Effective June 28, 2026
Privacy
Policy
ReadyLift Performance ("we," "us," or "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal information.
database 1. Data We Collect
Account Data
- circle Email address
- circle Authentication credentials (password hashed; never stored in plaintext)
- circle Account creation date
Fitness Data
- circle Onboarding preferences (training experience, goals, available days)
- circle Workout logs (exercises, sets, reps, weight)
- circle Manual recovery entries (sleep quality, soreness, energy, stress)
Biometric Data
- circle Oura Ring readiness score
- circle Sleep score
- circle Heart rate variability (HRV)
- circle Resting heart rate
- circle Heart rate (used to derive resting heart rate)
- circle Oura OAuth tokens (encrypted)
settings 2. How We Use Your Data
We use your data solely to provide and improve the ReadyLift service:
- 01 Generate personalized workout recommendations based on your recovery status, training history, and preferences
- 02 Track your training progress including volume, frequency, and recovery trends
- 03 Authenticate your account and manage your subscription status
- 04 Send transactional communications (password resets, account notifications)
- 05 Diagnose technical issues and improve app reliability
We Do Not Sell Your Data
We will never sell, rent, or trade your personal information, biometric data, or fitness data to third parties for advertising, marketing, or any other purpose.
share 4. Third-Party Services
We share data with the following categories of third-party services only as necessary to operate ReadyLift. We do not share data for advertising purposes.
Oura
Purpose: Biometric data integration (sleep, readiness, HRV, heart rate)
Data Shared: OAuth tokens for API access. We read your Oura data; we do not write or modify your Oura data. Connection is initiated by you and can be revoked at any time.
Apple App Store & Google Play
Purpose: App distribution and payment processing
Data Shared: Purchase and subscription data is managed by Apple or Google Play. We receive subscription status confirmations but do not have access to your payment card details.
Cloud Infrastructure Providers
Purpose: Secure data storage, user authentication, and backend services
Data Shared: User data is stored on secure cloud infrastructure with row-level security policies. Data is encrypted in transit via HTTPS and at rest.
Subscription Management Providers
Purpose: Subscription verification and entitlement management
Data Shared: Anonymous user identifiers and subscription status. These providers do not receive your email, fitness data, or biometric data.
Analytics (PostHog)
Purpose: Product analytics to understand how features are used and improve the App
Data Shared: Anonymous usage events, device type, OS version, and app version. No fitness data, biometric data, or personally identifiable information is sent to PostHog.
Error Tracking (Sentry)
Purpose: Crash reporting and error diagnostics to maintain app reliability
Data Shared: Anonymized crash reports, stack traces, device model, and OS version. Sentry does not receive your fitness data, biometric data, or login credentials.
5. Data Retention
Active Accounts: We retain your data for as long as your account is active and you continue to use the App.
Account Deletion: When you delete your account, all your personal data — including workout logs, recovery metrics, biometric data, Oura tokens, and profile information — is permanently deleted from our systems immediately. No personal data is retained after deletion.
Legal Obligations: We may retain certain data longer if required by law, regulation, or legal process.
Oura Tokens: OAuth refresh tokens are deleted immediately upon account deletion or when you disconnect your Oura integration.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- check_circle Access: Request a copy of the personal data we hold about you
- check_circle Deletion: Delete your account and all associated data via Settings in the App, or by contacting us
- check_circle Correction: Update inaccurate personal data through your profile settings
- check_circle Portability: Request your data in a portable format
- check_circle Revoke Consent: Disconnect third-party integrations (e.g., Oura) at any time
To exercise any of these rights, contact us at readyliftai@outlook.com.
lock 7. Data Security
We implement reasonable security measures to protect your data:
- shield Encryption in Transit: All data transmitted between the App and our servers uses HTTPS/TLS encryption
- shield Row-Level Security: Supabase RLS policies ensure users can only access their own data
- shield Hashed Passwords: User passwords are hashed using industry-standard algorithms and are never stored in plaintext
- shield Secure Token Storage: OAuth tokens are stored securely and transmitted only to authorized endpoints
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Children's Privacy
ReadyLift is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.
If we discover that we have collected data from a child under 13 without parental consent, we will delete that data promptly.
If you believe a child under 13 has provided us with personal data, please contact us at readyliftai@outlook.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email.
The "Effective" date at the top of this page indicates when the policy was last revised. Continued use of the App after changes constitutes acceptance of the updated policy.
10. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect and how it is used
- Right to request deletion of your personal information
- Right to opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
public 11. EU & UK Residents (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data. In addition to the rights listed in Section 6, you have the following rights and protections:
Legal Basis for Processing
- circle Consent: You provide explicit consent when connecting your Oura Ring, enabling Health integrations, or creating your account
- circle Contract Performance: Processing necessary to provide the ReadyLift service you subscribed to (workout recommendations, progress tracking)
- circle Legitimate Interest: App diagnostics, security monitoring, and service improvement
Your Additional Rights
- check_circle Right to Restrict Processing: Request that we limit how we use your data
- check_circle Right to Object: Object to processing based on legitimate interest
- check_circle Right to Lodge a Complaint: You may file a complaint with your local data protection authority (supervisory authority)
- check_circle Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
International Data Transfers
Your data is stored on cloud infrastructure that may be located outside the EEA/UK, including in the United States. Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to ensure your data receives an adequate level of protection.
Special Category Data (Biometric & Health Data)
Under GDPR Article 9, biometric data (HRV, heart rate) and health-related data (sleep scores, recovery metrics) are classified as special category data. We process this data solely on the basis of your explicit consent, which you provide when you connect your Oura Ring, enable Apple Health or Health Connect, or manually enter recovery data. You may withdraw this consent at any time by disconnecting integrations in Settings or deleting your account.
fingerprint 12. Biometric Data (US State Laws)
Certain US states, including Illinois (BIPA), Texas (CUBI), and Washington, have laws governing the collection and use of biometric data. ReadyLift collects biometric data — including heart rate, heart rate variability (HRV), and resting heart rate — from your Oura Ring, Apple Health, Health Connect, or manual entry.
- check_circle Purpose: Biometric data is collected solely to compute your daily readiness score and generate personalized workout recommendations
- check_circle Retention: Biometric data is retained only while your account is active. Upon account deletion, all biometric data is permanently destroyed immediately
- check_circle No Sale or Disclosure: We do not sell, lease, trade, or otherwise profit from your biometric data. We do not disclose biometric data to third parties except as required by law
- check_circle Consent: By connecting a wearable device or manually entering biometric data, you consent to its collection and use as described in this policy. You may withdraw consent at any time by disconnecting integrations or deleting your account
notification_important 13. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law (including GDPR Article 33 and US state breach notification statutes). Notification will include the nature of the breach, the data affected, and steps you can take to protect yourself.
ecg_heart 14. Health Connect & Apple Health
ReadyLift can read health and fitness data from Android Health Connect and Apple Health, but only after you explicitly grant permission on your device. This integration is optional and read-only — ReadyLift never writes, modifies, or deletes any data in Health Connect or Apple Health.
Data Types We Read
- circle Heart Rate Variability (RMSSD on Health Connect, SDNN on Apple Health)
- circle Resting Heart Rate
- circle Heart Rate — continuous samples, read only to derive a resting heart rate when a resting-heart-rate value is not directly available from your device
- circle Sleep (sleep sessions / sleep duration)
How we use it: This data is used solely to calculate your daily recovery and readiness score and to generate your personalized workout recommendations. Raw samples are read on your device; only the resulting daily recovery metrics (heart rate variability, resting heart rate, sleep duration, and the derived readiness score) are stored in your account to power your trends and recommendations.
Sharing: We do not sell or share data obtained from Health Connect or Apple Health with any third party, and we never use it for advertising. It is not transferred to data brokers, advertising networks, analytics providers, or error-tracking providers.
Your control: You can grant or revoke these permissions at any time in the Android Health Connect app or the iOS Health app, or by disconnecting the integration in ReadyLift Settings. Revoking access stops further reads immediately. Deleting your account permanently removes the recovery metrics derived from this data.
Our use of Android Health Connect data adheres to the Google Play Health Apps requirements and Health Connect Permissions policy, and our use of Apple Health data adheres to Apple's HealthKit guidelines.
Privacy Questions?
Have questions about your data or this policy? Reach out to us.