Privacy Policy

OLM is the software platform that powers the gym, academy, or school you interact with as a Member, or that your Organization uses to manage its operations. This Privacy Policy describes how OLM handles personal information collected through the platform.

When an Organization uses OLM to manage its Members, the Organization is the controller of Member personal data and OLM is the processor acting on the Organization's instructions. Members should direct privacy requests (access, deletion, correction) to their Organization in the first instance.

OLM acts as a controller only with respect to data we collect about Organization administrators (account credentials, billing information, support communications) and basic operational telemetry.

Account data: name, email, phone, profile photo, authentication identifiers (via Clerk).

Membership data: rank, attendance, journal entries, waivers, signatures, and other records the Organization stores about its Members.

Billing data: payment status, subscription state, and invoice history. Card numbers and bank credentials are handled by Stripe and never touch OLM servers.

Operational data: device, browser, IP address, log timestamps, and feature usage, used to operate, secure, and improve the platform.

To operate the platform on the Organization's behalf, process payments via Stripe, send transactional and Organization-initiated communications, prevent fraud and abuse, comply with legal obligations, and improve the service.

We do not sell personal information. We do not use Member data to train third-party AI models.

We share data with vetted sub-processors that help us run the platform, including Clerk (authentication), Stripe (payments), Resend and SendGrid (email), AWS (storage), Upstash (rate limiting), and Neon (database hosting). Each sub-processor is bound by contractual confidentiality and data-protection terms.

We disclose data when required by law, valid legal process, or to protect the safety of users.

We use industry-standard safeguards including encryption in transit, encryption at rest for sensitive fields, scoped access controls, audit logging, and regular review of sub-processors. No system is perfectly secure, and we cannot guarantee absolute security.

We retain data for as long as the Organization's account is active and for a reasonable period thereafter for backup, audit, dispute, and legal-compliance purposes. Organizations may delete or export Member records through the admin portal subject to applicable law.

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data. Members should contact their Organization. Organization administrators may contact us directly at the address below.

OLM operates from the United States. By using the platform, you consent to the transfer and processing of your data in the United States, which may have different data-protection laws than your country of residence.

OLM is intended for use by adults and by minors enrolled in an Organization (e.g., kids martial arts programs) under a parent or guardian account. Organizations are responsible for obtaining all required parental consent before enrolling a minor.

We may update this Privacy Policy from time to time. The current version is 2026-05-19, effective May 19, 2026.

Privacy questions? Email support@trainolm.com.