Everything a school's administration, athletic department, or legal team needs to review before bringing Strata on: our terms, how we handle data, and the FERPA and HIPAA frameworks behind the platform.
Effective upon first use
By accessing or using Strata Strength ("the Platform"), you agree to these Terms. If you do not agree, do not use the Platform. These Terms apply to all users including administrators, athletic trainers, coaches, and athletes.
Strata Strength is an athlete performance management platform providing tools for strength & conditioning tracking, health monitoring, injury logging, wellness check-ins, and nutrition education. It is not a medical device and does not provide medical diagnoses or treatment recommendations.
All nutrition guidance, supplement information, wellness scores, and performance data are for educational and informational purposes only. Nothing on this Platform constitutes medical advice. Always consult qualified healthcare professionals for medical decisions.
Users must (a) provide accurate information; (b) maintain the confidentiality of login credentials; (c) use the Platform only for lawful purposes; (d) not attempt to reverse-engineer, copy, or redistribute the Platform or its content.
Student athlete data is protected under FERPA. Institutional administrators are responsible for ensuring appropriate consent and data governance practices at their school or organization. See our Privacy Policy and FERPA Notice for details.
All software, design, content, and methodology comprising the Strata Strength Platform are the exclusive property of Strata Strength LLC, protected under 17 U.S.C. § 501 and applicable intellectual property law. Unauthorized reproduction or distribution is prohibited.
Strata Strength LLC shall not be liable for any indirect, incidental, or consequential damages arising from use of the Platform. The Platform is provided "as is" without warranties of any kind. Total liability shall not exceed fees paid in the preceding 12 months.
These Terms are governed by the laws of the State of Ohio. Disputes shall be resolved in Hamilton County, Ohio.
Strata Strength LLC · mgordon@stratastrength.net
↑ Back to topHow we collect, use, and protect information
We collect information you provide directly: athlete names, school affiliation, performance metrics, wellness check-in responses, injury logs, and contact information. We do not collect Social Security numbers, financial information, or sensitive medical diagnoses.
Information is used solely to provide Platform functionality: performance tracking, health monitoring, program delivery, and reporting to authorized school staff. We do not sell, rent, or share personally identifiable information with third parties for marketing purposes.
Data is stored on secure, access-controlled infrastructure and encrypted at rest and in transit using industry-standard TLS. Each school's data is walled off from every other organization. Staff access to sensitive records requires two-factor authentication.
Nutrition coaching, meal planning, and AI analysis features use Anthropic's Claude API. When you use these features, relevant context (not full student records) is transmitted for processing. Anthropic's privacy policy governs that processing. We do not transmit student names or identifying information to AI services.
The Platform serves minors (athletes under 18). We collect only the minimum data necessary for Platform functionality. Parental contact information is stored for authorized school staff use only and is never shared externally.
You may request access to, correction of, or deletion of your data by contacting mgordon@stratastrength.net. Schools may request full data exports or deletion upon contract termination.
Strata Strength processes student education records only as directed by and on behalf of the educational institution. Schools retain ownership of all student data. Strata Strength does not disclose education records except as directed by the institution or as required by law. Strata operates as a designated school official under FERPA's legitimate educational interest exception (34 C.F.R. § 99.31(a)(1)). See our FERPA Notice for full details.
Clinical records entered by licensed Athletic Trainers, including injury evaluations, treatment notes, and concussion assessments, may constitute Protected Health Information (PHI) under HIPAA depending on the institution's structure. Strata applies HIPAA-aligned data controls to all clinical data regardless of covered entity status. Strata Strength LLC will enter into a Business Associate Agreement (BAA) with covered entities upon request. See our HIPAA Notice for full details.
Privacy questions: mgordon@stratastrength.net
↑ Back to topFamily Educational Rights and Privacy Act (FERPA) — 20 U.S.C. § 1232g
Strata Strength LLC operates as a "school official" under FERPA's legitimate educational interest exception (34 C.F.R. § 99.31(a)(1)). We access student education records solely to perform services the school has contracted for: specifically, athletic performance management and health monitoring.
We access the minimum necessary student record information: name, grade level, sport participation, and athletic performance/health data entered by school staff. We do not access academic records, disciplinary records, or financial information.
The Platform enforces role-based access: Coaches see only sport/level restriction data, clinical details are excluded per FERPA. Athletic Trainers access health data relevant to their role. Administrators have full access. Athletes access only their own records.
We do not disclose student education records to any third party without written consent from the eligible student or parent/guardian, except as permitted by FERPA. Coach reports generated by the Platform are designed to exclude protected health and clinical information.
The contracting school or institution retains ultimate responsibility for FERPA compliance. Schools must ensure appropriate data sharing agreements are in place and that student/parent notification requirements are met.
FERPA questions: mgordon@stratastrength.net · U.S. Department of Education: studentprivacy.ed.gov
↑ Back to topHealth Insurance Portability and Accountability Act (HIPAA) — 45 C.F.R. Parts 160 & 164
HIPAA applies to covered entities (healthcare providers, health plans, clearinghouses) and their business associates. High school and collegiate athletic programs are generally not HIPAA covered entities; however, when a licensed Athletic Trainer provides clinical evaluation and treatment, those records may carry HIPAA protections depending on institutional structure.
Strata applies HIPAA-aligned best practices to all injury and clinical data regardless of covered entity status. Clinical evaluation details, treatment notes, and individually identifiable health information entered by Athletic Trainers are restricted to Athletic Trainer and Admin roles only. Coaches and Sports Coaches cannot access clinical injury details. Athletes see only their own health records.
The Platform is designed around the HIPAA Minimum Necessary Standard: each role accesses only the health information required to perform their legitimate function. Performance testing data visible to coaches is explicitly separated from clinical health records visible only to healthcare staff.
Health data is encrypted at rest and in transit and is not transmitted to third-party advertising or analytics platforms. Access is controlled by role-based authentication and two-factor authentication for staff. Each organization's data is isolated from every other.
The contracting school or organization is responsible for determining whether HIPAA applies to their specific program structure and for ensuring appropriate Business Associate Agreements (BAAs) are in place where required. Strata Strength LLC will enter into a BAA upon request from covered entities.
HIPAA questions: mgordon@stratastrength.net · HHS Office for Civil Rights: hhs.gov/hipaa
↑ Back to topThis page presents Strata's standard terms and compliance notices. Specific data-protection agreements (FERPA data sharing agreements, HIPAA Business Associate Agreements) are executed per customer. To review or request either, email mgordon@stratastrength.net and we'll walk through it. See also our Security & Privacy overview.
