1. Information We Collect
1.1 Account Information
When you create an account using Sign in with Apple or Sign in with Google, we receive and store:
- Display name — your name as provided by Apple or Google
- Email address — your email address (if you use Apple's private relay, we receive the relay address only)
- Authentication identifier — a unique identifier assigned by Firebase Authentication
We do not have access to your Apple ID password, Google password, or payment method details.
1.2 Fitness Profile Data
During onboarding and through the Settings screen, you may provide:
- Biological sex
- Body weight
- Training goal (e.g., hypertrophy, strength, general fitness)
- Training experience level
- Training background
- Number of training days per week
- Rest period preference
- Available gym equipment
- Preferred weight unit (kg or lbs)
- Barbell and dumbbell increment preferences
- Maximum dumbbell, dumbbell pair, and barbell weights
This data is stored locally on your device and synced to our cloud servers for AI-powered features. It is used to generate personalized workout programs.
1.3 Workout Data
When you log workouts, we collect:
- Workout date and duration
- Exercises performed
- Sets, repetitions, and weights used
- Workout completion status
- Personal records (PRs) detected during workouts
- AI coaching feedback and weight suggestions attached to completed sessions
1.4 Subscription Information
If you subscribe to Liftplanr Premium, we store:
- Subscription product identifier (monthly or yearly)
- Subscription expiration date
- Store transaction identifier (Apple App Store on iOS, Google Play on Android)
- Subscription environment (production or sandbox)
All payment processing is handled entirely by the app store on your platform — Apple through the App Store on iOS, or Google through Google Play on Android. We do not collect or have access to your credit card number, billing address, or other payment details. We use RevenueCat as our subscription-management provider; it validates your purchase with the relevant app store and reports your subscription status back to us (see Sections 5 and 11).
1.5 Health & Fitness Data (Apple Health & Health Connect)
The App can optionally integrate with your device's health platform — Apple Health (HealthKit) on iPhone and Apple Watch, or Health Connect on Android. These integrations are off by default and are enabled only from the Settings screen.
Apple Health (iOS). If you enable the Apple Health integration, the App may read and write the following HealthKit data:
- Body weight — read from Apple Health to keep your profile up to date
- Workouts — written to Apple Health so your completed strength-training sessions appear in the Health app and contribute to your Activity rings
- Heart rate — read during Apple Watch workouts to display your current heart rate on the Watch and record it with the workout session
- Active calories — collected during Apple Watch workouts and saved with the workout session
Health Connect (Android). If you enable the Health Connect integration, the App may read and write the following Health Connect data:
- Body weight — read from Health Connect to keep your fitness profile up to date
- Workout sessions — completed strength-training sessions are written to Health Connect so they appear in your other health and fitness apps
- Active calories — an estimated active-energy figure for each completed session is written to Health Connect
The Android app does not read heart rate, as Liftplanr does not yet have a Wear OS companion app.
Health-platform data is accessed only with your explicit permission, granted through the operating system's standard authorization prompt. You can revoke access at any time:
- iOS — Settings > Privacy & Security > Health > Liftplanr on your iPhone or Apple Watch
- Android — open the Health Connect settings, then App permissions > Liftplanr
Important: Workout, heart rate, and active-calorie data written to your health platform stays on your device and in your personal health account, managed by Apple or Google. This data is not sent to our servers. Body weight read from your health platform is used to update your fitness profile, which syncs to our servers for AI features (see Section 3). We do not share health-platform data with third parties or use it for advertising or analytics.
1.6 Exercise Videos
The App may download exercise demonstration videos to your device for offline viewing. These videos are static content fetched from our servers and do not contain or transmit any personal data. You can disable video caching in Settings > App Settings.
1.7 Push Notifications
If you enable notifications, the App may send local push notifications for:
- Workout reminders — scheduled reminders to train
- Rest timer alerts — notifications when your rest period between sets is complete
- Weekly summaries — a weekly training summary
You can control each notification type individually in the App's settings. No personal data is sent to our servers or third parties through notifications — all notifications are generated locally on your device using your operating system's local notification framework.
1.8 Website Analytics (Website Only)
When you visit our website, we may use Firebase Analytics (Google Analytics) to understand how visitors use the site — for example, which pages are viewed and for how long. We only enable analytics after you accept our cookie banner. If you decline, no analytics data is collected. Analytics data is aggregated and does not identify you personally.
1.9 Information We Do NOT Collect
- We do not collect your precise location
- We do not access your contacts, photos, or camera
- We do not share Apple Health or Health Connect data with third parties or use it for advertising or analytics. Body weight read from your health platform may be synced to our servers as part of your fitness profile (see Section 1.5)
- We do not use device advertising identifiers
- The App uses Firebase Crashlytics for crash reporting to help us fix bugs and improve stability. Crashlytics collects crash logs, device model, and OS version — it does not collect personal data, workout data, or identifiers that can be linked to your account
- The App uses Firebase Analytics to collect anonymous usage events (such as completing onboarding or finishing a workout). These events contain no personal data, workout details, or health information — only aggregate counts to help us understand how the App is used
- We do not serve advertisements
2. How We Use Your Information and Legal Basis
We use the information we collect for the following purposes. Under GDPR, we are required to identify a legal basis for each processing activity:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Account authentication | Email, display name, authentication identifier | Art. 6(1)(b) — contract performance |
| AI workout program generation | Fitness profile (goal, experience, equipment, sex, body weight), workout history | Art. 6(1)(b) — contract performance; Art. 9(2)(a) — explicit consent for health data |
| AI weight suggestions | Fitness profile, recent exercise performance | Art. 6(1)(b) — contract performance; Art. 9(2)(a) — explicit consent for health data |
| AI session feedback | Fitness profile, first name, completed workout data | Art. 6(1)(b) — contract performance; Art. 9(2)(a) — explicit consent for health data |
| AI injury exercise modifications | Fitness profile, reported injuries | Art. 6(1)(a) — consent; Art. 9(2)(a) — explicit consent for health data |
| Apple Health / Health Connect sync | Body weight (read), heart rate and active calories, workout summaries (write) — with your permission | Art. 6(1)(a) — consent; Art. 9(2)(a) — explicit consent |
| Cloud backup and sync | Workout sessions, programs | Art. 6(1)(b) — contract performance |
| Subscription management | Transaction ID, product ID, expiration date | Art. 6(1)(b) — contract performance |
| Rate limiting | Daily count of AI feature usage (no personal data) | Art. 6(1)(f) — legitimate interest (service stability) |
| Crash reporting | Crash logs, device model, OS version (no personal data) | Art. 6(1)(f) — legitimate interest (service stability) |
| App analytics | Anonymous usage events (e.g. onboarding completed, workout completed, subscription started) — no personal data or workout content | Art. 6(1)(f) — legitimate interest (product improvement) |
| Website analytics | Page views, session duration (website only, with your consent) | Art. 6(1)(a) — consent |
| Re-engagement email | Email address, first name, account-creation timestamp, free-generation flag | Art. 6(1)(f) — legitimate interest (re-engaging users who started setup) |
Note on health data: Body weight, biological sex (in a fitness context), and injury reports may constitute data concerning health under GDPR Article 9. We process this data based on your explicit consent, which you provide when you use the App's AI features. You can use the App's core features (workout logging, tracking, local program generation) without consenting to AI data processing.
2.1 Re-engagement email (one-time, post-signup)
If you create a Liftplanr account and generate your first workout program but do not start a 14-day trial within approximately 24 hours, we may send you a single reminder email to the address associated with your account. The email lets you know your generated program is saved and reassures you that you can start the trial whenever you want and cancel it any time before day 15.
- When it sends: once, between 24 and 26 hours after account creation, only if you have not yet started a trial or subscription
- What it contains: your first name (if you provided one during sign-in), a reminder that your program is saved, information about the trial, a link to open the App, and a one-tap unsubscribe link
- Frequency: at most one such email per account, ever — we do not send recurring marketing emails or newsletters
- Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in re-engaging users who began setup but did not complete it. We rely on the soft opt-in path (PECR Article 13(2)) since the email is for the same service you started using and we provide a clear opt-out in every message.
- How to opt out: tap the Unsubscribe link at the bottom of the email, or email support@liftplanr.app. Once you opt out, we will never email you again from this pipeline.
- Apple Sign-In private relay: if you signed up using "Hide My Email," we send the reminder to the relay address Apple provides — we never receive your real email and Apple forwards the message to you.
3. AI-Powered Features
Liftplanr uses a third-party AI service to power its AI features, including program generation, program optimization, weight suggestions, and session feedback. See Section 11 for the specific services used.
What data is sent to our AI provider
When you use an AI feature, the following fitness data only is sent to our AI provider's servers:
- Training preferences (goal, experience level, days per week)
- Body metrics (biological sex, body weight)
- Available equipment
- Workout history (exercises, weights, and repetitions)
- Reported injuries (body part and severity), when using exercise modification features
What data is NOT sent to our AI provider
- Your email address
- Your device identifiers
- Your Firebase user ID
- Your IP address (not forwarded in request payloads)
Your first name may be included in AI requests to personalize coaching feedback and session reviews. No other personally identifiable information is sent.
All AI requests are processed through our backend servers (hosted in the EU) — the App does not communicate directly with the AI provider. However, the AI service may process requests on servers located in the United States or other regions outside the EU. Only anonymized fitness data (as listed above) is included in these requests — no personally identifiable information is sent. AI-generated responses are returned to you and are not stored on our servers.
Data sent to our AI provider is not used to train AI models. See Section 11 for our AI provider's terms of service.
4. Data Storage and Security
4.1 Local Storage
Your fitness profile and workout data are stored locally on your device — using Apple's SwiftData framework on iOS and the Room persistence library on Android (both encrypted SQLite databases). This data remains on your device and is protected by your device passcode or biometric lock (Face ID, Touch ID, or Android biometric unlock).
4.2 Cloud Storage
Account information, workout sessions, and programs are synced to Google Cloud Firestore, hosted in the EU (europe-west1, Belgium) region. Data is:
- Encrypted in transit using TLS 1.2+
- Encrypted at rest using Google's default encryption
- Protected by Firebase Security Rules that restrict access to authenticated users only — each user can only access their own data
4.3 Backend Infrastructure
Our backend runs on Google Cloud Functions in the EU (europe-west1) region. All API requests require a valid Firebase Authentication token. We do not maintain separate logs containing personal data.
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
We share data only with the following service providers, strictly for the purposes of operating the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase (Authentication) | Account sign-in and management | Email, display name, auth ID |
| Google Firebase (Firestore) | Cloud storage and sync | Workout data, programs, subscription status |
| Third-party AI service (see Section 11) | AI workout generation and coaching | Fitness profile and workout history (no PII) |
| Apple App Store / Google Play | Subscription payment processing | Handled by the app store — we receive transaction identifiers only |
| RevenueCat | Subscription management infrastructure | App user identifier (your Firebase user ID), purchase receipts, subscription status |
| Apple Health / Health Connect | Health data sync (with permission) | Body weight (read — synced to profile on our servers), heart rate and active calories (stay on device), workout summaries (write — stay on device) |
| Firebase Analytics | Website usage analytics | Page views, session data (only when you accept cookies) |
| Firebase Crashlytics | Crash reporting and stability | Crash logs, device model, OS version (no personal data) |
We do not share data with advertising networks, data brokers, or any other third parties.
6. Data Retention
- Active accounts: Your data is retained for as long as your account is active.
- Deleted accounts: When you delete your account, all data is permanently removed from our servers and your device immediately (see Section 8). We do not retain any personal data after account deletion — there is no grace period or soft-delete window. Cloud Function execution logs (which do not contain personal data) are retained for 30 days per Google Cloud's default log retention policy.
- AI processing: Data sent to our AI provider for AI features is processed in real time. AI-generated coaching feedback and weight suggestions are stored with your workout session data so they can be displayed in your workout history and synced across devices. The raw prompts sent to our AI provider are not stored on our servers.
7. Your Rights and Choices
Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:
7.1 Access and Portability
All of your workout data and profile information is visible within the App at any time. You have the right to receive your personal data in a structured, commonly used, machine-readable format (GDPR Article 20). Contact us at support@liftplanr.app to request a data export.
7.2 Correction
You can update your fitness profile at any time through Settings > Edit Profile in the App. You have the right to have inaccurate personal data corrected (GDPR Article 16).
7.3 Deletion
You can permanently delete your account and all associated data at any time through Settings > Delete Account in the App. This action:
- Deletes your Firebase Authentication account
- Deletes all data from Cloud Firestore (profile, sessions, programs, usage records)
- Deletes all local data from your device (the local SwiftData or Room database, cached preferences)
- Is irreversible — deleted data cannot be recovered
Note: If you have an active subscription, deleting your account does not automatically cancel your subscription. You must cancel your subscription separately — on iOS through Settings > Subscriptions on your iPhone or the App Store, and on Android through Google Play > Payments & subscriptions.
7.4 Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances (GDPR Article 18), for example, if you contest the accuracy of the data or object to our processing.
7.5 Right to Object
You have the right to object to processing based on legitimate interest (GDPR Article 21). Where we process data based on legitimate interest (crash reporting, rate limiting), you may object by contacting us.
7.6 Withdrawal of Consent
Where processing is based on your consent (AI features, Apple Health, website analytics), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You can stop using AI features at any time — the App's core workout logging and tracking functionality works without AI. You can revoke Apple Health or Health Connect access in your device's settings at any time. You can reject analytics cookies on the website.
7.7 Sign Out
You can sign out at any time through Settings > Sign Out. Signing out clears your authentication state but preserves your local data on the device.
7.8 Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a data protection supervisory authority. In Finland, this is:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) Lintulahdenkuja 4, 00530 Helsinki, Finland Email: tietosuoja@tietosuoja.fi Website: https://tietosuoja.fi
If you reside in another EU/EEA country, you may also contact your local supervisory authority.
7.9 Automated Decision-Making
The App uses AI to generate workout programs, weight suggestions, session feedback, and exercise modification suggestions based on your fitness profile and workout history. These are automated processes — no human reviews the AI output before it is shown to you. The AI does not make decisions that produce legal effects or similarly significant effects concerning you. You are always free to disregard AI suggestions and make your own choices about your workout. If you have concerns about an AI-generated recommendation, contact us at support@liftplanr.app.
8. Account Deletion Details
When you choose to delete your account, the following data is permanently deleted:
From our servers (Google Cloud Firestore):
- User profile document (name, email, subscription status)
- All workout session records
- All saved workout programs
- All AI usage counters
From Firebase Authentication:
- Your authentication account and credentials
From your device:
- The local database (SwiftData on iOS, Room on Android) — all profiles, programs, sessions, exercises
- All cached preferences and onboarding flags
- AI suggestion cache
9. Children's Privacy
You must be at least 16 years of age to use the App (see our Terms of Service). We do not knowingly collect personal information from anyone under 16. If we become aware that a person under 16 has provided us with personal information, we will take steps to delete that information promptly.
10. International Data Transfers
Your data is processed and stored in the European Union (Belgium). If you are located outside of the EU, your data will be transferred to and processed in the EU.
When you use AI-powered features, fitness data (see Section 3) may be processed by our AI provider on servers located in the United States or other regions. Only your first name and fitness data are included in AI requests — no email, user ID, or device identifiers are sent. Our AI provider does not use this data to train its models (see Section 11 for provider terms).
If you purchase a subscription, your purchase records and app user identifier are also processed by RevenueCat, our subscription-management provider, on servers located in the United States (see Sections 1.4 and 5).
We rely on the EU-US Data Privacy Framework (under which Google is certified), Google Cloud's Data Processing Addendum, and Standard Contractual Clauses for the lawful transfer and protection of your data. We have entered into data processing agreements with our service providers in accordance with GDPR Article 28. You may request a copy of the relevant safeguards by contacting us at support@liftplanr.app.
11. Third-Party Services
The App uses the following third-party services:
- Firebase Authentication — Google Privacy Policy
- Firebase Analytics — Google Privacy Policy (anonymous usage analytics)
- Cloud Firestore — Google Cloud Terms
- Google Gemini API (AI features) — Gemini API Terms
- Firebase Crashlytics — Google Privacy Policy (crash logs only, no personal data)
- RevenueCat (subscription management) — RevenueCat Privacy Policy
- Apple App Store (iOS) / Google Play Billing (Android) — subscription payment processing
- Apple HealthKit (iOS only) — Apple Privacy Policy (on-device only, with your permission)
- Health Connect by Android (Android only) — Google Privacy Policy (on-device only, with your permission)
- Sign in with Apple (iOS only) — Apple Privacy Policy
- Google Sign-In — Google Privacy Policy
We encourage you to review the privacy policies of these third-party services.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Parcloud Oy Business ID (Y-tunnus): 3154332-3 Parainen, Finland Email: support@liftplanr.app
Apple App Privacy
The following data types are collected by the App, as declared on the App Store:
| Category | Data type | Purpose | Linked to identity |
|---|---|---|---|
| Contact Info | Name | App Functionality | Yes |
| Contact Info | Email Address | App Functionality | Yes |
| Health & Fitness | Health (body weight, heart rate) | App Functionality | Yes |
| Health & Fitness | Fitness (workouts, active calories) | App Functionality | Yes |
| Identifiers | User ID | App Functionality | Yes |
| Purchases | Purchase History | App Functionality | Yes |
All data is used for App Functionality only. No data is used for tracking or advertising.
Google Play Data Safety
The following summarizes the data the Android app collects, as declared in the Google Play Data safety section:
| Data type | Collected | Shared | Purpose |
|---|---|---|---|
| Name | Yes | No | App functionality; account management |
| Email address | Yes | No | App functionality; account management |
| Health info (body weight) | Yes | No | App functionality |
| Fitness info (workouts, active calories) | Yes | No | App functionality |
| User IDs | Yes | No | App functionality |
| Purchase history | Yes | No | App functionality |
| App interactions | Yes | No | Analytics |
All collected data is encrypted in transit. We do not sell your data, and we do not share data with third parties for advertising. You can request that all of your data be deleted at any time from Settings > Delete Account in the App. The service providers listed in Section 5 process data only to operate the App.
Health Disclaimer
Liftplanr is a fitness tool and is not a substitute for professional medical advice. Please review our Health & Fitness Disclaimer for important information about using the App for exercise.
Summary
| Question | Answer |
|---|---|
| Do you sell my data? | No, never. |
| Do you show ads? | No. |
| Do you track me? | Website: analytics only with your consent. App: no. |
| What AI sees my data? | A third-party AI service — your first name and fitness data only, no email or user ID. See Section 11. |
| Do you access health data? | Only with your permission, via Apple Health (iOS) or Health Connect (Android). Heart rate and calories stay on your device. Body weight syncs to our servers for AI features. |
| Where is my data stored? | On your device + EU (Belgium) cloud servers. AI requests may be processed in the US (anonymized data only). |
| Can I delete everything? | Yes, instantly, from Settings > Delete Account. |