Privacy Policy

When you create an account we collect your email address and the profile information you provide (callsign, rank, primary role, and goals). This data is used solely to personalise your experience — it is never sold or shared with third-party advertisers.

Authentication is handled by Supabase. Passwords are hashed and salted; we never store plaintext credentials.

All performance logs you submit — kills, deaths, ADR, HS%, map, result, and personal notes — are stored in our database and associated with your account. This data is used to generate your statistics, trends, and AI coaching feedback. It is not shared with other users.

If you connect a Faceit account, we import match data from the Faceit public API on your behalf. We store only the fields required to power your dashboard.

Messages you send to the AI coach and the responses generated are stored to maintain conversation continuity across sessions. A summarised memory of key coaching themes (e.g. recurring weaknesses, stated goals) is also retained to improve future coaching quality.

Conversation data is processed by OpenAI via their API. OpenAI's data usage policies apply to API calls; as an API customer we have opted out of data used for model training. Conversation content is not shared with other users or third parties beyond this processing.

We use PostHog for product analytics. PostHog collects anonymised usage events (e.g. "dashboard visited," "match logged") to help us understand which features are working. PostHog does not receive personally identifiable information such as your email or match notes.

We do not use Google Analytics or any advertising-network tracking.

Subscriptions are handled by Stripe. When you subscribe, your payment details are collected and stored entirely by Stripe — we never see or store card numbers, CVV codes, or full billing addresses on our servers. We receive a Stripe customer ID and subscription status.

Stripe's privacy policy governs how your payment data is handled: stripe.com/privacy.

We use cookies strictly for session management (keeping you logged in) and security (CSRF protection). We do not use cookies for advertising or cross-site tracking. No third-party cookies are set by FRAGMINDCS.

Your data is retained for as long as your account is active. If you delete your account, all associated data — profile, performance logs, and conversations — is permanently deleted within 30 days.

Stripe may retain billing records independently as required by financial regulations.

You have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email us at hello@fragmindcs.com. We will respond within 14 days.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

All data is transmitted over HTTPS. Our database employs row-level security so that each user can only access their own records. We review our security practices regularly and will notify affected users if a breach occurs.

We may update this policy as the platform evolves. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of FRAGMINDCS after that date constitutes acceptance of the revised policy.