- We collect what we need to build your recovery plan: your surgery date, recovery goals, exercise activity, symptoms you log, and what you ask our AI companion.
- We don't sell your data. We don't share it with advertisers. We don't track you across other companies' apps or websites.
- We use Anthropic's Claude to power your personalized briefings and questions. Anthropic doesn't train on your data.
- We share data with a small set of named vendors who help us run Stride — all listed below.
- You can read, correct, export, or delete your data anytime from Settings > Account.
- Stride is for adults (18+). We don't serve minors.
- Stride is not your doctor and not a medical provider. The Symptom Checker and emergency escalation are always free and never gated.
If you want the full text, keep reading.
01Who we are
Stride is operated by Covariance LLC, doing business as Stride (the "operating entity"). We're a small team building an Achilles recovery companion app.
You can reach our team at team@goodstride.app.
02What we collect
We collect data in five categories. We keep this list short because the less we collect, the less risk there is.
Account data
- Email address
- Display name (you choose this; can be anonymous)
- Account creation date
- Password, stored encrypted — we cannot see it
Recovery data
- Surgery date
- Surgical method (open repair, percutaneous, conservative non-surgical, "not sure")
- Recovery goal (return to daily activity, sport, performance, "not sure")
- Whether you've connected with a physical therapist
- Provider contact information (name, email, practice name, provider type) — only if you choose to add a provider
Daily activity
- Daily briefing interactions (what you read, what you expand, what you ask)
- Exercise sessions (which exercises, completion, difficulty rating)
- Symptom check-in answers (pain levels, location, swelling, fever, and similar)
- Questions you ask the AI companion
Community data
- Posts, replies, and reactions you make in cohort feeds
- Anonymous-mode preference per post
Subscription and technical data
- Subscription status (free, trial, premium) — via RevenueCat and the App Store / Play Store
- Device identifiers (for push notifications)
- App usage data (screens viewed, session duration, feature interactions)
- Diagnostic data (crash reports, performance)
03Why we collect it
Recovery data and daily activity are what make Stride work. We anchor your timeline to your surgery date, build your cohort, generate your briefings, and personalize what we surface to you.
Community data lets you connect with people in the same week as you.
Subscription and technical data are for billing, push delivery, and fixing bugs.
04What we don't do with your data
- We don't sell it.
- We don't share it with advertisers.
- We don't track you across other apps or websites you visit.
- We don't train AI models on your data (see section 6).
- We don't share recovery data with employers, insurers, or anyone outside the vendor list below — unless you explicitly add a provider and send them your dashboard link, or unless we're legally required to.
05Who we share data with
We share data with a small set of vendors who help us run Stride. We list them so you know exactly who has access.
| Vendor | What they do for us | What data they touch |
|---|---|---|
| Supabase | Hosts our database, handles login, runs server-side AI logic | All user data lives here |
| Anthropic | Powers AI briefings and Q&A | Briefing context, questions you ask |
| RevenueCat + Superwall | Manage subscriptions and the paywall | Subscription status, purchase events |
| Apple / Google | Process payments through their app stores | Payment data per their own terms |
| Sentry | Captures crashes so we can fix them | Diagnostic data only — no recovery data |
| PostHog | Analytics and session replay | Usage data, anonymized session replay |
| Expo | Builds and updates our app, delivers push notifications | Device tokens, push payloads |
| Vercel | Hosts our website and provider dashboards | Web visit data |
| Kit | Manages our early-access email list | Name and email of waitlist signups |
| Cloudflare | DNS and email forwarding | Email routing |
| Exercise video vendor (final selection pending) | Delivers exercise videos | Exercise session metadata |
We work to put data processing agreements (DPAs) in place with each vendor — these contractually bind them to similar privacy standards.
If you add a provider (physical therapist, surgeon), they get a read-only link to your recovery dashboard. We tell you exactly what they see: timeline, exercise completion, pain trends, and milestones. They never see your community posts, your questions to the AI, or personal notes.
06How we use AI
Stride uses Anthropic's Claude family of models to generate your daily briefings, answer your questions, and triage symptom check-ins.
- We send Claude the context it needs (your recovery day, recent symptoms, the question you asked) to give you a useful response.
- We do not send Claude your name, email, or any identifier we don't need.
- Anthropic does not train on your data. We use Anthropic's commercial API, which contractually prevents your data from being used to train models.
- AI is not a doctor. The AI doesn't diagnose. When something looks safety-critical — fever, calf swelling, sudden sharp pain, signs of infection — we don't try to handle it; we route you to your provider or to emergency services.
07How long we keep it
- Account and recovery data: for as long as you have an active account. When you delete your account, we delete it within 30 days, except where we need to keep records for legal or financial reasons (typically transaction records, retained for 7 years for tax compliance).
- Community posts: anonymized after account deletion. We keep the content (it's useful to your cohort) but remove the link to you.
- Diagnostic and analytics data: 13 months from collection.
- Backups: 90 days. Deleted data may persist in encrypted backups during this window before being purged.
You can delete your account anytime from Settings > Account.
08Your rights
You can:
- See your data. Request a copy of everything we have on you. Use Settings > Account, or email us.
- Correct your data. Most fields are editable in-app. For anything else, email us.
- Delete your data. Settings > Account > Delete account.
- Export your data. Available in-app under Settings > Account.
- Opt out of marketing. Every marketing email has an unsubscribe link. Transactional email (receipts, password resets, safety-critical alerts) can't be fully opted out of without deleting your account.
- Object to specific processing. Email us with what you want and why; we'll work with you.
To exercise any of these, email team@goodstride.app. We respond within 30 days, usually faster.
09Children's privacy
Stride is for adults — 18 and older. We don't knowingly collect data from anyone under 18. If you believe a minor has created an account, please email us at team@goodstride.app and we'll delete it.
10State-specific rights (United States)
If you live in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or any other state with a comprehensive privacy law, you have additional rights — typically the same rights listed in section 8, plus the right to know the categories of data we collect, the right to non-discrimination for exercising your rights, and the right to appeal a denied request.
We don't sell personal data, and we don't share it with third parties for advertising. The "do not sell or share" rights under those laws don't apply to anything we do.
To exercise state-specific rights, email team@goodstride.app and tell us your state. We won't charge you, and we won't treat you differently for asking.
11International users
Stride is built for and available in the United States. If you access Stride from outside the US, your data is processed in the US. We don't currently target users outside the US.
12Security
We do our best to protect your data:
- All data is encrypted in transit (TLS) and at rest (AES-256).
- Our database uses row-level security. Even our own team can't read your recovery data without explicit authorization for a specific purpose (debugging, support).
- We run security checks regularly and welcome vulnerability reports at team@goodstride.app (subject line:
Security).
No system is perfectly secure. If we discover a breach that affects your data, we'll notify you promptly — typically within 72 hours of confirming the breach — with what happened, what we're doing about it, and what you should do.
13Changes to this policy
We may update this policy as Stride evolves or as laws change. If we make material changes, we'll notify you in-app and by email at least 30 days before the changes take effect. We'll keep older versions available so you can compare.
14Contact
For anything related to privacy, data, security reports, or general support, write to us at team@goodstride.app. We're a small team — a real person reads it.
↑ Back to top