This Privacy Policy explains how Measured Data LLC, a Texas limited liability company ("Measured Data," "we," "us," or "our"), collects, uses, stores, and protects information in connection with our products — Moments, a personal operations dashboard available at app.trackmoments.com, and practikalMuscle, a workout tracker (together, the "Services") — and applies to anyone who creates an account or otherwise uses the Services.
1. What We Collect
Each user's data is isolated from every other user through row-level security in our database — your data is not visible to other users. Depending on which Services you use, we collect and store the following categories of information:
- Account information: your email address and authentication details (managed via Supabase Auth).
- Content you create: in Moments, this includes tasks, projects, notes, journal entries, quotes, books, and contacts ("People") you create by voice or manually. In practikalMuscle, this includes your workout logs, routines, and any AI-generated routine remixes you request.
- Voice recordings (transitory, Moments): audio you record to create tasks, notes, or other items. Audio is sent to OpenAI's Whisper service for transcription and is not retained by Moments after transcription completes.
- Transcripts and parsed items (Moments): the text transcript of your voice input, and the structured items (tasks, notes, calendar entries, etc.) produced when that transcript is parsed by Anthropic's Claude. These are stored as your data in the Service.
- AI routine remixes (practikalMuscle): when you request an AI remix of a workout routine, your relevant workout data is sent to Anthropic's Claude to generate the suggested routine, which is then stored as your data.
- Personal CRM ("People") data (Moments): contact records you choose to create about other individuals — for example, names, relationships, or contact details. This may include personal information about people other than you who have not created an account and have not directly agreed to this policy. You are responsible for ensuring you have a lawful basis to store this information; see Section 6 of our Terms of Service.
- Calendar data (Moments): events synced from a connected Google Calendar (read-write access) and/or a connected Microsoft 365 / Outlook calendar (read-only — we never create, modify, or delete anything in your Outlook calendar).
- OAuth tokens: authentication tokens for connected Google and/or Microsoft accounts. These are stored server-side, encrypted/hashed where applicable, and are never exposed to the client application or to other users.
- Payment information: subscription payments are processed by Stripe. We do not receive or store your full card number. We retain limited billing metadata from Stripe — such as your plan, billing dates, transaction history, and card type/last four digits — as needed to manage your subscription and provide support.
- Usage metering: counts of API calls and AI tokens consumed (for example, transcription calls, parsing calls, or remix requests), used to enforce plan limits and manage cost.
- Technical data: standard log and diagnostic data (such as timestamps, error logs, and device/browser information) generated through normal operation of the Services.
2. How We Use Your Information
We use the information above solely to operate and improve the Services, specifically to:
- Authenticate you and secure your account;
- Transcribe your voice input and parse it into structured productivity items (Moments);
- Generate AI-suggested routine remixes when requested (practikalMuscle);
- Sync and display calendar events across connected Google and Microsoft accounts (Moments);
- Process payments, manage subscriptions, and send billing-related email (via Resend) such as receipts and payment failure notices;
- Monitor and enforce plan usage limits;
- Diagnose bugs, maintain reliability, and improve the Services;
- Communicate with you about your account, new features, and material changes to the Services.
We do not run advertising, and we do not sell your personal data to anyone. We do not use your content to train our own AI models. When your content is sent to OpenAI or Anthropic for transcription, parsing, or generating routine remixes, it is processed under those providers' standard API terms, which (as of this writing) state that API inputs and outputs are not used to train their models. We do not control changes to third-party providers' policies and encourage you to review them directly.
3. Subprocessors
We rely on the following subprocessors to provide the Services. Each processes a limited set of data strictly necessary for its function:
| Subprocessor | Purpose | Data Involved |
|---|---|---|
| Stripe | Payment processing and subscription billing | Payment details (we do not receive full card numbers), billing metadata |
| Supabase | Application hosting, database, and authentication | All account and application data described in Section 1 |
| Anthropic | AI parsing of voice transcripts (Moments); AI routine remixes (practikalMuscle) | Transcript text; workout/routine data |
| OpenAI | Voice transcription (Whisper) — Moments | Audio (transient, not retained after transcription), resulting transcript |
| Calendar sync — Moments | Calendar events, OAuth token (read-write) | |
| Microsoft | Calendar sync — Moments | Calendar events, OAuth token (read-only) |
| Resend | Transactional email (receipts, account, and notification email) | Email address, message content |
We may add or change subprocessors as the Services evolve; material changes will be reflected in updates to this policy.
4. No Sale of Data, No Training on Your Content
We do not sell your personal data or content to anyone, for any purpose. We do not use your content — voice recordings, transcripts, journal entries, workout logs, or any other data you create — to train our own AI models. Content is shared with our AI subprocessors (Anthropic, OpenAI) only to provide the specific feature you requested, as described above.
5. Data Retention
We retain your data for as long as your account remains active, so that we can provide the Services to you. Specific retention practices:
- Voice audio is not retained after transcription — it exists only transiently during processing.
- Transcripts, parsed items, and all other application data (tasks, notes, People records, calendar sync data, workout logs, routines, etc.) are retained until you delete them individually or delete your account.
- OAuth tokens are retained until you disconnect the relevant integration or delete your account, at which point they are revoked and deleted.
- Billing records from Stripe are retained as needed for accounting, tax, and legal compliance purposes, even after account deletion, as required by law.
- Backups may retain deleted data for a limited period after deletion for disaster-recovery purposes before being purged.
6. Your Rights: Access, Export, and Deletion
- Account deletion: You may request deletion of your account at any time by emailing support@measured-data.com. Deleting your account cascades to delete your associated data (tasks, notes, People records, journal entries, calendar sync data, workout logs, routines, and OAuth tokens) from our production systems, subject to the limited backup and billing-record retention described above.
- Data export: You may request an export of your data at any time by emailing support@measured-data.com; we will provide it in a reasonable format.
- Correction/access: You may access and correct most of your data directly within the app. For anything not editable in-app, contact us directly.
7. GDPR / CCPA and Other Regional Privacy Rights
Depending on where you live, you may have additional rights under laws such as the EU/UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including the right to:
- Confirm whether we process your personal data and access a copy of it;
- Request correction of inaccurate data;
- Request deletion of your data;
- Request a portable export of your data;
- Object to or restrict certain processing;
- Not be discriminated against for exercising these rights.
We do not sell personal data, so there is nothing to opt out of in that respect. To exercise any of these rights, contact support@measured-data.com; we will respond within a reasonable time and, in any event, within the timeframe required by applicable law. We may need to verify your identity before fulfilling a request.
8. Security
We take reasonable measures designed to protect your data, including:
- Row-level security (RLS) enforced at the database layer, so that each user's data is isolated and inaccessible to other users by default;
- Server-side storage of OAuth tokens and secrets, hashed/encrypted where applicable, never exposed to client applications;
- No storage of full card numbers — all card data is handled directly by Stripe;
- TLS encryption for data in transit between your device and our servers, and between our servers and subprocessors;
- Restricted internal access to production data, limited to what is necessary to operate and support the Services.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your data, we will notify you as required by applicable law.
9. Children's Privacy
The Services are not directed to, and are not intended for use by, children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, please contact us at support@measured-data.com and we will delete it.
10. International Users
Measured Data LLC is based in the United States, and the Services are operated from, and your data is processed and stored in, the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, which may have data protection laws different from those of your country.
11. Changes to This Policy
We may update this Privacy Policy as the Services evolve. If we make material changes, we will provide reasonable notice (for example, by email or in-app notice) before the changes take effect. The "Effective date" at the top of this document reflects the most recent revision.
12. Contact
Questions about this Privacy Policy, or requests regarding your data, can be sent to support@measured-data.com.