Privacy Policy

Last Updated: November 12, 2024

Effective Date: November 12, 2024

1. Introduction

Welcome to Liftzr ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application Liftzr (the "App") and our website liftzr.com (the "Website," collectively with the App, the "Services").

We are committed to protecting your privacy and complying with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Lei Geral de Proteção de Dados (LGPD), Personal Information Protection and Electronic Documents Act (PIPEDA), UK Data Protection Act 2018, Australian Privacy Act 1988, New Zealand Privacy Act 2020, Personal Data Protection Act (Singapore), Act on the Protection of Personal Information (Japan), Personal Information Protection Law (China), Information Technology Act 2000 (India), Federal Law on Personal Data Protection (Mexico), Protection of Personal Information Act (South Africa), and other applicable privacy regulations worldwide.

Data Controller Information:

Michel Fernando Rodrigues Flores (Autónomo/Self-Employed)

For questions about this Privacy Policy, please contact:

Email: michel@liftzr.com

Address: Calle Maestro Chapí 3, 29002 Málaga, Spain

2. Age Restrictions

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. In jurisdictions where the age of consent for data processing is higher than 13, users must meet the minimum age requirement or have parental consent.

If you are a parent or guardian and believe we have collected information from your child without consent, please contact us immediately at michel@liftzr.com.

3. Information We Collect

3.1 Information You Provide

Account Information (Cloud Sync Users Only):

  • Email address (required for authentication)
  • Name (OPTIONAL - only if provided through Google/Apple Sign-in, not required for email/password accounts)
  • Authentication tokens for secure access

Privacy Note: You can create an account using only email and password without providing your name for maximum privacy.

Workout Data:

  • Exercise names, sets, repetitions, weights
  • Workout duration and timestamps
  • Personal records and achievements
  • Custom workout routines and templates
  • Notes and comments on workouts

Purchase Information:

  • Purchase status (managed through Apple App Store)
  • Yearly or monthly subscription validation
  • Free trial status
  • Note: We do not process payment information directly; all payments are handled by Apple

3.2 Information Collected Automatically

Anonymous Analytics Data:

We use PostHog for privacy-first analytics with the following characteristics:

  • Persistent anonymous UUID (cannot be linked to personal identity)
  • No IP address or location tracking (GeoIP disabled)
  • No device identifiers
  • App version and operating system version
  • Feature usage patterns (which features are used, not who uses them)
  • Workout metrics (duration, exercise count, anonymized)
  • Performance metrics (load times, sync durations)
  • Error tracking (crashes, sync failures)

3.3 Information We Do NOT Collect

  • Location data or GPS information
  • Health data from Apple Health or Google Fit
  • Contacts or address book
  • Photos or media (except workout photos you explicitly choose to add)
  • Biometric data
  • Financial information (handled by Apple)

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: To provide cloud sync services and premium features
  • Legitimate Interests: To improve our app and provide customer support
  • Consent: For optional features like marketing communications
  • Legal Obligations: To comply with applicable laws

5. How We Use Your Information

Service Provision:

  • Enable cloud synchronization of workout data across devices
  • Authenticate users for cloud services
  • Restore workout data from backups
  • Provide customer support

Service Improvement:

  • Analyze anonymous usage patterns to improve features
  • Fix bugs and technical issues
  • Develop new features based on usage trends
  • Optimize app performance

Legal and Safety:

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraudulent or illegal activity
  • Protect the rights and safety of our users

Marketing Communications (With Your Consent):

If you have opted in to receive marketing communications, we may send you:

  • App updates and new feature announcements
  • Special offers and discount codes for premium features
  • Fitness tips and workout suggestions
  • Survey invitations to improve our services
  • Important service updates and maintenance notices

Note: Service-related emails (account verification, purchase confirmations, critical security updates) are not considered marketing and will be sent regardless of marketing preferences as they are necessary for providing our services.

Unsubscribe: You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us at michel@liftzr.com.

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

Service Providers:

  • Supabase (AWS us-east-1): Cloud database for workout data synchronization
  • PostHog (EU servers): Anonymous analytics and error tracking
  • Apple: Payment processing and app distribution

Legal Requirements:

We may disclose information if required by law, court order, or government request.

Business Transfers:

In the event of a merger, acquisition, or sale of assets, user information may be transferred with appropriate privacy protections.

With Your Consent:

We may share information with your explicit consent or at your direction.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for stored data
  • Secure authentication systems
  • Regular security audits
  • Limited access to personal data (need-to-know basis)
  • Secure cloud infrastructure (AWS)

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Privacy Rights

8.1 Rights under GDPR (European Economic Area)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit processing of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Automated Decision-Making: Not be subject to solely automated decisions

8.2 Rights under CCPA/CPRA (California)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination
  • Right to correct inaccurate information
  • Right to limit use of sensitive personal information

8.3 Rights under LGPD (Brazil)

  • Confirmation of data processing
  • Access to data
  • Correction of incomplete or outdated data
  • Anonymization, blocking, or deletion
  • Data portability
  • Information about sharing with third parties
  • Withdrawal of consent

8.4 Rights under PIPEDA (Canada)

  • Access your personal information
  • Challenge accuracy and completeness
  • Withdraw consent (with legal limitations)
  • File a complaint with the Privacy Commissioner

To exercise any of these rights, please contact us at michel@liftzr.com. We will respond to your request within the timeframe required by applicable law (typically 30 days).

9. Data Retention

We retain your information only as long as necessary to provide services and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active
  • Workout Data: Retained while you use the app, deleted upon account deletion
  • Analytics Data: Anonymous data may be retained indefinitely for service improvement
  • Legal Compliance: Data may be retained as required by law

You can request deletion of your account and associated data at any time by contacting us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own:

  • Supabase servers: AWS us-east-1 (United States)
  • PostHog: EU servers (GDPR compliant)

For transfers from the EEA to the United States, we rely on Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.

11. Cookies and Tracking

Mobile App: The Liftzr mobile app does not use cookies.

Website: Our website uses minimal, necessary cookies for:

  • Session management
  • Security purposes

Analytics Note: We collect completely anonymous analytics data to improve the app. As this data cannot identify you and complies with GDPR Article 26 (anonymous data is not personal data), no opt-out is required or provided. This helps us maintain and improve the service quality.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date
  • For material changes, we will notify you via email or app notification
  • Your continued use constitutes acceptance of the updated policy

14. Contact Information

For privacy-related questions or to exercise your rights, please contact:

Data Controller: Michel Fernando Rodrigues Flores

Email: michel@liftzr.com

Address: Calle Maestro Chapí 3, 29002 Málaga, Spain

Response time: We aim to respond to all privacy requests within 30 days or as required by applicable law.

15. Jurisdiction-Specific Provisions

European Union and Spain

As a Spanish autónomo (self-employed individual) operating within the EU, we comply with GDPR and Spanish data protection laws (LOPDGDD). You may file complaints with the Agencia Española de Protección de Datos (AEPD) at aepd.es.

United States - State-Specific Rights

California Residents

See Section 8.2 for your rights under CCPA/CPRA. We do not sell personal information or share it for cross-context behavioral advertising.

Virginia, Colorado, Connecticut, Utah Residents

Residents of these states have similar rights to those described under CCPA. Please contact us to exercise your rights.

Australian Residents

This Privacy Policy complies with the Australian Privacy Principles. You may complain to the Office of the Australian Information Commissioner if you believe we have breached these principles.

UK Residents

UK residents have rights similar to those under GDPR as incorporated into UK law. You may lodge complaints with the Information Commissioner's Office (ICO).

Japanese Residents

We comply with the Act on the Protection of Personal Information (APPI). You have the right to request disclosure, correction, suspension of use, and deletion of your personal information.

Singapore Residents

We comply with the Personal Data Protection Act (PDPA). You have rights to access and correct your personal data, and may withdraw consent for data collection.

Indian Residents

We comply with applicable Indian data protection laws. You have the right to access, correct, and request deletion of your personal information.

Mexican Residents

We comply with the Federal Law on Protection of Personal Data (LFPDPPP). You have ARCO rights (Access, Rectification, Cancellation, and Opposition) regarding your personal data.

South African Residents

We comply with the Protection of Personal Information Act (POPIA). You have the right to object to processing, request correction or deletion, and lodge complaints with the Information Regulator.

New Zealand Residents

We comply with the Privacy Act 2020. You have rights to access and correct your personal information, and may complain to the Office of the Privacy Commissioner.