Privacy Policy
Last updated: 1 June 2026
Lift is operated by Riccardo Casale, an individual sole trader based in Italy ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use the Lift mobile application and the liftgymapp.com website (together, the "Service"). We are the data controller responsible for your personal data, and you can reach us at ricc.casalee@gmail.com.
1. Information We Collect
- Account information. Your email address, password (stored only in hashed form by our authentication provider), and basic profile details.
- Health & fitness data. Workouts, sets, reps, weights, routines, body metrics (height, weight, goals), and your nutrition and water logs.
- Photos. Progress photos, meal photos, and body/physique photos you choose to capture or upload.
- User content. Free text you enter, such as your bio and the messages you send to the in-app AI Coach.
- Website analytics. Aggregated, cookieless analytics (page views, referrer, country, device type) collected on liftgymapp.com via Vercel. We do not use cookies, cross-site trackers, or advertising identifiers.
2. How We Use Your Information and Our Legal Basis
Under the GDPR we must have a lawful basis for each use of your data. We rely on:
- Performance of a contract — to provide the core app: store your workouts, sync your data across devices, and run the features you request.
- Your consent — for optional features that process your photos or send data to AI providers (meal analysis, nutrition label scanning, Scan & Train, and physique projection). You can withdraw consent at any time by not using the feature or by contacting us.
- Legitimate interests — to keep the Service secure, prevent abuse, and improve reliability.
- Legal obligation — to comply with applicable law.
3. AI Features and the Providers Who Process Your Data
Some features send your input to third-party AI providers to generate a result. All calls are made from our secure backend — our API keys are never stored on your device. These providers act as our processors and are not permitted to use your data for their own purposes, such as advertising. Each provider processes your input only to return the result we show you in the app.
- Calorie & meal analysis — your meal photo is sent to Anthropic (Claude) to estimate its nutrition.
- Nutrition label scan — your label photo is sent to Anthropic (Claude) to read the label.
- Workout generation, AI Coach, and Scan & Train — the workout text is sent to OpenAI; Scan & Train additionally sends a body photo to OpenAI for analysis.
- Physique Lab projection — your body photo is sent to Google (Gemini) to generate a projected image.
4. How We Share Your Information
We do not sell your personal information. We share data only with service providers strictly necessary to run the Service:
- Supabase — backend hosting, authentication, database, and file storage for your account and app data.
- Anthropic, OpenAI, and Google — AI processing as described in Section 3.
- Loops and Resend — email delivery (your email address only) for waitlist, account, and product messages.
- Vercel — website hosting and cookieless analytics.
5. International Data Transfers
Your account and app data are hosted by Supabase. Several of our AI and infrastructure providers (Anthropic, OpenAI, Google) are based in the United States. Where your personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs) and other appropriate safeguards required by the GDPR.
6. Data Retention
We keep your account and app data for as long as your account is active. If you ask us to delete your data, we will remove it from our backend. Uninstalling the app removes only the local copy on your device — data already stored on our backend remains until you request its deletion. Website analytics are retained only in aggregated, non-identifying form.
7. Your Rights
If you are in the EU/EEA, the GDPR gives you the right to access your data, correct inaccurate data, erase your data, restrict or object to processing, request data portability, and withdraw consent at any time. To exercise any of these rights, email ricc.casalee@gmail.com. For portability, you can also use Export Workout Data in the app's Settings to download a copy of your workout and nutrition data. You also have the right to lodge a complaint with your local supervisory authority — in Italy, the Garante per la protezione dei dati personali (garanteprivacy.it).
8. Security
We protect your data in transit with HTTPS/TLS, store authentication tokens securely in your device's Keychain, and host your data with a provider that encrypts it at rest. No method of transmission or storage is completely secure, but we take reasonable measures to protect your information.
9. Children's Privacy
The Service is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, contact us and we will delete it.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted on this page with an updated date and, where appropriate, communicated by email.
11. Contact
Data controller: Riccardo Casale, Italy. Questions or requests? Email ricc.casalee@gmail.com.