Privacy Policy - Liftly

Last updated: April 21, 2026

Liftly ("we", "our", or "us") provides a fitness tracking experience for logging workouts, body metrics, and related progress. This Privacy Policy describes what information we collect, why we collect it, who we share it with, and the choices you have. It applies to the Liftly website, progressive web app, and native apps (including versions that load our web experience inside a native shell).

1. Who is responsible

Liftly is operated by the project owner reachable at the contact email in Section 12. We act as the data controller for personal information we determine the purposes and means of processing, except where a service provider processes data solely on our instructions (see Section 5).

2. Information we collect

Depending on how you use Liftly, we may process:

Account and authentication

  • Email address and password (or credentials you use with our authentication provider)
  • Username or display name
  • Session tokens stored in cookies or similar storage to keep you signed in

Profile and preferences

  • Name, birthday, gender, country (if you choose to provide them)
  • Unit preferences (for example metric or imperial)

Fitness and health-related data you enter

  • Workout logs, exercises, sets, reps, weights, and related training notes you save
  • Body weight, height, and other body metrics you log
  • Progress, rankings, or analytics derived from the information above

Purchases and entitlements

  • A stable app user identifier linked to your account so subscription and purchase status (for example "Pro" or ad removal) can be verified across devices
  • We do not receive your full payment card details; mobile stores and our purchase partner process payments

Advertising, measurement, and consent (native apps)

  • On supported native builds, we use Google's advertising stack (for example Google Mobile Ads) to show ads. That may involve device and ad interaction data, and where permitted, advertising or device identifiers
  • Where required or offered by the platform, we request permission to use tracking across other companies' apps and websites (for example Apple's App Tracking Transparency on iOS), and we may show consent or preference flows (such as Google's User Messaging Platform) before or in connection with personalized ads

Product and hosting analytics

  • Usage and performance metrics to understand how the service is used and to improve reliability (for example through Vercel Analytics when you use our hosted site or app)

Technical and security data

  • IP address, browser or app version, device type, timestamps, and diagnostic data typical for web and mobile services
  • Information you send when you contact support

3. How we use information

We use personal information to:

  • Create and secure your account, reset access when you ask, and provide core app features
  • Store, sync, and display your workouts, metrics, and progress
  • Validate subscriptions or one-time purchases and restore access when you use restore flows
  • Deliver and measure advertising on supported native builds, subject to your choices and platform rules
  • Operate, maintain, secure, debug, and improve Liftly
  • Comply with law, respond to lawful requests, and enforce our Terms of Service

We do not sell your personal information for money. We may allow advertising partners to use identifiers as described in their policies and in accordance with your consent or device settings where applicable.

4. Legal bases (EEA, UK, and similar regions)

Where laws such as the GDPR apply, we rely on appropriate bases including: performance of a contract (providing Liftly); legitimate interests (security, product improvement, and non-intrusive analytics, balanced against your rights); consent where required (for example certain marketing or tracking choices presented in the app or system); and legal obligations.

5. Service providers and categories of recipients

We use trusted third parties who process information on our behalf or joint controllers in limited cases. They are contractually or legally required to protect data and use it only for the services they provide. Categories include:

  • Supabase (authentication, database, and related infrastructure) — see Supabase's privacy documentation at https://supabase.com/privacy
  • Hosting and analytics (for example Vercel for hosting and Vercel Analytics) — see https://vercel.com/legal/privacy-policy
  • RevenueCat (subscription status, restore, and purchase tooling on native platforms) — see https://www.revenuecat.com/privacy
  • Google advertising and measurement (AdMob and related services on supported native builds) — see Google's privacy resources for ads, including choices where available

Providers may process data in the United States and other countries. Where required, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

6. Retention and deletion

We keep information for as long as your account exists and as needed to provide the service, comply with law, resolve disputes, and enforce agreements. When you delete your account through the in-app account deletion flow, we delete or anonymize personal data associated with your account in line with our technical capabilities and legal obligations. Some residual copies or backups may persist for a limited period before automatic erasure.

Third parties such as Apple, Google, or RevenueCat may retain certain transaction or fraud-prevention records according to their own policies.

7. Your choices and rights

Depending on where you live, you may have the right to:

  • Access, correct, or delete certain personal information
  • Object to or restrict certain processing, or withdraw consent where processing is consent-based
  • Port data you provided in a structured, machine-readable format where technically feasible
  • Lodge a complaint with a supervisory authority

You can update much of your information in the app. For other requests, contact us using Section 12. You can also use platform controls (for example Apple or Google subscription settings, device advertising preferences, or tracking permissions) to limit certain uses.

8. California residents (summary)

If the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) applies, you have rights to know, delete, and correct personal information, and to opt out of "sale" or "sharing" as defined by California law. We do not knowingly sell personal information of minors under 16. To exercise rights, email us at the address below. We will not discriminate against you for exercising these rights.

9. Security

We use administrative, technical, and organizational measures appropriate to the risk. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Children

Liftly is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps to delete it.

11. Changes

We may update this Privacy Policy from time to time. We will post the updated version in the app and update the "Last updated" date. Material changes may require additional notice where the law says so.

12. Contact

Questions about this Privacy Policy: support@liftlygym.com