Privacy Policy

Account information. When you register, we collect your email address and a password (stored as a salted hash — we never see your plain-text password).

Workout data. Exercises, sets, reps, weights, session timestamps, personal records, and plan details you log in the app.

Usage data. Streak counts, XP totals, level history, and in-app navigation events used to improve the product. We do not sell this data.

Waitlist email. If you join the waitlist on our website, we collect only your email address to notify you at launch. No further data is collected at that stage.

Device and log data. Basic device information (OS version, app version, crash logs) collected automatically to diagnose issues. No advertising identifiers are collected.

We use the information we collect to:

• Provide, maintain, and improve the SweatStreak app and website.
• Calculate your streaks, XP, levels, and personal records on-device and sync them to your account.
• Send you a single launch notification email if you joined the waitlist (you can unsubscribe at any time).
• Send transactional emails (password reset, account security notices) — no marketing without explicit consent.
• Diagnose crashes and fix bugs using aggregated, anonymised crash reports.

We do not use your workout data for advertising purposes.

Your data is stored on servers located in the European Union. We use industry-standard encryption in transit (TLS 1.2+) and at rest. Access tokens expire after 15 minutes; refresh tokens expire after 7 days and are rotated on every use.

Passwords are hashed with bcrypt before storage. We never store plain-text credentials.

While we take reasonable precautions, no system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@sweatstreak.app.

We do not sell your personal data. We share information only in these limited cases:

• Service providers. Named third-party processors listed below, each bound by a data processing agreement.
• Legal requirements. If required by law, court order, or to protect the rights and safety of users.
• Business transfer. In the event of a merger or acquisition, your data would transfer to the new entity subject to this policy.

Shared workout cards and stories you choose to export and post on social media are shared at your discretion. We have no control over third-party platforms once content leaves the app.

We use the following sub-processors. Each receives only the minimum data required for its stated purpose.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and associated data.
• Export your workout data in a machine-readable format.
• Withdraw consent for any processing based on consent.

To exercise these rights, email us at privacy@sweatstreak.app. We will respond within 30 days.

To delete your account and all associated data from within the app, go to Profile → Settings → Delete Account.

The SweatStreak mobile app does not use cookies. The promotional website (this site) uses only technically necessary session storage — no advertising cookies, no third-party tracking pixels.

SweatStreak is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this policy from time to time. When we make material changes, we will notify registered users via email and update the effective date at the top of this page. Continued use of the app after the effective date constitutes acceptance of the updated policy.

Questions or concerns about this policy? Reach us at: