PRIVACY POLICY

The Forge (“we,” “us,” “the app”) is operated by Sole Hack, a sole proprietorship registered in the United States. Questions about this policy or your data can go to support@theforgefitness.app.

We only collect what the app needs to function. Everything below is tied to an account you create using an email + password.

• Account: email address, hashed password, account creation timestamp.
• Workout data: sessions, sets, reps, weight, RPE, rest times, personal records, training notes, custom templates, periodization programs you create or activate.
• Body data (optional): bodyweight entries, body-fat estimates, circumference measurements, progress photos you upload.
• Cardio log (optional): activity type, duration, distance, notes.
• Settings: units, theme, notification preferences, partner invite code.
• Push token (optional): the device-specific token issued by Apple if you enable notifications. Used solely to deliver notifications you’ve subscribed to.

We do not collect: your contacts, location, advertising identifier (IDFA), photo library beyond what you explicitly attach, third-party social profiles, or device fingerprints.

This section is short on purpose. The Forge does not:

• Embed third-party analytics SDKs (no Firebase, Mixpanel, Amplitude, Segment, etc.).
• Embed advertising SDKs (no Google AdMob, Meta Audience, etc.).
• Use cross-app tracking identifiers — we don’t request App Tracking Transparency permission because we never track you across apps or websites.
• Sell, rent, or share your data with data brokers or marketing partners.
• Train machine-learning models on your training history.

Your account and workout history are stored on Supabase, a managed Postgres database provider, in US-based AWS data centers. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Progress photos are stored in encrypted object storage scoped to your user account.

Push notifications are delivered through Expo Push Service, which relays them to Apple’s APNs servers. The payload (e.g. “Marcus finished Pull B”) is transient and not retained by Expo or by us beyond delivery.

If you connect with a training partner using an invite code, that partner can see workouts associated with any program you both share, and gets a push notification when you complete a session. They cannot see workouts outside the shared program, your bodyweight, your body composition, your progress photos, or your account email.

You can disconnect from a partner at any time in Settings → Partner. Disconnection is immediate and bidirectional.

The Forge is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, email support@theforgefitness.app and we will delete it.

You have the right to:

• Export your training history as CSV at any time from Settings → Data → Export.
• Delete your account from Settings → Account → Delete Account. Deletion is permanent and cascades to every related record (sessions, sets, photos, measurements, partner links, push tokens). We do not retain a soft-deleted copy.
• Access or request a copy of all data we hold about you by emailing support@theforgefitness.app. We’ll respond within 30 days.
• Correct any inaccurate data by editing it inside the app, or by emailing support if a field isn’t user-editable.

If you’re in the EU/UK, you also have the rights provided under GDPR (objection, restriction of processing, lodging a complaint with a supervisory authority). The Forge’s data controller is Sole Hack.

Active accounts are retained as long as you use them. If you delete your account, all associated data is wiped within 24 hours. Backup snapshots — used solely for disaster recovery — roll over within 30 days; we do not access them otherwise.

All traffic between the app and our servers is encrypted with TLS 1.2+. Passwords are hashed using bcrypt; we cannot see your plaintext password. Row-level security policies on the database ensure one user’s queries can never return another user’s rows.

No system is perfectly secure. If we ever experience a breach affecting your data, we’ll notify you by email within 72 hours of discovery.

We may update this policy as the app evolves. Material changes will be announced in-app and dated at the top of this page. Continued use of the app after a change means you accept the revised policy.

Questions, requests, or disputes: support@theforgefitness.app.