Privacy Policy for After The Mat

Effective Date: 2026-05-15Version 2026-05-15

1. Introduction

This Privacy Policy describes how AFTER THE MAT, a sole proprietorship registered in British Columbia, Canada ("After The Mat", "we", "our", or "us") collects, uses, shares, and protects your personal information when you use the website https://afterthemat.com and any related applications or services (the "Service"). It also describes your rights and choices regarding your personal information. By using the Service, you agree to the practices described in this Policy.

We operate from British Columbia, Canada. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the British Columbia Personal Information Protection Act (PIPA), and Canada’s Anti-Spam Legislation (CASL). If you are a resident of the European Economic Area, the United Kingdom, or a U.S. state with comprehensive privacy laws (such as California, Colorado, Virginia, or Connecticut), additional rights are described in the “Your Rights” section below.

2. Information We Collect

We collect information in three ways: information you provide, information collected automatically, and information from third parties.

Information you provide

  • Account information: name, username, email address, hashed password, and profile picture. If you sign in with Google, we receive basic profile data from Google in accordance with the scopes you grant.
  • Profile information: bio, combat sports, rank or belt, headline, location (city, country), languages, social-media links, and any other information you add to your profile.
  • User-generated content: videos you upload for review, video reviews you record as a Coach, comments, posts, flowcharts, training plans, calendar events, and messages.
  • Payment information: when you make or receive a payment, Stripe collects payment-card or bank details directly. We do not store full card numbers. We receive limited data such as payment IDs, status, currency, country, and the last four digits of cards.
  • Coach and Academy verification: information required for Stripe Connect onboarding (legal name, address, date of birth, tax IDs as required by Stripe and applicable law).
  • Communications: messages you send to us (including support requests) and other users through the Service.
  • Email preferences: your choices about which emails you want to receive.

Information collected automatically

  • Usage data: pages visited, features used, click events, search queries, time spent, referrer, and other telemetry.
  • Device and log data: IP address, browser type, operating system, device identifiers, and approximate location derived from IP.
  • Video playback data: playback events, viewing duration, quality, and similar engagement metrics collected by our video provider Mux.
  • Cookies and similar technologies: see the "Cookies and Tracking" section below.

Information from third parties

  • Authentication providers (e.g., Google) when you sign in using them.
  • Payment processors (Stripe) for transaction and account-status information.
  • Anti-fraud and security providers (e.g., Cloudflare Turnstile) for bot and abuse detection signals.

3. How We Use Information

We use the information described above to:

  • Provide, maintain, and operate the Service
  • Create and manage your account and Coach or Academy roles
  • Process payments and payouts through Stripe and Stripe Connect
  • Enable coaching relationships, video reviews, lessons, messaging, and community features
  • Send transactional emails (account, security, payments, lesson and review activity)
  • Send marketing emails via Resend, only to users who have expressly opted in, as required by Canada’s Anti-Spam Legislation (CASL) and similar laws
  • Personalize your experience and surface relevant content
  • Measure performance, debug, and improve the Service using analytics tools such as PostHog
  • Promote the Service, including using submitted videos in marketing materials as permitted by our Terms of Service
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms
  • Comply with legal obligations and enforce our agreements

Legal bases (Canada). Under PIPEDA and PIPA (BC), we collect, use, and disclose personal information with your consent (express or implied) for purposes a reasonable person would consider appropriate in the circumstances. We rely on express consent for marketing communications and for sensitive uses such as using your videos in marketing materials.

Legal bases (EEA/UK). Where the GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of a contract (to provide the Service); (b) our legitimate interests (to operate, secure, and improve the Service, and to promote it in ways that respect your rights); (c) your consent (for marketing email and certain cookies); and (d) compliance with legal obligations.

4. How We Share Information

We do not sell your personal information. We share information only as described below:

With other users

  • Your username, profile picture, bio, and public profile fields are visible to other users.
  • When you book a lesson, submit a video for review, or join an Academy, the relevant Coach or Academy admins receive your account information, the content you submit, and related activity.
  • Comments, posts, and messages are visible to the audience you direct them to.

With service providers (processors / subprocessors)

We share information with vendors that help us run the Service. These providers act on our behalf under written agreements and may not use your information for their own purposes except as permitted by law. Current providers include:

  • Amazon Web Services (AWS) — hosting, database, file storage, transactional email (SES)
  • Stripe, Inc. — payment processing and Stripe Connect for payouts
  • Mux, Inc. — video hosting, transcoding, and streaming
  • Resend — marketing and broadcast email delivery
  • Google LLC — authentication, analytics, and advertising services (if used on the Service)
  • Cloudflare, Inc. — bot/abuse detection (Turnstile) and content delivery
  • PostHog Inc. — product analytics

For legal reasons

We may share information when we believe in good faith that disclosure is necessary to (a) comply with a law, regulation, legal process, or governmental request; (b) enforce our Terms; (c) protect the rights, property, or safety of After The Mat, our users, or others; or (d) detect, prevent, or address fraud, security, or technical issues.

Business transfers

If we are involved in a merger, acquisition, financing, sale of assets, or bankruptcy, personal information may be transferred as part of that transaction. We will notify you (such as by email or in-product notice) before your information becomes subject to a different privacy policy.

With your consent

We may share information for purposes that we describe to you, with your consent. For example, you may choose to allow a specific Coach or Academy to use a specific video in their marketing.

5. Cookies and Tracking Technologies

We use the following categories of cookies and similar tech:

  • Strictly necessary — required to sign you in, keep you signed in, and secure your session. These cannot be turned off.
  • Analytics — help us understand how the Service is used (PostHog and similar). You can decline these where consent is required.
  • Marketing — used to measure marketing campaigns and, where applicable, to display advertising. You can decline these where consent is required.
  • Third-party advertising cookies — if the Service displays advertising (e.g., through Google), those providers may set their own cookies, subject to their own policies.

You can manage cookies through your browser settings and through any in-product consent banner. Disabling cookies may affect the functionality of the Service.

6. Data Retention

We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account data: retained while your account exists, plus a grace period after account deletion before permanent removal.
  • User-generated content: retained while it is published or shared on the Service; deleted within a reasonable period after you remove it (excluding routine backups and copies already shared with other users or published in marketing materials prior to deletion).
  • Payments: Stripe retains payment records according to its own policies and applicable law (typically seven years for tax and audit purposes).
  • Email logs and support tickets: typically retained for up to two years.
  • Backups: rolling backups are typically overwritten within 30–90 days.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access to a copy of the personal information we hold about you
  • Correction of inaccurate or incomplete information
  • Deletion of your information, subject to legal exceptions
  • Portability — a machine-readable copy of certain data
  • Restriction or objection to certain processing
  • Withdrawal of consent at any time, where processing is based on consent
  • Opt out of marketing email through the unsubscribe link in any marketing message or in your account settings
  • Opt out of "sale" or "sharing" of personal information — we do not sell or share for cross-context behavioral advertising as defined under California law
  • Non-discrimination for exercising your rights
  • Lodge a complaint with a supervisory authority (EEA/UK), the Office of the Privacy Commissioner of Canada, or the Office of the Information and Privacy Commissioner for British Columbia

To exercise any of these rights, email us at the address below. We may need to verify your identity before responding. We will respond within the time required by applicable law (typically 30–45 days).

8. Children's Privacy

The Service is intended for users 16 and older (or 13 and older with verifiable parental consent and supervision). We do not knowingly collect personal information from children under 13. If we learn that we have collected such information without appropriate consent, we will delete it as soon as reasonably possible. If you believe a child under 13 has provided personal information to us, please contact us using the information below.

9. International Data Transfers

We are based in British Columbia, Canada. Many of our service providers (including Amazon Web Services, Stripe, Mux, Resend, and Google) process information in the United States and other countries. If you access the Service from outside Canada or the United States, your information will be transferred to and processed in jurisdictions that may have different data-protection laws than your country. Where required, we rely on appropriate transfer mechanisms such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement, or equivalent protections.

10. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information, including HTTPS for data in transit, encryption at rest where applicable, access controls, and secure password hashing. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a security incident that affects your information, we will notify you and any regulators as required by law.

11. Third-Party Links and Services

The Service may link to third-party websites or services that we do not control. This Privacy Policy does not apply to those services. We recommend reviewing the privacy policies of any third-party services you interact with.

12. California Privacy Disclosures

California residents have specific rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA, including the right to know what personal information we collect, how we use it, and with whom we share it; to request deletion or correction; to opt out of "sale" or "sharing" of personal information; and to limit the use of sensitive personal information. In the preceding twelve months, we have collected the categories of information described in Section 2 for the purposes described in Section 3. We do not "sell" personal information for money, and we do not "share" personal information for cross-context behavioral advertising as defined under California law. To exercise your rights, contact us below.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide reasonable notice (such as by email or in-product banner) before the change takes effect and will update the "Effective Date" above. Your continued use of the Service after the change constitutes acceptance of the updated Policy.

14. Contact Us

For questions, complaints, or to exercise your rights under this Policy, contact us:

AFTER THE MAT
a British Columbia sole proprietorship
Email: [email protected]

We accept privacy requests, complaints, and other notices by email. If you require a postal address for a specific legal purpose, please request one by email and we will provide it.