1. Information We Collect
1.1 Account Information
When you create an account using Sign in with Apple or Sign in with Google, we receive and store:
- Display name — your name as provided by Apple or Google
- Email address — your email address (if you use Apple's private relay, we receive the relay address only)
- Authentication identifier — a unique identifier assigned by Firebase Authentication
We do not have access to your Apple ID password, Google password, or payment method details.
1.2 Fitness Profile Data
During onboarding and through the Settings screen, you may provide:
- Biological sex
- Body weight
- Training goal (e.g., hypertrophy, strength, general fitness)
- Training experience level
- Training background
- Number of training days per week
- Rest period preference
- Available gym equipment
- Preferred weight unit (kg or lbs)
- Barbell and dumbbell increment preferences
- Maximum dumbbell, dumbbell pair, and barbell weights
This data is stored locally on your device and synced to our cloud servers for AI-powered features. It is used to generate personalized workout programs.
1.3 Workout Data
When you log workouts, we collect:
- Workout date and duration
- Exercises performed
- Sets, repetitions, and weights used
- Workout completion status
- Personal records (PRs) detected during workouts
- AI coaching feedback and weight suggestions attached to completed sessions
1.4 Subscription Information
If you subscribe to Liftplanr Premium, we store:
- Subscription product identifier (monthly or yearly)
- Subscription expiration date
- Apple App Store transaction identifier
- Subscription environment (production or sandbox)
All payment processing is handled entirely by Apple through the App Store. We do not collect or have access to your credit card number, billing address, or other payment details.
1.5 Apple Health Data (HealthKit)
If you enable the Apple Health integration in Settings, the App may read and write the following HealthKit data:
- Body weight — read from Apple Health to keep your profile up to date
- Workouts — written to Apple Health so your completed strength-training sessions appear in the Health app and contribute to your Activity rings
- Heart rate — read during Apple Watch workouts to display your current heart rate on the Watch and record it with the workout session
- Active calories — collected during Apple Watch workouts and saved with the workout session
HealthKit data is accessed only with your explicit permission through Apple's standard authorization prompt. You can revoke access at any time in Settings > Privacy & Security > Health > Liftplanr on your iPhone or Apple Watch.
Important: Workout data written to HealthKit stays on your device and in your personal iCloud Health account (managed by Apple). Heart rate and active calorie data collected during Watch workouts are saved as part of the HealthKit workout session and are not sent to our servers. Body weight read from HealthKit is used to update your fitness profile, which syncs to our servers for AI features (see Section 3). We do not share HealthKit data with third parties or use it for advertising or analytics.
1.6 Exercise Videos
The App may download exercise demonstration videos to your device for offline viewing. These videos are static content fetched from our servers and do not contain or transmit any personal data. You can disable video caching in Settings > App Settings.
1.7 Push Notifications
If you enable notifications, the App may send local push notifications for:
- Workout reminders — scheduled reminders to train
- Rest timer alerts — notifications when your rest period between sets is complete
- Weekly summaries — a weekly training summary
You can control each notification type individually in the App's settings. No personal data is sent to our servers or third parties through notifications — all notifications are generated locally on your device using Apple's notification framework.
1.8 Website Analytics (Website Only)
When you visit our website, we may use Firebase Analytics (Google Analytics) to understand how visitors use the site — for example, which pages are viewed and for how long. We only enable analytics after you accept our cookie banner. If you decline, no analytics data is collected. Analytics data is aggregated and does not identify you personally.
1.9 Information We Do NOT Collect
- We do not collect your precise location
- We do not access your contacts, photos, or camera
- We do not share Apple HealthKit data with third parties or use it for advertising or analytics. Body weight read from HealthKit may be synced to our servers as part of your fitness profile (see Section 1.5)
- We do not use device advertising identifiers
- The App uses Firebase Crashlytics for crash reporting to help us fix bugs and improve stability. Crashlytics collects crash logs, device model, and OS version — it does not collect personal data, workout data, or identifiers that can be linked to your account
- The App uses Firebase Analytics to collect anonymous usage events (such as completing onboarding or finishing a workout). These events contain no personal data, workout details, or health information — only aggregate counts to help us understand how the App is used
- We do not serve advertisements
2. How We Use Your Information and Legal Basis
We use the information we collect for the following purposes. Under GDPR, we are required to identify a legal basis for each processing activity:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Account authentication | Email, display name, authentication identifier | Art. 6(1)(b) — contract performance |
| AI workout program generation | Fitness profile (goal, experience, equipment, sex, body weight), workout history | Art. 6(1)(b) — contract performance; Art. 9(2)(a) — explicit consent for health data |
| AI weight suggestions | Fitness profile, recent exercise performance | Art. 6(1)(b) — contract performance; Art. 9(2)(a) — explicit consent for health data |
| AI session feedback | Fitness profile, first name, completed workout data | Art. 6(1)(b) — contract performance; Art. 9(2)(a) — explicit consent for health data |
| AI injury exercise modifications | Fitness profile, reported injuries | Art. 6(1)(a) — consent; Art. 9(2)(a) — explicit consent for health data |
| Apple Health sync | Body weight (read), heart rate and active calories (Watch), workout summaries (write) — with your permission | Art. 6(1)(a) — consent; Art. 9(2)(a) — explicit consent |
| Cloud backup and sync | Workout sessions, programs | Art. 6(1)(b) — contract performance |
| Subscription management | Transaction ID, product ID, expiration date | Art. 6(1)(b) — contract performance |
| Rate limiting | Daily count of AI feature usage (no personal data) | Art. 6(1)(f) — legitimate interest (service stability) |
| Crash reporting | Crash logs, device model, OS version (no personal data) | Art. 6(1)(f) — legitimate interest (service stability) |
| App analytics | Anonymous usage events (e.g. onboarding completed, workout completed, subscription started) — no personal data or workout content | Art. 6(1)(f) — legitimate interest (product improvement) |
| Website analytics | Page views, session duration (website only, with your consent) | Art. 6(1)(a) — consent |
Note on health data: Body weight, biological sex (in a fitness context), and injury reports may constitute data concerning health under GDPR Article 9. We process this data based on your explicit consent, which you provide when you use the App's AI features. You can use the App's core features (workout logging, tracking, local program generation) without consenting to AI data processing.
3. AI-Powered Features
Liftplanr uses a third-party AI service to power its AI features, including program generation, program optimization, weight suggestions, and session feedback. See Section 11 for the specific services used.
What data is sent to our AI provider
When you use an AI feature, the following fitness data only is sent to our AI provider's servers:
- Training preferences (goal, experience level, days per week)
- Body metrics (biological sex, body weight)
- Available equipment
- Workout history (exercises, weights, and repetitions)
- Reported injuries (body part and severity), when using exercise modification features
What data is NOT sent to our AI provider
- Your email address
- Your device identifiers
- Your Firebase user ID
- Your IP address (not forwarded in request payloads)
Your first name may be included in AI requests to personalize coaching feedback and session reviews. No other personally identifiable information is sent.
All AI requests are processed through our backend servers (hosted in the EU) — the App does not communicate directly with the AI provider. However, the AI service may process requests on servers located in the United States or other regions outside the EU. Only anonymized fitness data (as listed above) is included in these requests — no personally identifiable information is sent. AI-generated responses are returned to you and are not stored on our servers.
Data sent to our AI provider is not used to train AI models. See Section 11 for our AI provider's terms of service.
4. Data Storage and Security
4.1 Local Storage
Your fitness profile and workout data are stored locally on your device using Apple's SwiftData framework (an encrypted SQLite database). This data remains on your device and is protected by your device passcode, Face ID, or Touch ID.
4.2 Cloud Storage
Account information, workout sessions, and programs are synced to Google Cloud Firestore, hosted in the EU (europe-west1, Belgium) region. Data is:
- Encrypted in transit using TLS 1.2+
- Encrypted at rest using Google's default encryption
- Protected by Firebase Security Rules that restrict access to authenticated users only — each user can only access their own data
4.3 Backend Infrastructure
Our backend runs on Google Cloud Functions in the EU (europe-west1) region. All API requests require a valid Firebase Authentication token. We do not maintain separate logs containing personal data.
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
We share data only with the following service providers, strictly for the purposes of operating the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase (Authentication) | Account sign-in and management | Email, display name, auth ID |
| Google Firebase (Firestore) | Cloud storage and sync | Workout data, programs, subscription status |
| Third-party AI service (see Section 11) | AI workout generation and coaching | Fitness profile and workout history (no PII) |
| Apple App Store | Subscription payment processing | Handled by Apple — we receive transaction IDs only |
| Apple HealthKit | Health data sync (with permission) | Body weight (read — synced to profile on our servers), heart rate and active calories (Watch workouts — stays on device), workout summaries (write — stays on device) |
| Firebase Analytics | Website usage analytics | Page views, session data (only when you accept cookies) |
| Firebase Crashlytics | Crash reporting and stability | Crash logs, device model, OS version (no personal data) |
We do not share data with advertising networks, data brokers, or any other third parties.
6. Data Retention
- Active accounts: Your data is retained for as long as your account is active.
- Deleted accounts: When you delete your account, all data is permanently removed from our servers and your device immediately (see Section 8). We do not retain any personal data after account deletion — there is no grace period or soft-delete window. Cloud Function execution logs (which do not contain personal data) are retained for 30 days per Google Cloud's default log retention policy.
- AI processing: Data sent to our AI provider for AI features is processed in real time. AI-generated coaching feedback and weight suggestions are stored with your workout session data so they can be displayed in your workout history and synced across devices. The raw prompts sent to our AI provider are not stored on our servers.
7. Your Rights and Choices
Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:
7.1 Access and Portability
All of your workout data and profile information is visible within the App at any time. You have the right to receive your personal data in a structured, commonly used, machine-readable format (GDPR Article 20). Contact us at support@liftplanr.app to request a data export.
7.2 Correction
You can update your fitness profile at any time through Settings > Edit Profile in the App. You have the right to have inaccurate personal data corrected (GDPR Article 16).
7.3 Deletion
You can permanently delete your account and all associated data at any time through Settings > Delete Account in the App. This action:
- Deletes your Firebase Authentication account
- Deletes all data from Cloud Firestore (profile, sessions, programs, usage records)
- Deletes all local data from your device (SwiftData database, cached preferences)
- Is irreversible — deleted data cannot be recovered
Note: If you have an active subscription, deleting your account does not automatically cancel your subscription. You must cancel your subscription separately through Settings > Subscriptions on your iPhone, or through the App Store.
7.4 Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances (GDPR Article 18), for example, if you contest the accuracy of the data or object to our processing.
7.5 Right to Object
You have the right to object to processing based on legitimate interest (GDPR Article 21). Where we process data based on legitimate interest (crash reporting, rate limiting), you may object by contacting us.
7.6 Withdrawal of Consent
Where processing is based on your consent (AI features, Apple Health, website analytics), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You can stop using AI features at any time — the App's core workout logging and tracking functionality works without AI. You can revoke HealthKit access in your device's Settings. You can reject analytics cookies on the website.
7.7 Sign Out
You can sign out at any time through Settings > Sign Out. Signing out clears your authentication state but preserves your local data on the device.
7.8 Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a data protection supervisory authority. In Finland, this is:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) Lintulahdenkuja 4, 00530 Helsinki, Finland Email: tietosuoja@tietosuoja.fi Website: https://tietosuoja.fi
If you reside in another EU/EEA country, you may also contact your local supervisory authority.
7.9 Automated Decision-Making
The App uses AI to generate workout programs, weight suggestions, session feedback, and exercise modification suggestions based on your fitness profile and workout history. These are automated processes — no human reviews the AI output before it is shown to you. The AI does not make decisions that produce legal effects or similarly significant effects concerning you. You are always free to disregard AI suggestions and make your own choices about your workout. If you have concerns about an AI-generated recommendation, contact us at support@liftplanr.app.
8. Account Deletion Details
When you choose to delete your account, the following data is permanently deleted:
From our servers (Google Cloud Firestore):
- User profile document (name, email, subscription status)
- All workout session records
- All saved workout programs
- All AI usage counters
From Firebase Authentication:
- Your authentication account and credentials
From your device:
- SwiftData database (all profiles, programs, sessions, exercises)
- All cached preferences and onboarding flags
- AI suggestion cache
9. Children's Privacy
You must be at least 16 years of age to use the App (see our Terms of Service). We do not knowingly collect personal information from anyone under 16. If we become aware that a person under 16 has provided us with personal information, we will take steps to delete that information promptly.
10. International Data Transfers
Your data is processed and stored in the European Union (Belgium). If you are located outside of the EU, your data will be transferred to and processed in the EU.
When you use AI-powered features, fitness data (see Section 3) may be processed by our AI provider on servers located in the United States or other regions. Only your first name and fitness data are included in AI requests — no email, user ID, or device identifiers are sent. Our AI provider does not use this data to train its models (see Section 11 for provider terms).
We rely on the EU-US Data Privacy Framework (under which Google is certified), Google Cloud's Data Processing Addendum, and Standard Contractual Clauses for the lawful transfer and protection of your data. We have entered into data processing agreements with our service providers in accordance with GDPR Article 28. You may request a copy of the relevant safeguards by contacting us at support@liftplanr.app.
11. Third-Party Services
The App uses the following third-party services:
- Firebase Authentication — Google Privacy Policy
- Firebase Analytics — Google Privacy Policy (website only, with consent)
- Cloud Firestore — Google Cloud Terms
- Google Gemini API (AI features) — Gemini API Terms
- Firebase Crashlytics — Google Privacy Policy (crash logs only, no personal data)
- Apple HealthKit — Apple Privacy Policy (on-device only, with your permission)
- Sign in with Apple — Apple Privacy Policy
- Google Sign-In — Google Privacy Policy
We encourage you to review the privacy policies of these third-party services.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Parcloud Oy Business ID (Y-tunnus): 3154332-3 Parainen, Finland Email: support@liftplanr.app
Apple App Privacy
The following data types are collected by the App, as declared on the App Store:
| Category | Data type | Purpose | Linked to identity |
|---|---|---|---|
| Contact Info | Name | App Functionality | Yes |
| Contact Info | Email Address | App Functionality | Yes |
| Health & Fitness | Health (body weight, heart rate) | App Functionality | Yes |
| Health & Fitness | Fitness (workouts, active calories) | App Functionality | Yes |
| Identifiers | User ID | App Functionality | Yes |
| Purchases | Purchase History | App Functionality | Yes |
All data is used for App Functionality only. No data is used for tracking or advertising.
Health Disclaimer
Liftplanr is a fitness tool and is not a substitute for professional medical advice. Please review our Health & Fitness Disclaimer for important information about using the App for exercise.
Summary
| Question | Answer |
|---|---|
| Do you sell my data? | No, never. |
| Do you show ads? | No. |
| Do you track me? | Website: analytics only with your consent. App: no. |
| What AI sees my data? | A third-party AI service — your first name and fitness data only, no email or user ID. See Section 11. |
| Do you access Apple Health? | Only with your permission. Heart rate and calories stay on your device. Body weight syncs to our servers for AI features. |
| Where is my data stored? | On your device + EU (Belgium) cloud servers. AI requests may be processed in the US (anonymized data only). |
| Can I delete everything? | Yes, instantly, from Settings > Delete Account. |