Privacy Policy

How we handle your data.

Plain language. Real commitments. Last reviewed 2026-05-20.

Who this policy applies to

This policy covers everyone who uses Marrow. Coaches and instructors who run their practice on the platform, athletes and clients who train with those coaches, gym owners and studio admins, and visitors to marrowfitness.com. We wrote it in plain language so a non-technical person can read it without a dictionary. If you have a question, write to privacy@marrowfitness.com and a real person will answer.

What we collect

Depending on how you use Marrow, we collect some or all of the following.

  • Application and form submissions. Name, email, professional details, and anything you wrote in the open text fields.
  • Account data. Email for magic-link authentication, profile information, role (coach, athlete, gym admin), and the connection between coach and athlete accounts.
  • Training data. Programs, sessions, logged workouts, form videos you upload, notes between coach and athlete, nutrition ranges, and wearable-derived signals if you choose to connect a device.
  • Billing data. Name, billing address, and payment method tokens, handled by Stripe. Marrow never sees full card numbers.
  • Operational data. IP addresses, browser type, device type. Used for abuse prevention and to keep the service running. Not used to track you across the web.

What we don't collect

We use Plausible Analytics, which is privacy-first and cookie-free. We don't run Facebook Pixel, Google Analytics, or any retargeting cookies. There's no fingerprinting and no cross-site tracking. We don't sell, license, or share your data with third parties for marketing purposes.

How we use your data

We use the data you submit to:

  • Run the platform, including coaching tools, athlete dashboards, and admin surfaces.
  • Authenticate you and keep your account secure.
  • Process payments for coach subscriptions and athlete billing.
  • Respond to applications, demo requests, and support questions as soon as we can.
  • Send platform onboarding details, transactional notifications, and the receipts you would expect.
  • Maintain a private record of your interaction with us.

Your phone number and text messages

We treat your phone number with the same care as the rest of your data. We do not sell your personal data or your phone number. We do not share it with third parties for their own marketing, and we do not let anyone else use it to market to you. The only companies that ever touch your number are the named service providers that help us run the platform, such as our messaging and payment providers, and only so they can deliver the messages and services you asked for. No mobile information is shared with third parties or affiliates for marketing or promotional purposes.

Text messaging (SMS). If you text or call Marrow's published business number, you consent to receive conversational text replies from us at the number you contacted us from. These messages are how we answer your question, return a missed call, and help you with your account. We do not send marketing or promotional text blasts. Messages are sent in reply to you, and message frequency varies based on how the conversation goes. Message and data rates may apply, depending on your carrier and plan.

You are always in control. Reply STOP to any message to opt out and we will not text you again. Reply HELP for help, or write to hello@marrowfitness.com. Opting out of texts does not close your account or stop transactional notices you need, such as receipts and security alerts.

Where your data lives

Marrow application data is stored in the United States. The primary database is Supabase, hosted in the US, with row-level security enforced at the database layer. Static assets are delivered via Cloudflare's global edge for performance, while application reads and writes route to US origins. Plausible Analytics, hosted in the European Union, receives only anonymized, aggregated page-view counts and never individual identifiers.

Application form submissions arrive through Formsubmit and land in our email inbox at hello@marrowfitness.com. From there, they may be added to your coach or athlete account record if you sign up.

Sub-processors

Marrow uses a small number of third-party services to operate the platform. Each of them is named, with the data they touch and where they're located, on our canonical sub-processor page. We update that page before any new sub-processor goes live and we notify coaches in advance of material changes.

The current list covers Stripe (payments and coach payouts), Cloudflare (DNS, edge, compute, storage), Supabase (database, authentication, video storage), Kit (email sequences), Postmark (transactional email), Plausible Analytics (privacy-friendly analytics), Sentry (error monitoring), Upstash (background job queue), and Daily.co (virtual session video, activating with v1.1 in August 2026).

The canonical, always-current list lives at marrowfitness.com/legal/subprocessors. If the page below ever conflicts with that page, the sub-processor page is the source of truth.

Athletes

If you are an athlete, your data is processed by Marrow on behalf of the coach you train with. Marrow does not market to athletes for anything other than transactional platform notifications. For solo coach accounts, coaches own the relationship with their athletes and may export athlete data at any time. For studio and gym accounts, the gym owns the member relationship at the platform level, and coaches keep a copy of their own programming work, matching the terms of service. On termination of a coach's account, athletes are given 30 days to migrate their training history before deletion.

Your rights

You can export a full copy of your data or close your account at any time from your account settings, no email needed. You can also email privacy@marrowfitness.com to ask what we have on you, request deletion, or correct errors. We respond inside 30 days. If you're in the EU, UK, or California, you have specific rights under GDPR or CCPA. We honor all of them.

How long we keep it

Application data: 12 months unless you become a customer. After that, we retain it as part of your customer record. Customer training data is retained for the life of your account, plus a short post-termination window so you can export it. If you ask us to delete sooner, we delete within 30 days.

Updates to this policy

We'll update this page when our practices change. The "last reviewed" date at the top tracks every revision. If a change is material, we'll email you.

Contact

Marrow Fitness
Miami Beach, FL
privacy@marrowfitness.com