Your privacy

Privacy Policy

Last updated: 2026-03-09

1 Introduction

This Privacy Policy describes how PathToPractice ("we", "us", "our") collects, uses, and protects your personal data when you use our web application ("Service").

We respect your privacy and comply with the EU General Data Protection Regulation (GDPR).

2 Data Controller

MHX (CVR no. 36281634) is the data controller for the processing of your personal data in PathToPractice.

hello@pathtopractice.app

3 What Data Do We Collect?

We collect the following categories of personal data:

Account Information

  • Email address – for login, account communication, and notifications
  • Name (optional) – for display in your profile
  • Profile picture (optional) – uploaded by you
  • Phone number (optional) – for contact purposes

Usage Data

  • Exercises and routines – content you create in the Service
  • Audio recordings – recordings you make via the Service's recorder
  • Settings – your preferences (theme, language, audio settings, etc.)

Payment Data

  • Stripe Customer ID – to connect your account with payments
  • Subscription information – plan, period, status
  • We never store your card details – this is handled exclusively by Stripe

Technical Data

  • IP address – used for country detection (currency display) and security
  • Browser and device type – for debugging and compatibility

4 Purposes of Data Processing

We use your data for the following purposes:

  • Service delivery – creating and operating your account, storing your exercises and routines
  • Payment – handling subscriptions via Stripe
  • Communication – emails about your account, payments, and important updates
  • Security – protection against abuse and unauthorized access
  • Improvement – debugging and improving the Service

5 Legal Basis

We process your data based on the following legal grounds (GDPR Art. 6):

  • Contract (Art. 6.1.b) – necessary to provide the Service
  • Consent (Art. 6.1.a) – for optional features like notifications
  • Legitimate interest (Art. 6.1.f) – for security and debugging

6 Third Parties and Data Transfers

We share your data with the following third parties, all necessary to deliver the Service:

ServicePurposeLocation
SupabaseDatabase, authentication, file storageEU (Frankfurt)
StripePayment processingUSA (GDPR, DPA)
CloudflareHosting, CDN, DDoS protectionGlobal (GDPR)
Cloudflare TurnstileBot protection at signupGlobal (GDPR)
YouTube / GoogleVideo embedding (user-initiated)USA (GDPR, DPA)

We never sell your data to third parties.

7 Cookies and Local Storage

PathToPractice uses no third-party cookies and no tracking cookies. We exclusively use:

  • Session cookies – to keep you logged in
  • LocalStorage – to save your settings locally in your browser
  • Service Worker cache – to make the app faster (PWA)

8 Data Retention

  • Account data – retained as long as your account exists
  • Exercises and routines – retained as long as your account exists
  • Audio recordings – retained as long as your account exists
  • Payment history – retained for up to 5 years per Danish bookkeeping law
Upon account deletion, all your data is deleted within 30 days.

9 Your Rights

Under the GDPR, you have the following rights:

  • Access – you can request to see all data we hold about you
  • Rectification – you can correct inaccurate information
  • Erasure – you can request deletion of your data ("right to be forgotten")
  • Data portability – you can request a copy of your data in a structured format
  • Objection – you can object to processing based on legitimate interest
  • Withdrawal of consent – you can withdraw consent at any time

Contact us at hello@pathtopractice.app to exercise your rights. We will respond within 30 days.

You also have the right to lodge a complaint with the Danish Data Protection Agency (datatilsynet.dk).

10 Security

We take data security seriously and employ the following measures:

  • All communication occurs over HTTPS (TLS encryption)
  • Passwords are hashed with bcrypt (via Supabase Auth)
  • Database access is protected with Row Level Security (RLS)
  • Two-factor authentication (2FA) is available

11 Children

The Service is not directed at children under 13. We do not knowingly collect data from children under 13.

Children between 13 and 18 should have parental consent. Student accounts created via school licenses are the responsibility of the school.

12 Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in the app. The latest version is always available on this page.

13 Contact

If you have questions about this Privacy Policy, feel free to contact us:

hello@pathtopractice.app