Privacy Policy
Last updated · July 5, 2026
QuantiFi ("we", "us") provides business software for wellness and fitness professionals. This policy explains what we collect, why, and the choices you have. The short version: your business data belongs to you, we don't sell it, and we collect only what the product needs to work.
1. Information we collect
- Account information. Your email address and, if you sign in with Google, the name and email Google shares. We never see or store your password when you use magic-link or Google sign-in.
- Business data you enter. Client names and contact details, session packages, schedules, session notes, goals, documents, photos and videos you upload. Practitioners are responsible for having permission to store their clients' information.
- Messages. Conversations between practitioners and clients inside QuantiFi, and a record of reminder emails/texts the platform sends on your behalf.
- Technical basics. Standard logs (IP address, browser type, timestamps) kept briefly for security and debugging. We do not run advertising trackers.
2. What we don't collect
- Payment card numbers. Payments are processed by Stripe; card details never touch QuantiFi servers.
- Your AI conversations. If you connect your own AI key, your requests go directly from your device to your AI provider (Anthropic or OpenAI). Your API key is stored in your browser and your own account metadata — we cannot read your conversations.
3. How we use information
- To operate the product: scheduling, the session Ledger, client portals, reports.
- To send messages you or your automations initiate (e.g. session reminders to your clients).
- To secure the service and prevent abuse.
We do not sell personal information, and we do not use your business data to train AI models.
4. Who else touches the data (subprocessors)
- Supabase — database and authentication hosting
- Cloudflare — application hosting and content delivery
- Resend — transactional email delivery
- Twilio — SMS delivery (when enabled)
- Stripe — payment processing (when enabled)
- Anthropic / OpenAI — only if you connect your own AI key, and only for requests you make
5. Data isolation & security
Every practice's data is isolated with database row-level security — one business can never read another's records. Data is encrypted in transit (TLS) and at rest. Sealed session records are immutable by design: they cannot be edited or deleted, which is a feature of the Ledger, not a bug.
6. Your rights
- Access & export. Practitioners can export their business data at any time; email us for a full export.
- Deletion. You may request deletion of your account and practice data. We'll complete it within 30 days, except records we're legally required to keep.
- Clients. If you're a client of a practice using QuantiFi, your practitioner controls your records — direct requests to them, and we'll assist them in honoring it.
7. Retention
We keep your data while your account is active. After account deletion, backups age out within 35 days.
8. Children
QuantiFi is not directed at children under 13, and practitioners must not create portal logins for children under 13.
9. Changes
If this policy changes materially, we'll notify account owners by email before the change takes effect.
10. Contact
Questions or requests: quantifi.wf@gmail.com