Dana Fit AI

Privacy Policy

Last Updated: April 2026

Dana Fit AI is operated by Mother of Mind Ltd ("we", "us", "our"). We are committed to protecting your personal data and handling it responsibly. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Mother of Mind Ltd is registered with the Information Commissioner's Office (ICO) as a data controller.

1. What Data We Collect

We collect the following categories of personal data:

Account & Identity Data

  • Name and email address
  • Account login credentials (managed by Supabase)

Profile & Health Data

  • Fitness goals, training preferences, experience level, and equipment
  • Injuries or physical limitations you choose to share
  • Workout logs, exercise history, and performance data
  • Nutrition targets, meal plans, and dietary preferences
  • Steps and hydration logs

Some of this data — particularly information relating to your health, physical condition, injuries, and dietary needs — may constitute special category data under UK GDPR, which we handle with additional care.

AI Coaching Data

  • The content of your conversations with Dana, our AI coaching assistant

Payment Data

  • Subscription status and billing history (payment card details are held by Stripe — we do not store them)

Technical & Usage Data

  • Analytics events (e.g. workouts completed, features used) to help us improve the platform
  • AI token usage for internal cost management

2. Lawful Basis for Processing

We process your personal data on the following legal grounds under UK GDPR:

  • Contract performance — processing necessary to provide you with the Service you have subscribed to, including your account, workout tracking, and AI coaching features.
  • Legitimate interests — processing necessary for our legitimate business interests, such as improving the platform, preventing fraud, and understanding how users engage with features. We ensure these interests do not override your rights.
  • Legal obligation — retaining financial and transaction records as required by law.
  • Explicit consent — where we process special category health data (your fitness profile, health conditions, and dietary information), we rely on your explicit consent, which you give by completing your profile and using the Service.

3. How We Use Your Data

We use your personal data to:

  • Create and manage your account
  • Provide and personalise the Dana Fit AI Service
  • Power Dana, our AI coaching assistant, with relevant context from your profile
  • Process subscription payments and manage billing
  • Send essential service emails (e.g. billing confirmations, account notices)
  • Send marketing communications where you have opted in (you can unsubscribe at any time)
  • Monitor and improve platform performance and user experience
  • Fulfil our legal and regulatory obligations

4. AI Coaching — How Your Data is Used with Dana

When you interact with Dana, your messages — along with relevant context from your fitness profile — are sent to Anthropic PBC, the company that provides the AI technology powering Dana. Anthropic processes this data to generate responses on our behalf.

You should be aware that:

  • Conversations with Dana may include personal or health-related information you choose to share.
  • This data is transmitted to and processed by Anthropic in accordance with our data processing agreement with them and their own usage policies.
  • We do not use your conversation data to train AI models.
  • We recommend you do not share sensitive information with Dana that you would not be comfortable sharing with a third-party AI provider.

5. Third-Party Service Providers

We share data with the following trusted third-party providers who process data on our behalf as data processors:

  • Supabase — database storage and user authentication
  • Stripe — payment processing and subscription management
  • ActiveCampaign — email marketing and subscriber communications
  • Anthropic PBC — AI processing powering our Dana coaching assistant
  • Vercel — web application hosting and deployment

Each provider is bound by appropriate data processing agreements and is required to handle your data securely and in accordance with applicable data protection law.

6. International Data Transfers

Some of our third-party providers — including Anthropic and Vercel — are based in the United States and may process your data outside the United Kingdom and European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO, to protect your data to the same standard as required under UK GDPR.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Account and profile data — retained for the duration of your account. You may delete your account and all associated data at any time via your account settings.
  • Workout and fitness data — retained as part of your account until deletion.
  • AI conversation data — conversations are not stored on our platform beyond what is necessary to provide the Service in-session.
  • Payment and billing records — retained for 7 years to comply with our legal and financial obligations, even after account deletion.
  • Analytics data — retained in anonymised or aggregated form for platform improvement purposes.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data storage, access controls, and secure authentication. However, no system can be guaranteed 100% secure, and you use the Service at your own risk.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and will inform you without undue delay where required by law.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data (your account settings include a self-service account deletion feature)
  • Right to restrict processing — to request that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, commonly used format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at: hello@danafit.ai

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via an in-app notice. The "Last Updated" date at the top of this page will always reflect the most recent version. We encourage you to review this policy periodically.

11. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact:

Alice Rickard — Dana Fit AI (Mother of Mind Ltd)
hello@danafit.ai