Privacy Policy

SuperLyfe is operated by SuperLyfe Tecnologia Ltda., headquartered in Brazil. For privacy matters, contact us at support@mahhp.org.

We collect the following data, as necessary to provide the contracted services:

• Identification: full name, email, phone, CPF (or equivalent document for foreigners), date of birth, residential address.
• Health (sensitive data — LGPD art. 11): responses to the health intake questionnaire (conditions, smoking, medication use, physical activity), Par-Q questionnaire (cardiovascular readiness for physical activity), height, weight.
• Payment: credit card data processed and stored exclusively by the payment provider Asaas — SuperLyfe does not store full card numbers, CVV or expiry. We store only the last digits and brand for display.
• Wearables: when you connect a wearable device through Terra API (Garmin, Strava, Polar, Suunto, Whoop, Fitbit and others), we receive heart rate, VO₂max, HRV, sleep, activity and training session metrics.
• Platform usage: login records, interactions with the coach tool (chat, WhatsApp Business messages), training feedback, race registrations.
• Technical: IP address, device identifier, operating system, app version.

• Contract performance (LGPD art. 7, V): create and maintain your account, process payments, deliver the training plan built by your coach, enable communication with your sports consultancy.
• Consent (LGPD art. 7, I and 11, II, "a"): processing of sensitive health data (health intake, Par-Q, wearable metrics) so your coach can prescribe appropriate and safe training.
• Legal obligation (LGPD art. 7, II): issuing invoices, retaining tax and accounting records.
• Legitimate interest (LGPD art. 7, IX): fraud prevention, platform security, aggregated usage metrics.

We share data only with partners strictly necessary to deliver the service:

• Firebase (Google LLC) — authentication (Firebase Auth) and realtime database. Data stored on Google servers.
• Asaas (Asaas Gestão Financeira Ltda.) — payment processing via card, Pix and bank slip. SuperLyfe acts as the parent account holder with automatic split to partner sports consultancies.
• Terra (Terra API Inc.) — integration with wearable devices. You explicitly authorize each connection via OAuth on the manufacturer's site.
• WhatsApp Business (Meta Platforms, Inc.) — messages between athlete and coach, when enabled by your sports consultancy.
• Your sports consultancy — name, email, phone, health intake, Par-Q, goals, training feedback and wearable metrics are shared with the sports consultancy and with the coach linked to it whom you selected.

We do not sell personal data to third parties for advertising purposes.

Some of our processors (Firebase, Terra) are headquartered outside Brazil. These transfers occur based on standard contractual clauses and safeguards provided in LGPD art. 33.

We keep your data for as long as your account is active. After account deletion, we retain tax records for the legal period (5 years), security audit logs for 12 months, and anonymize or delete all other data.

At any time, you may:

• Confirm the existence of processing and access your data;
• Correct incomplete, inaccurate or outdated data;
• Anonymize, block or delete unnecessary data or data processed in non-compliance;
• Port your data to another provider;
• Request deletion of data processed under your consent;
• Be informed about with whom we share your data;
• Withdraw consent at any time.

To exercise any right, email support@mahhp.org — we respond within 15 days.

We use encryption in transit (TLS 1.2+) and at rest, role-based access control (athlete, coach, sports consultancy, administrator), and authentication via Firebase Auth (magic link or social providers). Card data is tokenized by Asaas and never traverses our servers.

We use cookies strictly necessary to keep your authenticated session. We do not use advertising or third-party tracking cookies.

We may update this Policy. The current version is always available at plataforma.superlyfe.com.br/privacy. Material changes will be communicated by email and will require new acceptance on your next login.