Effective April 22, 2026

Privacy
Policy

ReadyLift Performance ("we," "us," or "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal information.

database 1. Data We Collect

person

Account Data

  • circle Email address
  • circle Authentication credentials (password hashed; never stored in plaintext)
  • circle Account creation date
fitness_center

Fitness Data

  • circle Onboarding preferences (training experience, goals, available days)
  • circle Workout logs (exercises, sets, reps, weight)
  • circle Manual recovery entries (sleep quality, soreness, energy, stress)
monitor_heart

Biometric Data

  • circle Oura Ring readiness score
  • circle Sleep score
  • circle Heart rate variability (HRV)
  • circle Resting heart rate
  • circle Oura OAuth tokens (encrypted)

settings 2. How We Use Your Data

We use your data solely to provide and improve the ReadyLift service:

  • 01 Generate personalized workout recommendations based on your recovery status, training history, and preferences
  • 02 Track your training progress including volume, frequency, and recovery trends
  • 03 Authenticate your account and manage your subscription status
  • 04 Send transactional communications (password resets, account notifications)
  • 05 Diagnose technical issues and improve app reliability
block

We Do Not Sell Your Data

We will never sell, rent, or trade your personal information, biometric data, or fitness data to third parties for advertising, marketing, or any other purpose.

share 4. Third-Party Services

We share data with the following categories of third-party services only as necessary to operate ReadyLift. We do not share data for advertising purposes.

Oura

Purpose: Biometric data integration (sleep, readiness, HRV, heart rate)

Data Shared: OAuth tokens for API access. We read your Oura data; we do not write or modify your Oura data. Connection is initiated by you and can be revoked at any time.

Google Play

Purpose: App distribution and payment processing

Data Shared: Purchase and subscription data is managed by Google Play. We receive subscription status confirmations but do not have access to your payment card details.

Cloud Infrastructure Providers

Purpose: Secure data storage, user authentication, and backend services

Data Shared: User data is stored on secure cloud infrastructure with row-level security policies. Data is encrypted in transit via HTTPS and at rest.

Subscription Management Providers

Purpose: Subscription verification and entitlement management

Data Shared: Anonymous user identifiers and subscription status. These providers do not receive your email, fitness data, or biometric data.

5. Data Retention

Active Accounts: We retain your data for as long as your account is active and you continue to use the App.

Account Deletion: When you delete your account, we will remove your personal data within 30 days. Some anonymized, aggregated data may be retained for service improvement.

Legal Obligations: We may retain certain data longer if required by law, regulation, or legal process.

Oura Tokens: OAuth refresh tokens are deleted immediately upon account deletion or when you disconnect your Oura integration.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • check_circle Access: Request a copy of the personal data we hold about you
  • check_circle Deletion: Delete your account and all associated data via Settings in the App, or by contacting us
  • check_circle Correction: Update inaccurate personal data through your profile settings
  • check_circle Portability: Request your data in a portable format
  • check_circle Revoke Consent: Disconnect third-party integrations (e.g., Oura) at any time

To exercise any of these rights, contact us at readyliftai@outlook.com.

lock 7. Data Security

We implement reasonable security measures to protect your data:

  • shield Encryption in Transit: All data transmitted between the App and our servers uses HTTPS/TLS encryption
  • shield Row-Level Security: Supabase RLS policies ensure users can only access their own data
  • shield Hashed Passwords: User passwords are hashed using industry-standard algorithms and are never stored in plaintext
  • shield Secure Token Storage: OAuth tokens are stored securely and transmitted only to authorized endpoints

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

ReadyLift is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.

If we discover that we have collected data from a child under 13 without parental consent, we will delete that data promptly.

If you believe a child under 13 has provided us with personal data, please contact us at readyliftai@outlook.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email.

The "Effective" date at the top of this page indicates when the policy was last revised. Continued use of the App after changes constitutes acceptance of the updated policy.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it is used
  • Right to request deletion of your personal information
  • Right to opt out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

Privacy Questions?

Have questions about your data or this policy? Reach out to us.

readyliftai@outlook.com arrow_forward