Last updated: July 18, 2025
Mechanix ("we," "us," or "our") provides an iOS application and this companion website (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and the choices you have.
| Category | What | Purpose | Retention |
|---|---|---|---|
| Device ID | An anonymized UUID generated on first launch (e.g. abcd-1234-efgh-5678). | Associate analyses with you inside the app (history, quota). | Until you delete the app or request erasure. |
| Frame snapshots | Individual JPEG frames extracted locally from your video and sent to our AI provider via our proxy. | Generate coaching feedback. | Held in encrypted RAM only; discarded immediately after the AI response is received (typically < 30 s). |
| Support messages | Name, email, and message content if you email us or use the contact form. | Respond to your request. | Deleted from our mailbox after 180 days. |
| Diagnostic logs (optional) | Crash reports & basic analytics from Apple (aggregated, no personal video). | Improve stability and UX. | 25 months in Apple's dashboard, then auto-culled. |
On-device extraction — When you choose a video, the app isolates only the key frames it needs. The original video itself never leaves your phone.
Secure relay — Those frames are transmitted via HTTPS to our lightweight proxy hosted in Railway | US-West. The proxy strips IP logs (we store only truncated IPs for 24 h to mitigate abuse).
LLM inference — The proxy immediately forwards the frames to our AI vendor OpenAI for analysis and streams the textual feedback back to your device. Frames are held in volatile memory only.
Deletion — Once the response is delivered, the frames are discarded both by us and the AI vendor in accordance with their data-retention policy (currently ≤ 30 days for fraud monitoring, then permanent deletion). We do not use your videos or frames to train our own or third-party models.
| Activity | Legal basis |
|---|---|
| Providing coaching feedback | Performance of a contract (Terms of Use) |
| Crash analytics | Legitimate interest (app stability) |
| Responding to support emails | User consent / contract |
We do not sell or rent personal data. We share it only:
All vendors are bound by data-processing agreements that meet GDPR Article 28 and CCPA §1798.140 requirements.
| Region | Rights & how to exercise |
|---|---|
| EU / UK | Access, rectification, erasure, restriction, objection, data portability. Email hello@getmechanix.com with your UUID. |
| California (CCPA/CPRA) | Right to know, delete, and opt-out of "selling" (we don't sell data). |
| Other | We honor reasonable privacy requests wherever you live. |
We will respond within 30 days. If you delete the app or request erasure, your UUID and any remaining logs are removed from our systems within 14 days.
Mechanix is not directed to children under 13, and we do not knowingly collect data from them.
Despite these safeguards, no internet transmission is 100% secure. We encourage you to keep your device updated.
Your data is processed in the United States. We rely on EU-approved Standard Contractual Clauses for transfers from the EEA/UK.
We may update this Privacy Policy when features or regulations change. We'll post the revised policy here and update the "Last updated" date. For significant changes, we'll notify you in-app.
Email: hello@getmechanix.com
If you have concerns that we can't resolve, EU/UK users may lodge a complaint with their local Data Protection Authority.
