Privacy Policy
Matter AI
Last Updated: March 22, 2026
Effective Date: March 22, 2026
1. Introduction
Matter AI, Inc. (“Matter AI,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the Matter AI mobile application (“App”), website (“Website”), and related services (collectively, “Services”).
This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable data protection laws.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data We Collect
2.1 Account Information
- Email address
- Name (first and last)
- Role (athlete or coach)
- Age and biological sex (provided during onboarding, used for baseline calibration)
- Authentication credentials (managed via Apple Sign-In or Supabase Auth)
2.2 Health and Biometric Data
We collect health data that you explicitly authorize through Apple HealthKit permissions or third-party wearable connections:
- Heart rate data: Resting heart rate (RHR), heart rate variability (HRV/RMSSD/SDNN), continuous heart rate samples
- Sleep data: Total sleep duration, sleep stages (deep, REM, core/light, awake), sleep onset and wake times, sleep consistency metrics
- Activity data: Steps, active energy burned (calories), workout duration, workout type and sport
- Workout data: Planned workouts, completed workouts, exercise heart rate, RPE (rate of perceived exertion)
- Recovery metrics: Recovery scores computed from the above biometrics
2.3 Wearable Device Data
If you connect a third-party wearable, we receive data from that provider:
- Apple Watch (via Apple HealthKit): All health categories you authorize in the Apple Health permissions dialog
- WHOOP: HRV, resting heart rate, recovery score, strain, sleep stages, and sleep performance via WHOOP API (OAuth 2.0)
- Polar: Heart rate, HRV, nightly recharge, sleep stages, exercise sessions, and daily activity via Polar AccessLink API (OAuth 2.0)
We only access data categories you explicitly authorize. You can revoke access at any time through your device settings or the wearable provider's app.
2.4 User-Generated Content
- Wellness survey responses (mood, energy, soreness, stress ratings)
- AI chat messages and conversation history
- Coach notes and messages to athletes
- Activity status updates
- Onboarding preferences (goals, challenges, sport preferences)
2.5 Usage and Device Data
- Device type and operating system version
- App version
- Crash reports and diagnostic logs (anonymized)
- Feature usage patterns (aggregated)
- Timezone and locale (for score computation accuracy)
2.6 Coach-Athlete Relationship Data
- Team membership and invite codes
- Data sharing preferences (which metrics an athlete shares with their coach)
- Workout assignments and completion status
- Compliance and adherence records
3. How We Use Your Data
3.1 Core Service Delivery
- Computing daily readiness, recovery, strain, sleep, and stress scores
- Building personal baselines from your biometric history (7–14 days of data)
- Generating AI-powered daily insights and recommendations
- Creating AI-generated workouts adapted to your current readiness
- Providing AI chat responses that reference your health context
- Displaying trend charts and historical analysis
3.2 Coach Features
- Presenting shared athlete metrics on the coach dashboard
- Generating team intelligence summaries and morning briefings
- Enabling workout assignment and compliance tracking
- Producing weekly team performance reports
3.3 Personalization
- Calibrating scores to your individual baselines (not population averages)
- Adjusting AI recommendations based on health conditions you disclose
- Remembering AI chat context across conversations (ChatMemoryStore)
- Applying coach-configured metric weightings to readiness calculations
3.4 Service Improvement
- Analyzing aggregated, de-identified usage patterns to improve features
- Monitoring AI output quality and accuracy
- Debugging technical issues using anonymized diagnostic data
3.5 Communication
- Sending transactional emails (account verification, password reset)
- Delivering in-app notifications (readiness alerts, coach messages, workout reminders)
- Responding to support requests
4. AI Processing
4.1 How AI Uses Your Data
Matter AI uses Google Gemini (via Firebase AI) to power:
- Daily health insights and recommendations
- AI chat assistant responses
- Team narrative summaries for coaches
- Workout generation
- Athlete adaptation analysis
When the AI processes your data, a compressed summary of your relevant health context (recent scores, baselines, trends, and any disclosed health conditions) is sent to the AI model as part of the prompt. Full raw biometric time-series data is NOT sent to AI models.
4.2 AI Data Retention
- AI prompts and responses are cached locally on your device (UserDefaults LRU cache) and in-memory for performance
- We do not use your personal health data to train or fine-tune AI foundation models
- Google Gemini API calls are subject to Google's AI data processing terms. Google does not use data sent via the Gemini API for model training when accessed through Firebase AI
4.3 AI Limitations
AI-generated outputs may be inaccurate, incomplete, or inappropriate. Matter AI applies deterministic fallback engines and rule-based systems to supplement AI when API calls fail or daily limits are reached (governed by AIRequestGovernor).
5. Data Sharing
5.1 We Do NOT Sell Your Data
Matter AI does not sell, rent, or trade your personal information or health data to third parties for advertising or marketing purposes.
5.2 Service Providers
We share data with the following service providers solely to operate the Services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google (Firebase AI / Gemini) | AI insights, chat, workout generation | Compressed health context summaries (not raw data) |
| Apple (HealthKit) | Health data source | Read-only; Apple does not receive data from us |
| Supabase | Database, auth, edge functions | All user data (encrypted, RLS-protected) |
| WHOOP | Wearable data sync | OAuth tokens; WHOOP sends data to us |
| Polar | Wearable data sync | OAuth tokens; Polar sends data to us |
5.3 Coach Access
If you join a coach's team, the coach can see metrics you have chosen to share. You control sharing granularity and can leave a team at any time, which immediately revokes coach access to your data.
5.4 Legal Requirements
We may disclose data if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of Matter AI, our users, or the public.
5.5 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
6. Data Storage and Security
6.1 Where Data Is Stored
- Your device (iOS): Locally, AI response caches (UserDefaults), authentication tokens
- Supabase cloud (AWS): Account data, health daily metrics, sleep stages, workout records, wearable data, team data. Hosted in the United States.
- Wearable provider servers: Your data on WHOOP, Polar, and Apple platforms is governed by their respective privacy policies
6.2 Security Measures
- All data in transit is encrypted via TLS 1.2+
- Supabase database access is controlled by Row Level Security (RLS) policies ensuring users can only access their own data
- OAuth 2.0 for third-party wearable authentication
- Wearable tokens are stored encrypted in Supabase
- Edge functions use secure environment variables for API keys and secrets
- AI request governance limits API call frequency to prevent abuse
6.3 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities within 72 hours as required by applicable law.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Health metrics and scores | Until account deletion or manual clearing |
| AI chat memories | Core: persistent until deletion; Short-term: 7-day TTL |
| Wearable OAuth tokens | Until disconnection or account deletion |
| Usage analytics | Aggregated indefinitely (de-identified) |
8. Your Rights
8.1 All Users
You have the right to:
- Access your personal data (export your health data from the App)
- Correct inaccurate personal data (update your profile in App settings)
- Delete your account and personal data (via App settings or by emailing privacy@matterai.app)
- Withdraw consent for health data collection (revoke HealthKit permissions in device settings)
- Disconnect third-party wearables at any time
- Leave coach teams to revoke shared data access
8.2 European Economic Area (EEA) Residents — GDPR
In addition to the above, you have the right to:
- Data portability — receive your data in a structured, machine-readable format
- Restrict processing — request we limit how we use your data
- Object to processing — object to processing based on legitimate interests
- Lodge a complaint with your local data protection authority
Our legal basis for processing your data:
- Consent — for health/biometric data collection (Apple HealthKit permissions, wearable OAuth)
- Contract performance — for providing the Services you signed up for
- Legitimate interests — for service improvement using aggregated, de-identified data
8.3 California Residents — CCPA/CPRA
You have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Opt-out of sale — we do not sell personal information, so no opt-out is necessary
- Non-discrimination — we will not discriminate against you for exercising your privacy rights
California residents may submit requests to: privacy@matterai.app
9. Children's Privacy
Matter AI is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13 without parental consent, we will delete that data promptly.
Users between 13 and 18 must have parental or guardian consent to use the Services. Coaches are responsible for ensuring that minor athletes on their team have appropriate consent.
10. International Data Transfers
If you access the Services from outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to ensure adequate protection for international data transfers.
11. Third-Party Links and Services
The Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of:
- Apple Privacy Policy
- WHOOP Privacy Policy
- Polar Privacy Policy
- Google Privacy Policy
- Supabase Privacy Policy
12. Cookies and Tracking
The Matter AI App does not use cookies. The Website may use essential cookies for functionality (session management, preferences). We do not use advertising cookies or third-party tracking pixels.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App or by email. The “Last Updated” date at the top of this policy indicates when it was last revised. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.
14. Contact Information
Matter AI, Inc.
For privacy questions or data requests:
- Email: privacy@matterai.app
- General support: support@matterai.app
For EEA residents, our data protection contact: dpo@matterai.app