Your privacy matters to us. This Privacy Policy explains how Forge: Workout & Fitness ("Forge," "we," "our," or "us") collects, uses, stores, and protects your information when you use our mobile application. By using Forge, you agree to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: First name, email address, and password when you create an account.
- Profile Data: Fitness goals, experience level, workout preferences, available equipment, and life stage (e.g., prenatal, postnatal) entered during onboarding or profile setup.
- Health & Fitness Data: Workout history, completed exercises, sets, reps, duration, body measurements, and progress photos you choose to upload.
- Menstrual Cycle Data: If you choose to enable cycle-sync features, we collect cycle dates and phase information to personalize your workout recommendations. This data is strictly optional.
- Communications: Messages you send to our support team, feedback, or community posts.
1.2 Information Collected Automatically
- Usage Data: Screens visited, features used, workout sessions started and completed, tap events, and session duration.
- Device Information: Device type, operating system version, app version, unique device identifiers, and language settings.
- Log Data: Crash reports, error logs, and performance data to help us improve the app.
- Push Notification Tokens: If you grant notification permissions, we store your device token to deliver reminders and updates.
1.3 Information from Third Parties
- Sign in with Apple / Google: If you authenticate via Apple or Google, we receive your name and email address from those services.
- Apple HealthKit / Google Health Connect: Only if you explicitly grant permission. We may read steps, active calories, and heart rate to enrich your fitness tracking. We never write data to HealthKit without your permission, and we never share HealthKit data with advertisers or data brokers.
- Payment Processors: Subscription payments are processed by Apple App Store or Google Play. We do not store your payment card information. We receive only confirmation of your subscription status from RevenueCat.
2. How We Use Your Information
We use the information we collect to:
- Provide, personalize, and improve the Forge app and your workout experience.
- Generate your personalized fitness plan based on goals, fitness level, available time, and equipment.
- Track your progress over time and display analytics, streaks, and achievements.
- Send workout reminders, motivational notifications, and important account updates.
- Process your subscription and manage your account.
- Respond to your support requests and feedback.
- Analyze aggregate usage trends to improve features and content.
- Detect and prevent fraud, abuse, or violations of our Terms of Service.
- Comply with applicable legal obligations.
We do not sell your personal data to third parties, and we do not use your data for advertising targeting or share it with data brokers.
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:
3.1 Service Providers
We work with trusted third-party vendors who help us operate Forge. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf:
- RevenueCat — Subscription management and entitlement validation.
- Firebase / Google Analytics for Firebase — Crash reporting and anonymous usage analytics.
- Apple CloudKit / AWS / Google Cloud — Secure cloud storage for your account data and workout history.
3.2 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Forge, our users, or others.
3.3 Business Transfers
If Forge is acquired, merged, or sold, your information may be transferred as part of that transaction. We will notify you via email or in-app notice and this Privacy Policy will continue to apply.
3.4 With Your Consent
We will share your information with third parties only when you have explicitly consented to such sharing.
4. Health Data — Special Protections
Health and fitness data — including menstrual cycle information, body measurements, and HealthKit data — is treated with the highest level of privacy protection. This data is:
- Stored with end-to-end encryption at rest.
- Never shared with advertisers, data brokers, employers, or insurance companies.
- Never used for any purpose other than delivering your personalized experience within Forge.
- Fully deletable at your request at any time (see Section 7).
- Compliant with Apple's HealthKit guidelines — we never share HealthKit data with third parties.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:
- Active accounts: We retain your data for the duration of your account.
- After deletion: When you delete your account, we delete your personal data within 30 days, except where we are required to retain certain information for legal, tax, or fraud-prevention purposes (typically up to 90 days maximum).
- Anonymized analytics: Aggregated, de-identified usage data may be retained indefinitely as it cannot be linked to you.
- Support communications: Retained for up to 2 years to resolve disputes.
6. Data Security
We implement industry-standard security measures to protect your information:
- All data transmitted between your device and our servers is encrypted using TLS 1.3.
- Sensitive data (health information, cycle data) is encrypted at rest using AES-256.
- Access to user data is restricted to authorized personnel on a need-to-know basis.
- We conduct regular security audits and vulnerability assessments.
- Passwords are hashed using bcrypt and are never stored in plaintext.
While we take every reasonable precaution, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication where available.
7. Your Rights & Choices
7.1 Access & Portability
You may request a copy of the personal data we hold about you at any time by contacting us at leonitdev@gmail.com.
7.2 Correction
You can update most of your profile and account information directly within the app under Settings → Profile.
7.3 Deletion (Right to Be Forgotten)
You can delete your account and all associated data at any time via Settings → Profile → Delete Account. This action is irreversible. We will complete deletion within 30 days of your request.
7.4 Withdraw Consent
You may withdraw consent for optional data processing at any time, including:
- Disabling HealthKit/Health Connect integration in your device settings or in Settings → Integrations.
- Turning off cycle-sync data in Settings → Cycle Tracking.
- Revoking push notification permission in your device settings.
7.5 California Residents (CCPA)
California residents have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at leonitdev@gmail.com.
7.6 EEA / UK Residents (GDPR)
If you are located in the European Economic Area or United Kingdom, you have rights under GDPR including access, rectification, erasure, restriction, portability, and the right to object. Our legal basis for processing is your consent and the performance of our contract with you. To exercise any of these rights, contact us at leonitdev@gmail.com.
8. Children's Privacy
Forge is not intended for use by individuals under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at leonitdev@gmail.com and we will delete it promptly.
9. Cookies & Tracking Technologies
Our mobile app does not use browser cookies. We may use:
- App analytics SDKs (e.g., Firebase Analytics) to collect anonymized usage data.
- Crash reporting tools to identify and fix technical issues.
- Attribution SDKs to understand which marketing channels drove installs — this uses only aggregated, privacy-preserving data and complies with Apple's App Tracking Transparency (ATT) framework. We will always ask for your permission before tracking.
10. Third-Party Links & Services
Forge may contain links to third-party websites or services (e.g., our website, social media). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.
11. International Data Transfers
Forge is operated from the United States. If you are accessing the app from outside the US, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards (such as Standard Contractual Clauses for EU transfers) are in place for any international data transfers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send you an in-app notification or email at least 14 days before the changes take effect.
- For significant changes, ask for your renewed consent where required by law.
Your continued use of Forge after changes take effect constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: