Privacy Policy

Last updated: March 3, 2026

Overview

Everlift ("we", "us", "our", "the app") is a workout logging application designed to help you track your fitness progress. We are committed to protecting your privacy and being transparent about how your data is handled.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using Everlift, you agree to the collection and use of information in accordance with this policy.

The data controller responsible for your personal data is Everlift. For privacy-related inquiries, contact us at support@everlift.fit.

Information We Collect

Health & Fitness Data

  • Workout logs (exercises, sets, reps, weight, duration, rest times)
  • Body measurements (weight, body fat percentage, measurements)
  • Personal records and progress history
  • Training preferences and goals
  • RPE (Rate of Perceived Exertion) and other training metrics

Under GDPR, workout and body measurement data linked to an identifiable person is classified as "health data" (Article 9 special category data). We process this data only with your explicit consent.

Account Information (Optional)

  • Email address (only if you create an account for cloud sync)
  • Display name and profile preferences

Technical Data

  • Device type, operating system, and app version
  • App usage patterns (which features are used, screen views)
  • Crash reports (error traces, device state at time of crash)

Legal Basis for Processing

Under GDPR, we process your data on the following legal bases:

Health & Fitness Data

Basis: Explicit consent (GDPR Article 9(2)(a))

Purpose: Core app functionality — logging workouts, tracking body measurements, calculating progress and personal records.

Account Data (email, name)

Basis: Contract performance (GDPR Article 6(1)(b))

Purpose: Account creation, authentication, and cloud sync service delivery.

Analytics Data (usage patterns)

Basis: Legitimate interest (GDPR Article 6(1)(f))

Purpose: Understanding which features are used to improve the app. You can opt out at any time in Settings → Privacy.

Crash & Performance Data

Basis: Legitimate interest (GDPR Article 6(1)(f))

Purpose: Identifying and fixing bugs to maintain app stability.

How Your Data Is Stored

Local-First Architecture

All workout data is stored locally on your device using SQLite. The app works entirely offline — no internet connection is required to log workouts or access your history.

Cloud Sync (Optional)

If you create an account and enable cloud sync:

  • Your data is synced to Supabase (PostgreSQL) servers hosted on AWS
  • Data is encrypted in transit using TLS 1.3
  • Data is encrypted at rest using AES-256 encryption
  • You can disable sync at any time in Settings

How We Use Your Data

We use your information to:

  • Provide workout tracking, analytics, and progress visualization
  • Calculate personal records and training metrics
  • Sync data across your devices (if you enable cloud sync)
  • Improve app stability through crash reporting
  • Understand feature usage to improve the app (anonymous analytics)
  • Respond to your support inquiries

What We Do NOT Do

  • We do NOT sell your personal data to anyone
  • We do NOT share your data with advertisers
  • We do NOT use your health data for advertising, marketing, or data mining
  • We do NOT access your contacts, location, camera, or microphone
  • We do NOT use advertising SDKs or tracking pixels
  • We do NOT make automated decisions that produce legal or significant effects based on your data

Third-Party Services

We use the following third-party services to operate the app:

Supabase — Cloud database and authentication (only if you create an account). Supabase is SOC 2 Type 2 compliant and GDPR-ready. Data is hosted on AWS infrastructure in the United States.

PostHog — Product analytics to understand which features are used and improve the app. PostHog receives aggregated usage data (screen views, feature interactions). We do not send personal workout data to PostHog. Only your anonymous user ID is linked — never your email. You can opt out entirely in Settings → Privacy.

Sentry — Crash reporting and error tracking. When the app crashes or encounters an error, Sentry receives device information, app state, and error traces to help us identify and fix bugs. No personal workout data is sent to Sentry.

Apple HealthKit (Future) — If enabled, workout data may be shared with Apple Health. HealthKit data stays on your device and is not uploaded to our servers. You control which data types are shared.

None of these services use your data for advertising. We have data processing agreements with each provider.

Data Retention

Local Data: Stored on your device until you delete it or uninstall the app.

Cloud Data: Retained as long as your account is active. Upon account deletion, all data is permanently removed within 30 days.

Analytics Data (PostHog): Usage events are retained for up to 12 months, then automatically purged.

Crash Data (Sentry): Error reports are retained for up to 90 days for debugging purposes.

Your Rights

Depending on your location, you have the following rights regarding your personal data:

Access — View all data we have about you through the app's export feature (JSON/CSV format).

Correction — Edit your workout data and profile information directly in the app.

Deletion — Delete all local data via Settings → Delete All Data. Delete your cloud account and all associated data via Settings → Delete Account.

Portability — Export your complete workout history in machine-readable formats (JSON, CSV).

Withdraw Consent — Withdraw health data consent or disable cloud sync at any time. Note: withdrawing health data consent means the app can no longer function, as workout tracking requires processing health data.

Restriction — Request that we limit processing of your data while a complaint is being resolved.

Objection — Object to processing based on legitimate interest (analytics and crash reporting). Use the opt-out toggle in Settings → Privacy.

Lodge a Complaint — If you are in the EU, you have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany).

To exercise your rights, contact us at support@everlift.fit. We will respond within one month (GDPR) or 45 days (CCPA).

California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, California residents have specific rights including:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale or sharing of personal information — we do not sell or share your data for cross-context behavioral advertising
  • Right to non-discrimination for exercising your privacy rights
  • Right to limit use of sensitive personal information — your health data is only used for core app functionality, never for advertising or profiling

Categories of personal information collected in the last 12 months:

  • Identifiers (email address, user ID)
  • Health information (workout data, body measurements)
  • Internet/electronic activity (app usage, device info, crash data)
  • Inferences (workout analytics, personal records — computed on your device, not stored separately)

Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing (bcrypt)
  • Row-level security policies on database (users can only access their own data)
  • Regular security assessments

While we take security seriously, no method of electronic transmission is 100% secure. We recommend using a strong, unique password for your account.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you directly via email (if you have an account) or through an in-app notice, as required by GDPR Article 34.

Automated Decision-Making

Everlift does not engage in automated decision-making or profiling that produces legal or similarly significant effects. All analytics features (personal records, training load, progress charts) are informational tools computed on your device to help you track your fitness — they do not affect your access to any services or produce consequences beyond the app.

Children's Privacy

Everlift is not directed at children under 13 years of age (or under 16 in the European Union). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action to delete the information.

International Data Transfers

If you are located outside the United States, please be aware that your data may be transferred to and processed in the United States where our service providers (Supabase, PostHog, Sentry) operate.

For EU/UK users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and UK adequacy decisions to ensure appropriate safeguards for international data transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the app with an updated "Last updated" date.

For material changes, we will notify you through the app or via email (if you have an account). Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at:

Email: support@everlift.fit

We aim to respond to all privacy inquiries within one month.

Terms of Service