure each user's data is isolated to their own account. Health data is never stored in iCloud and never leaves our Supabase database except to be displayed to you or your coach.

4. Who Can Access It

Only two parties can see your health data:

  • You, through the iOS app and the coaching portal
  • Your assigned Cold Brew Performance coach

No other staff, no third parties, no business partners, no analytics vendors and no advertisers have access.

5. What We Never Do With Your Health Data

  • We never use it for advertising or marketing
  • We never use it for data mining, profiling or training machine learning models
  • We never sell it to third parties
  • We never share it with insurers, employers or data brokers
  • We never use it for any purpose beyond delivering your coaching

6. Revoking Access

You can stop the app from reading Apple Health at any time:

  1. Open the iOS Settings app
  2. Tap Privacy & SecurityHealth
  3. Tap Cold Brew Performance
  4. Toggle off any data types you no longer want to share

Uninstalling the app also stops all future data collection.

7. Requesting Data Deletion

To have all of your stored health data permanently deleted, email james@coldbrewperformance.com from the email address on your account. We process deletion requests within 30 days and send you a confirmation when the data has been removed.

8. Data Retention

We retain your health data while your coaching engagement is active. If you end your engagement, your data is deleted within 90 days unless you ask us to delete it sooner. Deletion requests are honored at any time, active engagement or not.

9. Account Data

To authenticate you, we collect your name and email address through Supabase Auth. This is the only personal information we collect outside of the health data listed above. Your email is used for login and for transactional messages (password resets, deletion confirmations). We do not send marketing email.

10. Third-Party Services

We rely on a small number of vendors to operate the service:

  • Supabase: database and authentication
  • Vercel: hosting for the coaching portal
  • Netlify: hosting for this marketing website
  • Resend: transactional email delivery

These vendors act as data processors under our instructions. They do not use your health data for their own purposes.

11. Cookies & Tracking

The marketing website (coldbrewperformance.com) uses Google Analytics for aggregate traffic measurement. The iOS app contains no third-party trackers or analytics SDKs. The coaching portal uses only the cookies required for your authenticated session.

12. Children's Privacy

Cold Brew Performance is not directed at children under 13, and we do not knowingly collect data from children. If you believe a child has provided us with data, contact us and we will delete it.

13. Changes to This Policy

If we make material changes to how we handle your data, we will email active clients and update the effective date at the top of this page.

14. Contact

Cold Brew Performance
Email: james@coldbrewperformance.com
Web: coldbrewperformance.com