1. Who We Are
This Privacy Policy explains how Mark Calip (sole proprietor) ("Deficit," "we," "us," "our") collects, uses, and shares information when you use the Deficit mobile application (the "App"), the getdeficit.com website (the "Site"), and any related services (together, the "Service").
The Service is provided to athletes who compete in weight-class sports. We are the data controller for the personal information described below.
Contact:
Mark Calip (sole proprietor)
California, United States
Email: support@getdeficit.com
2. Scope
This policy applies to:
- The Deficit iOS App (bundle identifier
com.deficit.app) - The getdeficit.com marketing and waitlist Site
- Any email, support, or notification we send you
It does not apply to third-party services we link to or integrate with (including Apple's App Store, Anthropic, RevenueCat, Supabase, and others listed in Section 6). Those services have their own privacy policies.
3. Eligibility
The Service is available to users 18 years of age or older only. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact support@getdeficit.com and we will delete it.
The Service is not directed at children and is not subject to COPPA. See Section 11 (Children).
4. Information We Collect
4.1 Information You Provide
| Category | Examples | Purpose |
|---|---|---|
| Account | Email address, password (hashed), Apple ID (if you use Sign in with Apple) | Authentication, account recovery, beta invitation |
| Profile | Sport, sex, date of birth, height, weekly training session counts, cut experience, federation | Calculating TDEE; building your Cut Plan |
| Body metrics | Walk-around weight, daily weight logs, target weight, weight class | Cut plan generation, daily adjustments, post-camp analytics |
| Event data | Weigh-in date, competition date, event name, weigh-in format | Cut Plan scheduling, rehydration protocol selection |
| Sweat session data | Duration, type, fluid loss (if logged) | Refining the Cut Plan |
| Coach conversations | Your messages to the AI Coach and the Coach's responses | Generating coaching responses; refining your Cut Plan in real time |
| Support communications | Emails, in-app messages | Responding to your requests |
| Waitlist data | Email, Apple ID email, sport, optional upcoming event date, optional notes | Sending TestFlight beta invitations and launch announcements |
4.2 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device data | Device model, OS version, app version, language, time zone | Debugging, compatibility, analytics |
| Usage data | Features used, screens viewed, session timing (aggregated) | Product improvement |
| Crash and error reports | Stack traces, breadcrumbs, error context | Diagnosing and fixing bugs |
| Purchase data | Subscription status, entitlement type, original purchase date, renewal status | Granting and revoking access to paid features |
| IP address (Site only) | IP, approximate location, user agent | Bot deflection, rate limiting, security |
We do not use Apple's Identifier for Advertisers (IDFA). We do not display advertising in the App. We do not request App Tracking Transparency permission because we do not engage in tracking as defined by Apple.
4.3 Information We Do Not Collect
- We do not collect photographs, videos, voice recordings, or biometric data
- We do not access your contacts, camera, microphone, photos, or location
- We do not collect food logs, meal photos, or barcode scans (Deficit is a prescription system, not a tracker)
- We do not integrate with Apple HealthKit at launch (planned for v1.1 with explicit permission)
5. How We Use Your Information
We use your information to:
- Provide the Service. Authenticate you, build your Cut Plan, run the AI Coach, calculate daily targets, manage subscriptions, and deliver app functionality.
- Improve the Service. Diagnose bugs, analyze aggregated usage patterns, and refine the Rule-Based Engine and AI Coach behavior.
- Communicate with you. Send transactional email (account confirmation, password reset, subscription receipts), respond to support requests, and — if you opted in — send TestFlight invitations and launch announcements.
- Protect the Service. Detect and prevent fraud, abuse, and security incidents; enforce our Terms of Service.
- Comply with legal obligations. Respond to lawful requests from regulators, courts, and law enforcement.
Legal Bases (GDPR / UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing are:
- Contract — to provide the Service you signed up for
- Consent — for waitlist signups and any optional communications
- Legitimate interests — to improve, secure, and grow the Service (balanced against your rights)
- Legal obligation — when required by law
You can withdraw consent at any time. See Section 9 (Your Rights).
6. Third Parties and Sub-Processors
We share your information with the following service providers, who process it on our behalf under contractual confidentiality and security obligations. We do not sell your personal information.
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Apple, Inc. | App distribution, payment processing, Sign in with Apple, push notifications | Account identifier, purchase receipts | United States |
| Anthropic, PBC (Claude API) | AI Coach conversational responses, structured data extraction from your messages | Coach conversation contents, athlete profile context, cut state | United States |
| Supabase, Inc. | Database hosting, authentication, edge functions | All account, profile, body-metric, event, and conversation data | United States |
| RevenueCat, Inc. | Subscription management, entitlement validation, receipt verification | Apple anonymous user identifier, purchase events, subscription state | United States |
| Sentry (Functional Software, Inc.) | Crash and error reporting | Device data, stack traces, redacted breadcrumbs | United States |
| Expo / EAS (650 Industries, Inc.) | App build distribution, over-the-air updates | App version, update channel, device data | United States |
| Resend (Resend Inc.) | Transactional email (waitlist welcome, launch announcement) | Email address, send/open events | United States |
| Cloudflare, Inc. | Bot deflection on waitlist (Turnstile), CDN | IP address, user agent, browser fingerprint | Global |
Each provider has its own privacy policy. We review sub-processors before onboarding and require contractual data protection terms (DPA) with each.
Important — AI Coach Data
When you message the AI Coach, your message and relevant context (recent weights, current Cut Plan, sport, event date) are sent to Anthropic for processing. Anthropic processes this data to generate a response and, per its current API terms, does not train its general-purpose models on API customer data. Conversation content is retained in our database to give the Coach memory across sessions.
If this is a concern for you, you can:
- Avoid sending sensitive personal details (medical history, identifying info) through Coach chat
- Request deletion of specific conversations via
support@getdeficit.com - Delete your account, which removes conversation history along with all other data (see Section 9)
7. International Data Transfers
We are based in the United States and most of our sub-processors are located in the United States. If you are outside the United States, your information will be transferred to and processed in countries where data protection laws may differ from your own.
For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, executed with each sub-processor
- UK International Data Transfer Agreement / Addendum where applicable
- Adequacy decisions where they apply
You may request a copy of the transfer mechanism in place for a specific sub-processor by emailing support@getdeficit.com.
8. Data Retention
We retain your information for as long as your account is active and as needed to provide the Service.
| Data | Retention |
|---|---|
| Active account data | While your account is active |
| Dormant account (no login >12 months and no active subscription) | Deleted silently per our retention policy |
| Locked event data ("Dark state" per our Monetization model) | Preserved up to 12 months, then deleted |
| Crash and error logs | 90 days |
| Support communications | 24 months after resolution |
| Purchase receipts / transaction records | 7 years (for tax and regulatory compliance) |
| Backups | Up to 30 days after primary deletion |
You may request earlier deletion at any time (Section 9). Anonymized, aggregated data that no longer identifies you may be retained indefinitely.
9. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access — request a copy of the information we hold about you
- Correction — fix inaccurate information
- Deletion — request that we delete your account and associated data
- Portability — receive your data in a structured, machine-readable format
- Restriction — limit how we process your data
- Objection — object to processing based on legitimate interests
- Withdraw consent — for any processing based on consent
To exercise any right, email support@getdeficit.com from the email address on your account. We will respond within 30 days (or earlier where required by law). We may need to verify your identity before fulfilling certain requests.
California Residents (CCPA / CPRA)
If you are a California resident, you also have the right to:
- Know the categories and specific pieces of personal information we collect, sources, business purposes, and third parties we share with
- Opt out of "sale" or "sharing" — we do not sell or share personal information as defined by the CCPA
- Limit use of sensitive personal information — we use body-metric data only as needed to provide the Service
- Non-discrimination for exercising your rights
You may designate an authorized agent to make requests on your behalf. Contact support@getdeficit.com.
Right to Lodge a Complaint
EEA/UK residents may lodge a complaint with their local supervisory authority. Contact us first if possible — we want to resolve your concern directly.
10. Security
We use industry-standard safeguards to protect your information, including:
- Encryption in transit (TLS 1.2+)
- Encryption at rest for stored data
- Row-Level Security (RLS) on our database — your data is accessible only by you and by authorized service operations
- Server-side enforcement of access controls (we do not rely on client-side checks)
- Hashed and salted passwords (when not using Sign in with Apple)
- Regular dependency auditing and security patching
No system is perfectly secure. If we discover a breach affecting your information, we will notify you and applicable authorities as required by law.
11. Children
The Service is intended for adults aged 18 and over who train and compete in weight-class sports. We do not knowingly collect personal information from anyone under 18, and the Service is not designed or marketed for minors.
Weight cutting carries unique risks for adolescents. If a parent or guardian believes their child has registered for the Service, contact support@getdeficit.com and we will delete the account and associated data.
12. Health Data Notice
Information you provide — including body weight, sex, height, sport, and weight-cutting history — may be considered "health information" or a "special category" of personal data under some laws. We treat this information with heightened care:
- We do not sell it.
- We do not share it with advertisers or data brokers.
- We share it with sub-processors only to the extent needed to provide the Service (Section 6).
- We are not a HIPAA-covered entity and Deficit is not a medical device. The Service does not provide medical advice. See the Terms of Service for the full medical disclaimer.
13. Cookies and Similar Technologies (Site)
The getdeficit.com marketing Site uses minimal cookies and analytics:
- Essential cookies — required for the waitlist form to function (CSRF protection, session)
- Analytics — Plausible, which is privacy-respecting and does not use third-party cookies or cross-site tracking
- Cloudflare Turnstile — for bot deflection on the waitlist form; uses a privacy-friendly attestation mechanism instead of CAPTCHAs
The App itself does not use web cookies.
14. Push Notifications
If you enable push notifications, we may send daily reminders to log your weight, plan-adjustment notifications from the AI Coach, weigh-in day reminders, and rehydration protocol prompts. You can disable notifications at any time in iOS Settings.
We never send marketing pushes.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or in-app notice at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
Older versions are available on request at support@getdeficit.com.
16. Contact
Questions, requests, or concerns:
Mark Calip (sole proprietor)
Attn: Privacy
California, United States
Email: support@getdeficit.com
For California-specific requests: include "California Privacy Request" in the subject line. For EU/UK-specific requests: include "GDPR Request" or "UK GDPR Request" in the subject line.
This Privacy Policy was last updated on 2026-05-19.