ForgeFlex

Effective: [DATE — set on first publication]

Privacy Policy

Last updated: [Update on each material change]

ForgeFlex (“we”, “us”, “our”) builds a fitness tracking, progressive overload, and recovery app available on iOS and Android. This policy describes what data we collect when you use ForgeFlex, why we collect it, how we store it, who we share it with, and the rights you have over your data.

1. What we collect

1.1 Account data

When you create an account, we collect your email address and the name you choose to display. We use Supabase Auth for authentication. We do not store your password directly — Supabase stores a salted hash.

1.2 Health and fitness data you log

ForgeFlex stores the workout, mobility, and recovery data you log inside the app: workout sessions, exercise sets (weight, reps, RPE, tempo), rest timers, personal records, recovery check-ins (sleep, soreness, energy, stress on 1–5 scales, plus optional pain areas on a body map), mobility flow completions, and program enrollment state.

We do not integrate with Apple Health, Google Fit, or any other health platform in v1.0. If we add such integration in a future version, this policy will be updated and you will be re-prompted for consent before any health-platform read or write occurs.

1.3 Profile and preference data

During onboarding, we ask about your age range, sex, height, weight, training experience, training goal, available equipment, workout frequency, injury history, and unit preferences. This information is used to personalize your program recommendations. You may update or remove these fields at any time in Settings.

1.4 Subscription and payment data

Payments are processed by Apple (App Store) or Google (Play Store). We do not receive or store your credit card information. We receive subscription state — active, in_trial, in_grace_period, cancelled, expired — from RevenueCat, which receives it from Apple/Google.

1.5 Analytics data

We use PostHog for product analytics. PostHog collects:

  • Anonymous device identifiers (auto-generated when you first open the app)
  • Your user ID (after sign-in, so analytics can be associated with your account)
  • App events: which screens you visit, which buttons you tap, when you complete workouts, when you view the paywall, when you upgrade
  • Device information: model, OS version, app version, locale, timezone

Analytics events are documented in our Terms of Service. We do not sell analytics data and we do not share it with third-party advertisers. You can request deletion of all analytics data associated with your account by emailing privacy@forgeflex.app.

1.6 Crash and error reports

We use Sentry to capture app crashes and JavaScript errors. Sentry collects:

  • Stack traces and the variable state at the time of the error
  • Your user ID (so we can correlate the error with the context that caused it)
  • Device and app metadata (model, OS, app version)
  • The screen and action you were on when the error occurred

Sentry data is used solely to diagnose and fix bugs. It is not used for analytics, advertising, or any other purpose.

2. Why we collect it

Your data is used to:

  • Provide the core product — track workouts, calculate progressive overload, recommend programs, render your dashboard
  • Personalize content — your program recommendations, mobility flows, recovery suggestions are tailored to your profile and history
  • Improve the product — anonymous and aggregated analytics tell us which features work, which screens cause confusion, and where users drop off
  • Diagnose problems — Sentry error reports help us fix bugs
  • Process payments — for subscription tier verification, refunds, and grandfathering existing subscribers
  • Communicate with you — transactional emails about your account, subscription, or critical service updates (we do not send marketing emails unless you opt in)

3. Who we share it with

We do not sell your data. We share it only with the following subprocessors, who are bound by their own privacy commitments:

  • Supabase (database, authentication, storage) — privacy policy at https://supabase.com/privacy
  • PostHog (analytics) — privacy policy at https://posthog.com/privacy
  • Sentry (error reporting) — privacy policy at https://sentry.io/privacy
  • RevenueCat (subscription management) — privacy policy at https://www.revenuecat.com/privacy
  • Apple (App Store payments and receipt validation)
  • Google (Play Store payments, where applicable)

4. How long we keep it

We retain your workout, mobility, and recovery data for as long as your account is active. If you delete your account, all personal data (including workout history) is purged within 30 days, except:

  • Subscription and payment records (kept for the duration legally required for accounting and tax compliance — typically 7 years)
  • Anonymized analytics events (the user-identifier is removed; the event itself remains for product analytics)

5. Your rights

  • Access — request a copy of all data we hold about you
  • Correction — request that we correct inaccurate data
  • Deletion — request that we delete your account and all associated personal data
  • Portability — request your data in a machine-readable format
  • Opt-out of analytics — disable PostHog analytics in Settings

To exercise any of these rights, email privacy@forgeflex.app. We will respond within 30 days.

6. Children

ForgeFlex is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child under 13, please contact privacy@forgeflex.app and we will delete it.

7. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app and the “Effective” date above will be updated. Your continued use of ForgeFlex after a policy change constitutes acceptance of the new policy.

8. Contact

Questions about this policy can be sent to privacy@forgeflex.app.