Lifter Download

Privacy Policy

Last updated: May 2, 2026

Overview

Lifter is a workout tracking app that uses AI to provide progressive overload recommendations. This policy describes what data we collect, how we use it, and your rights regarding that data. Lifter is operated by Matt McFadyen, a sole proprietor based in Canada.

Data We Collect

  • Account information: email address
  • Profile data: training goal, experience level, equipment preferences, focus areas, days per week, and injury or restriction notes
  • Workout data: exercise sets (weight, reps, RPE), session timestamps, and AI-generated recommendations
  • Session metadata: IP address and user agent (stored with authentication sessions)
  • Analytics events: anonymized usage events (app opens, workout completions, subscription events) using an anonymized user ID — no personally identifiable information
  • Error reports: crash and error data with email, tokens, and session identifiers scrubbed before transmission

How We Use Your Data

  • Authentication: your credentials are used to sign you in via email/password, Sign in with Apple, or Sign in with Google
  • Workout tracking: your exercise data is stored so you can review history and track progress
  • AI recommendations: your workout history, profile data, and injury notes are sent to an AI model to generate progressive overload targets. Injury notes are health-adjacent data — we do not market Lifter as a medical product and make no clinical claims
  • Subscription management: subscription status is managed via RevenueCat and Apple in-app purchase

Third-Party Processors

We do not sell your data. We do not use your data for advertising. Data is shared only with the processors below, limited to what is necessary for each service.

  • Anthropic: workout history and profile data (including any injury notes) are sent to Anthropic's Claude API to generate exercise recommendations. Anthropic does not use API data for model training per their commercial terms of service (verified April 2026).
  • Turso: all application data is stored in a Turso (libSQL) database hosted on AWS us-east-1.
  • Cloudflare: the API is hosted on Cloudflare Workers. Cloudflare processes request metadata (IP, headers) per their privacy policy.
  • Apple: subscription billing and Sign in with Apple authentication. Apple's privacy policy applies to payment and authentication data.
  • Google: Sign in with Google authentication, if used.
  • RevenueCat: subscription entitlement management. RevenueCat receives your anonymized user ID and subscription state.
  • Sentry: crash and error reporting. Events are scrubbed of PII (email, tokens, session identifiers) before transmission.
  • PostHog: product analytics. Events use an anonymized user ID — no name or email is transmitted. Session replay is enabled for onboarding flows only; it records screen interactions (taps, navigation) but not keyboard input.
  • Resend: transactional email delivery (password reset, account notifications).

Data Retention

  • Account and workout data: retained for the lifetime of your account
  • AI request and response logs: 30 days
  • Analytics events: 12 months (PostHog default)
  • Error logs: 30 days
  • On account deletion, all personal data is immediately and permanently removed from our systems

Account Deletion

You can delete your account from the Account screen in the Lifter app. This action is permanent and cannot be undone. All associated data — workout history, exercise sets, profile information, and authentication records — is immediately removed.

Your Rights

You may request a copy of your data or ask us to delete it by contacting support. Canadian users have rights under PIPEDA, including the right to access personal information we hold about you and to request corrections. The primary mechanism for deletion is the in-app account deletion flow.

Contact

For questions about this privacy policy or your data, contact us at support@getlifter.app.