Privacy Policy
This policy explains what information MYOLFT ("we", "us") collects when you use the MYOLFT mobile app or visit myolft.com, and what we do with it. MYOLFT is operated from Romania, in the European Union. For data-protection purposes, the operator of MYOLFT is the data controller. You can reach us anytime at hello@myolft.com. Our Terms of Service also apply when you use the app.
What we collect in the app
- Account data. Your name, your email address, and a password if you sign up with one (passwords are handled by our authentication provider, Supabase — we never see them). If you sign in with Google or Apple, we receive the identifier, email, and name those services share for sign-in.
- Training data you log. Workouts, exercises, sets, reps, weights, effort ratings (RIR/RPE), personal records, training plans, scheduled sessions, and readiness check-ins.
- Body data you choose to enter. Body weight, body measurements, and any joint or movement restrictions you record. This is health-related data: you provide it voluntarily, we process it with your explicit consent, and we use it only to run the app's features for you (for example, adjusting your training plan). You can use MYOLFT without entering it.
- Preferences. Units, theme, rest-timer defaults, and similar settings.
- Subscription status. Whether you have an active MYOLFT PRO subscription, managed through RevenueCat. Payment itself is processed by Apple or Google — we never receive your card details.
- Diagnostics. In production builds we use Google Firebase for usage analytics and crash reports, linked to your account identifier so we can diagnose problems that affect your account. Analytics covers how the app is used (for example that a workout was started or completed, with its name and summary counts), plus your experience level, unit preference, and technical details such as device model and OS version. Analytics never includes the individual sets, weights, or body data you log.
- Security checks. When you sign up, sign in, or perform a sensitive account action (such as resetting your password or deleting your account), Cloudflare Turnstile runs a bot-protection check. That check processes technical signals from your device (such as your IP address and browser characteristics) directly with Cloudflare; we only receive the pass/fail result.
What we collect on the website
The email address you submit if you join the waitlist. We use it to tell you about the launch and related updates, nothing else. The waitlist form is protected by the same Cloudflare Turnstile bot check described above. We also use Cloudflare Web Analytics to count page views: it is cookieless, does not identify individual visitors, and does not track you across sites. The website sets no third-party advertising or tracking cookies.
What we never do
- We show no ads.
- We never sell or rent your personal data.
- We use no third-party advertising trackers.
Why we process your data
- To provide the service (contract): account, training data, preferences, subscription status, and syncing your data across devices.
- With your consent: body and health-related data you choose to enter, and waitlist emails. You can withdraw consent at any time by deleting the data or your account, or by emailing us.
- Legitimate interests: keeping the service secure (including the bot-protection checks), fixing crashes and bugs (diagnostics), and understanding aggregate website traffic.
- Legal obligations, where applicable.
Who processes your data for us
We use a small number of service providers ("processors") to run MYOLFT:
- Supabase — database, authentication, and sync.
- RevenueCat — subscription management.
- Google Firebase — analytics and crash reporting (production builds only).
- Apple App Store / Google Play — app distribution and payment processing.
- Resend — transactional email (account verification, password reset).
- Cloudflare — website hosting, cookieless site analytics, and the Turnstile bot-protection checks in the app and on the website.
Some of these providers process data outside the European Economic Area (mainly in the United States). Where that happens, transfers are protected by recognised safeguards such as the EU Standard Contractual Clauses.
How long we keep it
Your account and training data are kept while your account is active and deleted when you delete your account. Crash and analytics data is retained per Firebase's standard retention periods. Waitlist emails are kept until launch and a reasonable period afterward, or until you ask us to remove yours.
Delete your account
You can permanently delete your account and all data tied to it — training history, body data, preferences, everything on our servers — at any time:
- In the app: Profile → Delete account, and confirm.
- By email: write to hello@myolft.com from the email address on your account.
Note: deleting your account does not cancel an active subscription — subscriptions are managed by Apple or Google, so also cancel it in your App Store or Google Play settings.
Your rights
Under the GDPR you can ask us to access, correct, delete, or restrict the personal data we hold about you, object to processing, withdraw consent, and receive a portable copy of your data (the app also has a built-in export: Profile → Export data, as CSV or JSON). To exercise any right, email hello@myolft.com. You also have the right to complain to your data-protection authority — in Romania, the ANSPDCP (dataprotection.ro), or the authority in your own EU country.
Children
MYOLFT is for users aged 16 and over. We do not knowingly collect data from anyone under 16; if you believe we have, contact us and we will delete it.
Changes to this policy
If we change this policy, we will update the date at the top, and for material changes we will tell you in the app or by email.
Contact
Questions about this policy or your data? Reach us at hello@myolft.com.