Privacy Policy

LiftUr Privacy Policy

Effective Date: July 2025

Last Updated: January 2026

Our Privacy Commitment

LiftUr is built on a foundation of privacy-first design. We believe your fitness data belongs to you—and only you. This privacy policy explains how we handle your information.

The Simple Truth: Your Data Stays On Your Device

LiftUr does not operate any servers. Your workout data, personal records, and fitness progress are stored exclusively on your device, encrypted and secure. We cannot access, view, or retrieve your fitness data.

What This Means:

- No LiftUr servers - Your fitness data never leaves your device

- No analytics (except crash data) - We don't track how you use the app

- No advertising - No third-party ad networks

- No data sales - There's nothing to sell

Important Note: When you sign in with Apple or Google, those providers verify your identity using their servers (see "Authentication Services" below). This is the only external communication the app makes.

Crash Reporting and Diagnostics

We use Firebase Crashlytics, a service provided by Google LLC, to collect crash reports and diagnostic information when the app experiences errors or unexpected behavior. This helps us identify and fix technical issues to improve app stability and performance.

Information Collected:

- Crash logs and error stack traces

- Device information (device model, operating system version, device orientation)

- App state at the time of the crash (e.g., which screen was active)

- Crashlytics Installation UUID (an anonymous identifier specific to the app installation)

- Timestamp of the crash

Information NOT Collected:

- Crash data is not linked to your user account or personal information

- We do not collect your name, email, or other identifying information through crash reports

Purpose:

This information is used solely to diagnose technical problems, fix bugs, and improve the overall stability of the app.

Data Processing:

Crash data is processed by Google LLC under their Firebase terms. For more information, see Google's Privacy Policy at https://policies.google.com/privacy

Data Retention:

Crash data is retained for up to 90 days in Firebase Crashlytics.

What Data LiftUr Stores Locally

LiftUr stores the following information exclusively on your device using encrypted SQLite databases:

Account Data:

- Name and email (provided during sign-in with Apple or Google)

- Date of birth and height (if you choose to enter them)

- Profile preferences and settings

Fitness Data:

- Workout history (exercises, sets, reps, weights, duration)

- Personal records and achievements

- Training plans and cycles

- Body measurements and weight tracking

- Goals and progress tracking

Security Data:

- Optional PIN/biometric authentication credentials (stored in iOS Keychain)

- Encrypted local database password

How This Data is Protected:

- All data is encrypted at rest using industry-standard encryption (AES-256 via SQLCipher)

- Authentication credentials stored in device secure storage (iOS Keychain)

- No cloud synchronization unless you explicitly enable iCloud backup (handled by iOS, not LiftUr)

Authentication Services

To create an account and protect your data, LiftUr uses sign-in services provided by Apple and Google. When you choose to sign in:

Apple Sign-In:

- You control what information to share (you can hide your email using Apple's "Hide My Email" feature)

- Apple's servers verify your identity

- Your name and email (or relay email) are stored locally on your device

- Privacy Policy: https://www.apple.com/privacy

Google Sign-In:

- Your Google account name and email are used for authentication

- Google's servers verify your identity

- Your name and email are stored locally on your device

- Privacy Policy: https://policies.google.com/privacy

What We Receive:

- Your name (or the name you choose to share)

- Your email address (or Apple's relay email if you choose "Hide My Email")

What We Do NOT Receive:

- Your password

- Your contacts

- Your location

- Any other Google or Apple account data

This authentication data is stored locally on your device and is never transmitted to LiftUr servers—we don't have any.

Third-Party Services

Authentication Providers (External):

| Service, Purpose, Data Shared, Privacy Policy

Local Libraries (No External Communication):

LiftUr uses the following open-source libraries that run entirely on your device:

- React Native - Mobile app framework

- OP SQLite with SQLCipher - Encrypted local database

- Notifee - Local push notifications

- bcryptjs & CryptoJS - Encryption libraries

None of these libraries transmit data to external servers.

Device Services:

- Push Notifications: All notifications are generated locally on your device. No remote notification servers are used.

- iCloud Backup: If you enable device backups through iOS settings, your encrypted LiftUr database may be included. This is controlled by your device settings, not LiftUr.

Your Rights & Control

Since your fitness data stays on your device, you have complete control:

Right to Access:

Your data is always accessible within the app. View your complete workout history, measurements, and progress at any time.

Right to Delete:

- Delete individual workouts, exercises, or goals within the app

- Delete your entire account and all data from Settings → Security & Privacy

- Uninstalling the app permanently deletes all data from your device

Right to Export:

Export your fitness data in JSON or CSV format from Settings → Security & Privacy. This allows you to keep a backup or transfer your data to another service.

Right to Portability:

Your data is stored in standard SQLite format on your device. Export features provide your data in open formats (JSON, CSV).

Children's Privacy

LiftUr is designed for users aged 13 and older. We do not knowingly collect information from children under 13. Since fitness data is stored locally and we have no servers, we cannot verify users' ages. Parents and guardians should supervise children's use of fitness applications.

Data Retention

Your data remains on your device until you:

- Manually delete it within the app

- Delete your account

- Uninstall the app

- Factory reset your device

We do not have access to your data, so we cannot retain, delete, or retrieve it on your behalf.

Security

We implement the following security measures:

- Encryption at Rest: All database contents encrypted with AES-256 via SQLCipher

- Secure Authentication: Optional Face ID/Touch ID protection using iOS Keychain

- No Network Transmission: Your fitness data never leaves your device

- Secure Sign-In: Authentication handled by Apple and Google's secure infrastructure

- Open Source Dependencies: We use well-audited, community-vetted libraries

International Users & GDPR/CCPA Compliance

GDPR (European Union):

- Your fitness data is processed locally on your device only

- Authentication data (name, email from Apple/Google) is stored locally, not on external servers

- You have full control to access, export, and delete your data

- No data is transferred to LiftUr servers (we have none)

CCPA (California):

- No personal information is sold or shared with third parties for advertising

- Authentication providers (Apple/Google) are used solely for identity verification

Data Localization:

All fitness data remains on your device in your country/region. Authentication requests go to Apple/Google servers per their standard practices.

Future Updates

If we add features that require server communication (such as cloud sync or social features), we will:

1. Update this privacy policy before launching such features

2. Notify you through an in-app update

3. Request explicit consent before transmitting any data

4. Make such features opt-in, not mandatory

Current status: No LiftUr servers, local data storage only ✓

Changes to This Policy

We may update this privacy policy to reflect changes in the app or legal requirements. When we make changes:

- The "Last Updated" date will be revised

- Significant changes will be communicated through the app

- Continued use of the app constitutes acceptance of the updated policy

If you have questions about this privacy policy:

- Email: support@lifturapp.com

- Website: https://lifturapp.com

Transparency & Trust

Our Philosophy: We built LiftUr this way intentionally. Your fitness journey is personal, and your data should be too. We don't need your data to provide you with an excellent fitness tracking experience.

Verification: You can verify LiftUr's network activity using tools like Charles Proxy or Wireshark. You'll find network requests only to Apple/Google during authentication—no outbound fitness data transmission.