Privacy Policy

This Privacy Policy explains how ForgeLifting ("we", "us", or "our") collects, uses, and protects your personal information when you use the ForgeLifting web application available at forgelifting.app (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Who We Are

ForgeLifting is operated as a sole trader in the United Kingdom. ForgeLifting is registered with the Information Commissioner's Office (ICO) under registration number ZC139194.

If you have any questions about this Privacy Policy, you can contact us at hello@forgelifting.app.

2. Information We Collect

We collect the following categories of information:

• Account information: Email address when you create an account (optional — the app works without an account).
• Workout data: Exercises, sets, weights, reps, and session dates that you log in the app.
• Body measurements: Bodyweight, arm, waist, and chest measurements you choose to enter.
• Profile preferences: Unit preference (kg/lbs), active program, effort scale setting, and display settings.
• Strava connection: If you connect Strava, we store access and refresh tokens to post activities on your behalf.
• Payment information: If you subscribe to Pro, payment is handled by Stripe. We do not store card details.
• Usage data: Anonymous analytics via PostHog (page views, feature usage) to help us improve the app.

3. How We Use Your Information

• To provide and maintain the Service.
• To sync your workout data across devices (if you create an account).
• To post workout activities to Strava (only if you have connected Strava).
• To process subscription payments via Stripe.
• To send account-related emails (e.g. password reset, subscription receipts).
• To analyse anonymous usage patterns to improve the app.

4. Local-First Data Storage

All workout data is stored locally on your device first using IndexedDB (via Dexie.js). If you create an account, data is synced to our Supabase-hosted database in the European Union. If you use the app without an account, your data never leaves your device.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Supabase: Database and authentication hosting (EU region).
• Stripe: Payment processing.
• Strava: Only if you explicitly connect Strava and choose to post an activity.
• PostHog: Anonymous analytics (no personally identifying information).
• Google AdSense: Advertising on free-tier screens (not shown to Pro subscribers). Google may use cookies to personalise ads.

6. Cookies

We use minimal cookies required to keep you logged in. If you are on the free tier, Google AdSense may set advertising cookies. You can manage cookie preferences in your browser settings.

7. Your Rights (UK GDPR)

As a UK-based service, we comply with UK GDPR. You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to processing of your data.
• Data portability — receive your data in a machine-readable format.
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint if you are unhappy with how we have handled your data.

To exercise any of these rights, email us at hello@forgelifting.app. We will respond within 30 days.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days. Local data on your device is deleted when you clear your browser storage.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us personal information, please contact us immediately.

10. Security

We implement appropriate technical and organisational measures to protect your data including encrypted connections (HTTPS), token-based authentication, and row-level security on our database. However, no method of internet transmission is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact

For any questions about this Privacy Policy or your personal data, contact us at: hello@forgelifting.app

ForgeLifting is registered with the Information Commissioner's Office (ICO) under registration number ZC139194. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.