DAD UNIT
The Dad UnitBack to Home

Privacy Policy

Effective Date: 5/7/26

Last Updated: 5/7/26

Quick summary

The Dad Unit ("Dad Unit", "we", "our", or "us") provides a fitness, nutrition, and accountability platform for fathers, delivered through our mobile apps (iOS and Android), our website at thedadunit.com, and the Coach Console used by program coaches. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We've tried to keep it readable. If anything is unclear, email privacy@thedadunit.com and we'll explain.

A few things up front:

  • We do not sell your personal information. We do not share it with advertising networks or data brokers.
  • Health data has special protection. Data we read from Apple HealthKit or Google Health Connect is only used to provide the features you ask for, is never used for advertising, and is never sold. Section 5 covers this in detail.
  • You can delete your account from inside the app. Settings → Account → Delete Account. We'll remove your personal data within 30 days, except where law requires us to retain it longer.
  • We are based in the United States and process data in the United States. If you use Dad Unit from outside the US, you're consenting to that transfer.

1. Who we are

The Dad Unit is operated by The Dad Unit, located at:

The Dad Unit
309 Laurelwood Trail
Austin, TX 78746
United States
privacy@thedadunit.com

For purposes of EU/UK data protection law, The Dad Unit is the controller of personal information collected through our Services.

This Policy covers information we collect through:

  • The Dad Unit mobile app for iOS and Android (the "App")
  • thedadunit.com and any subdomains (the "Website")
  • The Coach Console used by your coach to view your training data (the "Coach Console")
  • Email, support, and other communications with us

Together, these are the "Services".

2. Information we collect

We collect information in three ways: (a) information you give us directly, (b) information we collect automatically when you use the Services, and (c) information we receive from third parties.

2.1 Account and profile information

When you create an account or set up your profile, we collect:

  • Email address and password (passwords are stored hashed, never in plain text)
  • Display name and nickname
  • Profile photo (optional)
  • Date of birth or age (for age-verification only)
  • Fitness "track" or program selection
  • Personal motto (which you can mark public or private)
  • Body composition history: weight, body fat percentage, height
  • Subscription status and billing identifiers

2.2 Health and fitness data

If you grant permission, we read the following data from Apple HealthKit (iOS) or Google Health Connect (Android) to power your training, nutrition, recovery, and performance features:

  • Step count
  • Body weight
  • Body fat percentage
  • Sleep analysis (total time, deep, REM, awake)
  • Heart rate
  • Heart rate variability (HRV)
  • VO₂ max
  • Workouts (cardio sessions, including activity type, duration, distance, and calories)
  • Active energy burned
  • Walking, running, and cycling distance

We also write the following data back to Apple HealthKit / Google Health Connect on your behalf, so your health data stays portable even if you stop using Dad Unit:

  • Workouts you log in the App (strength sessions)
  • Steps you log manually
  • Weight you log manually

You can revoke either read or write access at any time:

  • iOS: Settings → Privacy & Security → Health → Dad Unit
  • Android: Settings → Health Connect → App permissions → Dad Unit

2.3 Workout, nutrition, and recovery logs

You can log workouts, nutrition, body composition, sleep, and other fitness activity directly in the App. This information is stored in your account and used to power your training plan, leaderboards, history, and AI coaching.

2.4 Photos, video, and camera

With your permission, we access:

  • Camera — for scanning food barcodes and capturing profile / progress / workout photos.
  • Photo library — to let you upload images for your avatar, progress photos, social feed posts, challenge submissions, and chat messages.

Photos you upload are stored in our backend (Supabase Storage). Photos you only preview but do not upload never leave your device.

2.5 Voice and audio

With your permission, we access:

  • Microphone — for voice food logging and (admin users only) recording the daily morning brief.
  • Speech recognition — for transcribing your voice into food log entries.

Speech recognition is performed on-device using Apple's or Google's built-in speech recognition when available; the audio itself is not transmitted to our servers. The transcribed text is then processed by our nutrition parser (see Section 4 — AI processing).

2.6 Communications and content you share in the App

Dad Unit includes chat, comments, posts, and community features. Information you share through these features includes:

  • Direct messages and group chats
  • "Fire team" team chat
  • Community channel messages
  • Comments on workouts, challenges, and feed posts
  • Likes, mentions, and replies
  • Posts you publish to the social feed (text, photos, video)

These features are visible to other users as described in Section 6.

2.7 Payment and subscription information

When you subscribe to Dad Unit, payment is processed by Stripe, our payment processor. Stripe collects and processes your payment method details (card number, expiration, CVC) directly — we do not store your card number on our servers. We receive and store:

  • A Stripe customer ID and subscription ID
  • Subscription tier, price, and status (active, canceled, past due)
  • Billing address (if you provide one to Stripe)
  • The last four digits of the card and card brand (so you can identify which card is on file)

For purchases made through Apple's App Store or Google Play (if applicable in the future), payment is processed by Apple or Google under their own privacy policies.

2.8 Push notification tokens and device identifiers

If you enable push notifications, we collect a push token issued by Apple's APNs or Google's FCM service. This token is used only to deliver notifications you've opted into and is deleted when you uninstall the App or revoke notification permission.

2.9 Automatically collected device and usage data

We automatically collect:

  • Device model, operating system version, locale, and time zone
  • App version and build number
  • IP address (used briefly for security and abuse prevention; not stored long-term in association with your account)
  • Crash logs and error reports (when you experience a crash)
  • Anonymous usage events (which features you use, how often) — used for product improvement, never tied to advertising

2.10 Information from third parties

If you sign in via Apple ID or Google, those services share basic profile information (name, email) with us as authorized by you in their consent dialogs.

3. How we use your information

We use your information to:

  • Provide the Services: create and manage your account, deliver features you've requested, sync your training and recovery data across devices.
  • Personalize your experience: tailor your training plan, recovery scoring, leaderboards, and recommendations based on your goals and history.
  • Power AI coaching: process your inputs to Sergeant Gains and our nutrition logging AI features (see Section 4).
  • Communicate with you: send service emails, push notifications, and product announcements (you can opt out of marketing emails any time).
  • Process payments: charge your subscription, handle refunds and cancellations, send receipts.
  • Maintain safety and security: detect fraud, abuse, and security incidents; enforce our Terms of Service.
  • Improve the Services: understand how features are used in aggregate and develop new features.
  • Comply with legal obligations: respond to lawful requests, court orders, and legal processes.

Our legal bases for processing (relevant for EU / UK / Swiss residents) are: performance of our contract with you, your consent (for optional permissions like camera, microphone, health data, push notifications), our legitimate interests in operating and improving the Services, and compliance with legal obligations.

4. AI and automated processing

Dad Unit uses third-party AI services to power the following features. When you use these features, the inputs you provide are sent to the AI provider for processing:

FeatureWhat you provideAI providerWhat's sent
Sergeant Gains chatText messages to your AI coachxAI (api.x.ai)Your message text and recent conversation history. May include training summaries you've consented to share.
Voice food loggingVoice transcription of what you atexAIThe transcribed text. Audio itself is processed on-device and not sent.
Photo food loggingA photo of food you tookxAI (vision model)The image of the food and any text caption you add.
Food searchA search query (e.g. "grilled chicken thigh")xAIThe text query.
Workout banner generation(Admin only) Event title and descriptionxAI (image model)The event metadata used to generate the banner.

Important:

  • We do not use AI to make legal, financial, employment, housing, or healthcare decisions about you.
  • AI outputs are suggestions and reference data, not medical advice. Always consult a qualified professional for medical questions.
  • xAI processes inputs under its own data-handling terms. We do not authorize xAI to train its models on your data; however, you should review xAI's privacy practices independently.
  • You can choose not to use these features. Voice and photo logging are entirely optional; manual food entry is always available.

5. Apple HealthKit and Google Health Connect — Special Protections

Health data receives the strongest protection of any category we collect. Specifically:

  • We only read health data you have explicitly authorized us to read through the iOS HealthKit or Android Health Connect permission dialog.
  • We use health data only to provide the features you have requested, including: displaying your training, recovery, and performance metrics; calculating recovery scores and HR zones; logging cardio workouts; populating leaderboards you have joined; and powering AI coaching when you opt in.
  • We do not use HealthKit data for advertising, marketing, or any data-mining purpose.
  • We do not sell, lease, rent, or trade HealthKit data with any third party.
  • We do not disclose HealthKit data to any third party other than service providers strictly necessary to deliver the Service (for example, our database provider, Supabase, which stores your encrypted health logs), and only to the extent required for those service providers to perform their function.
  • We do not use HealthKit data for any purpose unrelated to fitness, health, or wellness.
  • We do not combine HealthKit data with non-HealthKit data for advertising purposes.

You may revoke health-data permissions at any time without losing access to other parts of the App. After revocation, we retain previously synced health data only as long as needed to display your history; you can request deletion of historical health data at any time (Section 9).

6. How we share your information

We share information in the limited circumstances below.

6.1 With other users — by design of social and community features

Some information you provide is intentionally visible to other users as part of how Dad Unit works:

  • Profile information (display name, nickname, profile photo, motto if you've made it public, fitness track) is visible to other users in leaderboards, feeds, comments, and direct messages.
  • Workout and challenge scores are visible on leaderboards. You can choose not to submit scores.
  • Posts to the social feed are visible to followers and (depending on your settings) the broader Dad Unit community.
  • Comments, replies, likes, and mentions are visible to anyone who can see the underlying post, comment, or thread.
  • Direct messages and fire-team chats are visible only to the participants in that conversation. We do not read your DMs except as necessary for safety, abuse, or legal investigations.
  • Community channel messages are visible to all members of that channel.

You can mute, block, or delete content via the App's social controls.

6.2 With your coach (Coach Console)

If you are enrolled in a program with a coach, your coach can view your training, nutrition, body composition, recovery data, and progress through the Coach Console — this is the explicit purpose of Dad Unit's coach-led model. Your coach is bound by our Coach Agreement to use your data only to provide coaching services. You can opt out of coach access by leaving the program.

6.3 With service providers (sub-processors)

We use the following third-party services to operate Dad Unit. Each receives only the data needed for its specific function and is contractually obligated to protect it.

Service providerPurposeData shared
Supabase (Supabase, Inc.)Database, file storage, authenticationAll user data (encrypted at rest)
Stripe (Stripe, Inc.)Payment processing, customer portal, subscription managementEmail, name, payment method (entered directly by you), subscription state
Apple Push Notification serviceNotification delivery (iOS)Push token, notification payload
Google Firebase Cloud Messaging (FCM)Notification delivery (Android)Push token, notification payload
Expo (650 Industries, Inc.)Push token brokering, app updates, error reportingPush tokens, app version, error/crash logs
xAI (X.AI Corp.)AI text generation, image vision, image generationSee Section 4
Sentry (Functional Software, Inc.)Crash and error reportingStack traces, device model, OS version, anonymous user ID
Giphy (Giphy, LLC)GIF search in chat (read-only)Your search query (never linked to your account)
Google Cloud / Apple Sign In (if used)Sign-in via your Google or Apple accountProfile basics you authorize during sign-in

We may add or change service providers from time to time. Material changes will be reflected in this Policy.

6.4 For legal reasons

We may disclose information if required by law, subpoena, court order, or other legal process; to enforce our Terms of Service; to protect the rights, property, or safety of Dad Unit, our users, or others; or to investigate fraud or security incidents. Where lawful, we will notify you of any legal request affecting your data before complying.

6.5 With your consent

We will share information for any other purpose with your explicit consent.

6.6 Business transfers

If Dad Unit is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you (via email or an in-App notice) before your information becomes subject to a different privacy policy.

7. Data retention

We keep your personal information only as long as necessary to provide the Services or to comply with legal obligations. Specifically:

  • Active accounts: information is retained for the life of your account.
  • Account deletion request: we delete or anonymize your personal data within 30 days of your request, except for information we are required to retain for legal, tax, accounting, or fraud-prevention purposes (typically up to 7 years for financial records).
  • Backups: deleted data may persist in encrypted backups for up to 90 days before being purged.
  • Anonymized data: we may retain anonymized aggregate data indefinitely for analytics and product improvement; this data cannot be linked back to you.

8. Data security

We use industry-standard technical and organizational measures to protect your personal information:

  • TLS encryption for all data in transit
  • Encryption at rest for our databases and file storage
  • Role-based access controls and least-privilege access for our team
  • Row-level security on all user data in our database
  • Hashed and salted password storage (we never see your password)
  • Secure secret storage for tokens (iOS Keychain, Android Keystore)
  • Regular security review and incident response procedures

No system is 100% secure. If we discover a breach affecting your personal information, we will notify you and applicable regulators as required by law.

9. Your rights and choices

9.1 Access, correction, and deletion

You can:

  • Access your information by viewing your profile and history in the App.
  • Correct inaccurate information by editing your profile in the App, or by emailing privacy@thedadunit.com.
  • Delete your account in-app: Settings → Account → Delete Account. This permanently removes your personal data, subject to the retention periods in Section 7. You can also email privacy@thedadunit.com to request deletion.
  • Export a copy of your data by emailing privacy@thedadunit.com. We'll provide it in a structured, machine-readable format within 30 days.

9.2 Health data permissions

Revoke at any time:

  • iOS: Settings → Privacy & Security → Health → Dad Unit
  • Android: Settings → Health Connect → App permissions → Dad Unit

9.3 Notification preferences

  • Push: Settings → Notifications in the App, or your device-level notification settings.
  • Email: every marketing email contains an unsubscribe link. Service emails (account, billing, security) cannot be opted out while your account is active.

9.4 Camera, microphone, and photo library

Granted at first use; revocable any time in your device's Settings → Dad Unit.

9.5 Block and mute

You can block or mute other users from the user's profile screen in the App. Blocked users cannot message you, see your posts, or interact with your content.

10. Children's privacy

Dad Unit is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 13 (or under 16 in the EU/UK). If we learn that we have collected information from a child under that age, we will delete it. If you believe a child has provided us with personal information, please contact privacy@thedadunit.com.

11. California privacy rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

  • Right to know what personal information we collect, use, disclose, and (if applicable) sell about you.
  • Right to delete personal information we have collected from you, subject to certain exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information: health data, precise geolocation, biometric information, and similar categories. We use sensitive personal information only to provide the Services you have requested and not for any inferential or commercial profiling.
  • Right to non-discrimination for exercising any of the above rights.

To exercise any of these rights, email privacy@thedadunit.com with the subject line "California Privacy Request". We will verify your identity and respond within 45 days.

Categories of personal information collected (CCPA disclosure)

In the past 12 months we have collected the following categories of personal information, as defined by the CCPA:

  • Identifiers (name, email, IP address, device identifiers)
  • Customer records (account information, billing details)
  • Commercial information (subscription transactions)
  • Internet/network activity (App usage)
  • Biometric/health information (with consent, via HealthKit/Health Connect — see Section 5)
  • Sensory information (photos, voice recordings — only when you provide them)
  • Inferences (training plan recommendations, recovery scores)

We disclose these categories to the service providers listed in Section 6.3, for the purposes described.

12. Other US state privacy rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, and other states with comparable privacy laws have rights similar to those described in Section 11 — generally the rights to access, correct, delete, opt out of targeted advertising, opt out of the sale of personal data, and opt out of profiling. We do not engage in targeted advertising or sale of personal data, so opt-out has no effect on your account. To exercise other rights, email privacy@thedadunit.com.

13. EEA, UK, and Swiss data subject rights (GDPR)

If you are in the EEA, UK, or Switzerland, you have the following rights under GDPR / UK GDPR:

  • Right of access to a copy of your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right not to be subject to a decision based solely on automated processing
  • Right to withdraw consent at any time, where processing is based on consent
  • Right to lodge a complaint with your local supervisory authority

To exercise these rights, email privacy@thedadunit.com. We will respond within 30 days.

Our legal bases for processing are described in Section 3. We rely on Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) for transfers of personal data from the EEA / UK / Switzerland to the United States.

14. International data transfers

Dad Unit is operated from the United States, and your information is processed in the United States and any country where our service providers operate. By using the Services, you consent to the transfer of your information to the United States, which may have data-protection laws different from your country of residence. Where required by law, we use Standard Contractual Clauses or other lawful transfer mechanisms.

15. Third-party links and content

The Services may contain links to third-party websites, apps, or content. This Policy does not apply to those third parties. We are not responsible for their privacy practices; please review their policies before sharing information with them.

16. Do Not Track

Most web browsers offer a "Do Not Track" (DNT) signal. There is no consensus standard for DNT, and we do not currently respond to DNT signals. We do not engage in cross-context behavioral advertising regardless of DNT setting.

17. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and by posting a prominent notice in the App or on the Website at least 7 days before the change takes effect. The "Last Updated" date at the top of this page will always reflect the most recent revision. Continued use of the Services after the effective date constitutes your acceptance of the revised Policy.

18. Contact us

Questions, requests, or complaints? Reach us at:

The Dad Unit
Attn: Privacy
309 Laurelwood Trail
Austin, TX 78746
United States
privacy@thedadunit.com

For EU/UK residents, you may also contact your local data protection authority. For California residents, you may contact the California Privacy Protection Agency.

This Policy is provided in English. If we offer translations, the English version controls in case of discrepancy.