Privacy Policy

Last updated: 2026-01-25

Introduction

Stride ("we," "our," or "us") is committed to protecting your privacy and the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our bariatric surgery tracking application.

HIPAA Compliance

Stride is designed with healthcare data privacy in mind. While we are not a covered entity under HIPAA, we implement security measures consistent with HIPAA requirements to protect your Protected Health Information (PHI), including:

  • Access Controls: Row-level security ensures users can only access their own data
  • Audit Logging: All access to and modifications of health data are logged
  • Encryption: Data is encrypted in transit (TLS 1.3) and at rest
  • Data Retention: Audit logs are retained for 7 years as required by HIPAA

Information We Collect

Personal Information

  • Email address (for account authentication)
  • Name (optional, for personalization)

Health Information

  • Weight and body measurements
  • Surgery date and type
  • Medications and supplement logs
  • Meal and nutrition tracking data
  • Hydration logs
  • Exercise logs
  • Progress photos (if you choose to upload them)
  • Appointments and medical notes

Technical Information

  • Device information and browser type
  • IP address (for security and rate limiting)
  • Usage patterns (anonymized analytics)

How We Use Your Information

We use your information to:

  • Provide and maintain the Stride application
  • Track your post-surgical recovery progress
  • Generate insights and reports about your health journey
  • Send notifications about medications, supplements, and appointments
  • Improve our services through anonymized analytics
  • Ensure the security of your account

Data Sharing and Disclosure

We do not sell your personal or health information.

We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize sharing (e.g., exporting data to share with your healthcare provider)
  • Service providers: We use Supabase for secure data storage, operating under strict data processing agreements
  • Legal requirements: When required by law, subpoena, or legal process

Data Security

We implement comprehensive security measures including:

  • Encryption: All data encrypted with AES-256 at rest and TLS 1.3 in transit
  • Access Control: Row-level security policies restrict data access to authenticated users
  • Rate Limiting: Protection against brute force attacks and abuse
  • Security Headers: HSTS, CSP, and other headers prevent common web attacks
  • Regular Audits: Security reviews and vulnerability assessments

Your Rights

You have the right to:

  • Access: View all your personal and health data
  • Export: Download your data in JSON or CSV format
  • Correct: Update any inaccurate information
  • Delete: Request deletion of your account and all associated data
  • Recover: Restore accidentally deleted data within the retention period

Data Retention

  • Active data: Retained while your account is active
  • Soft-deleted data: Recoverable for 30 days after deletion
  • Audit logs: Retained for 7 years per HIPAA requirements
  • Backups: Retained for 90 days

Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security (CSRF protection)
  • User preferences

We do not use third-party advertising cookies or cross-site tracking. We have disabled interest-based advertising (FLoC/Topics API).

Children's Privacy

Stride is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: