Privacy Policy

Aptlift (“we”, “us”, “our”) is an AI-powered gym coaching service operated in the United Kingdom. We are the data controller for the personal data we collect through this service.

If you have any questions about how we handle your data, you can reach us at privacy@aptlift.com.

We collect the following categories of personal data when you use Aptlift:

• Account data — your email address and authentication credentials, managed via Supabase Auth.
• Profile data — information you provide during onboarding, including your fitness goal, training experience, available equipment, height, weight, and age.
• Health and fitness data — workout logs (exercises, sets, reps, weights), food logs (meals, calories, macronutrients), and body weight entries you record in the app.
• AI conversation data — messages you send to and receive from the AI coach.
• Usage data — basic technical information such as the pages you visit and actions you take within the app, used to maintain and improve the service.

Health and fitness data — including body weight, diet logs, and workout history — may constitute health-related personal data under UK GDPR. We treat this data with the additional protections appropriate to its sensitivity.

We process your personal data on the following legal bases under UK GDPR:

• Contract performance — to provide the coaching service you have signed up for, including generating your workout and diet plans and maintaining your training history.
• Explicit consent — for processing health-related data (body weight, diet, and workout logs). You may withdraw consent at any time by deleting your account.
• Legitimate interests — to operate and improve the service, detect abuse, and maintain security, where these interests are not overridden by your rights.

Your data is used to:

• Generate and personalise your workout and nutrition plans
• Power the AI coaching conversation by providing your profile, history, and goals as context
• Display your progress, history, and trends within the app
• Authenticate your account and keep your data secure
• Respond to support requests and communicate important service changes

We do not use your personal data for advertising, sell it to third parties, or use it to train AI models.

We use the following sub-processors to deliver the service:

• Supabase — used for database storage and user authentication. Your profile, logs, plans, and account credentials are stored on Supabase infrastructure. Supabase is subject to a data processing agreement with us and stores data in the EU/EEA by default. See supabase.com/privacy.
• Anthropic — used to power the AI coaching responses. When you interact with your coach, your message and relevant profile context are sent to Anthropic’s API. Anthropic does not use API inputs to train its models. See anthropic.com/privacy.

No other third parties have access to your personal data.

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain certain records for legal or compliance purposes.

AI conversation logs are retained for the duration of your account to enable the coach to maintain context across sessions.

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data (“right to be forgotten”)
• Portability — receive your data in a structured, machine-readable format
• Restriction — ask us to restrict processing of your data in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email privacy@aptlift.com. We will respond within one calendar month. You may also delete your account directly from the app settings, which will trigger erasure of your data.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Aptlift uses only essential cookies required for authentication and session management (set by Supabase Auth). We do not use advertising, analytics, or tracking cookies. No cookie consent banner is displayed because no non-essential cookies are set.

All data is transmitted over HTTPS. Access to your data within the database is restricted by Row Level Security policies so that each user can only access their own records. We use industry-standard practices to protect your data against unauthorised access, loss, or disclosure.

We may update this policy from time to time. If we make material changes, we will notify you by email or via a notice in the app before the changes take effect. Continued use of Aptlift after any update constitutes acceptance of the revised policy.

For any privacy-related queries, contact us at privacy@aptlift.com.