Privacy Policy

Last updated: May 2, 2026

This Privacy Policy describes how Forgd Fitness ("Forgd", "we", "us", or "the app") collects, uses, stores, and shares your personal information when you use our mobile application available through the Apple App Store.

We built Forgd around a privacy-first principle: most of what you log in the app — workouts, nutrition entries, body measurements, progress photos — stays on your device and in your personal iCloud account. We never see it.

The exceptions are narrow and explicit:

Authentication. When you create or sign into a Forgd account, we keep just enough information on a backend we operate (the forgd-backend, hosted on Cloudflare Workers with managed Postgres on Supabase) to let you sign back in across devices.
Trainer sharing (opt-in). If you connect with a Forgd-listed trainer using their invite code and explicitly grant per-scope access (workouts, nutrition, photos, body data), a copy of the data you've granted is mirrored to that same backend so your trainer can read it from a web dashboard. If you never connect a trainer, no fitness or nutrition data ever leaves your device or iCloud.

Sections 1.7–1.8 and Section 3 describe these in detail. Everything else continues to live only on your device and in your iCloud account.

The short version: Forgd does not sell or rent your data. We do not show advertising. We do not use your data to train machine-learning models. We do not share your information with anyone except the service providers listed in Section 4, and only as needed to operate the app.

1. Information We Collect

1.1 Information you provide directly

When you sign in with Apple, we receive your Apple-issued user identifier and, at your option, your name and email address. If you choose to use Apple's Hide My Email feature, we receive a private relay email instead of your real address.

When you use Forgd, you may enter or log:

Your name and display preferences
Date of birth, sex, height, weight, and fitness goals
Body measurements (e.g., waist, hips, arms)
Workout entries, exercise logs, and training programs
Nutrition entries, meal plans, and dietary preferences
Hydration and step goals
Gym locations you've saved
Progress photos you've taken or uploaded
Notes and custom content you've written

1.2 Health data from Apple HealthKit

If you grant permission, Forgd reads a broad set of fitness, health, and recovery data through Apple's HealthKit framework, including: activity and energy data (steps, active and basal energy, exercise time, stand time, walking and running distance, flights climbed); workouts; cardio biomechanics (VO₂ max, walking and running speed, running stride length and power); heart-rate and cardiovascular data (heart rate, resting heart rate, heart rate variability, respiratory rate, oxygen saturation, body temperature, blood pressure); body composition (weight, body-fat percentage, body mass index, height, lean body mass, waist circumference); and sleep and mindfulness sessions. With your permission Forgd also writes back to HealthKit the workouts you log in the app, water intake, and updates to body composition. HealthKit data is stored by Apple, never by us, and is controlled through your device's Settings → Health → Data Access & Devices → Forgd at any time.

Per Apple's HealthKit policies, we do not sell, disclose, or use HealthKit data for advertising, data brokering, or any purpose unrelated to providing fitness and health features inside the app.

1.3 Photos

If you grant permission, Forgd can take progress photos using your device camera and store them locally on your device and (if iCloud sync is enabled) in your personal iCloud Private Database. We do not scan, analyze for faces, upload to third-party servers, or otherwise process your photos beyond storing them for your own use.

1.4 Location data

If you use the Gyms feature (Workouts → Saved Gyms) or the Restaurants feature (Nutrition → Restaurants tile) and grant location permission, Forgd uses your current location to query Apple's MapKit local-search service for nearby gyms or restaurants. The location is used only for the lookup itself: we do not store your location, do not transmit it to any server we control, and do not track your location in the background.

1.5 Device and usage information

Forgd does not embed third-party analytics or advertising SDKs. The app keeps a local crash log on device and offers it to you for optional sharing — it does not leave your device unless you explicitly share it.

The "How To" tutorial sheet on each exercise loads YouTube content inside an in-app private web view (using YouTube's youtube-nocookie.com embed where applicable). When that sheet is open, your device communicates directly with YouTube to render the search results or video, and YouTube receives the standard request information any browser would send (IP address, user agent, the search query). Forgd itself does not collect or store any data about which tutorials you watched.

1.6 Subscription information

When you purchase a subscription, Apple processes the transaction and provides the app with a cryptographically-signed receipt indicating your entitlement status. We never see your payment details, card numbers, or billing address. Subscription status is verified on your device.

1.7 Account information held on the backend

To let you sign in on more than one device and to allow trainer features, our backend stores a small account record:

Your account email address.
If you sign up with email and password: a salted PBKDF2 password hash. Your raw password is never transmitted to or stored by us in plaintext.
If you sign in with Apple or Google: the provider's user identifier, plus the email those providers attest you control (which may be Apple's private relay address if you use Hide My Email).
Refresh tokens for active sessions, scoped to a single device, hashed at rest. We rotate them on each use and revoke them when you sign out, reset your password, or delete your account. Once a refresh token is revoked, that session can't get a new short-lived access token.
Short-lived email-verification and password-reset tokens, hashed at rest, that expire after a few hours.
Your account role (regular user, or trainer if approved) and a token version counter. The counter increments after security-relevant changes (for example, when an account is approved as a trainer); your next session refresh re-reads the counter and stamps the current value into a new access token. Existing access tokens, which are short-lived (15 minutes), age out naturally on top of this.

This account record is what we wipe when you delete your account (see Section 5).

1.8 Data mirrored to your trainer (only if you connect one)

Forgd offers a Trainer Hub: certified coaches we've approved can be connected to your account using an invite code they share with you. Connecting a trainer is entirely optional, never automatic, and gated behind a deliberate confirmation flow.

When you connect a trainer, you choose per-scope what they can see — independently for workouts, nutrition, body measurements, and progress photos. Each scope you toggle on causes Forgd to mirror the corresponding data to our backend so your trainer can read it from their web dashboard. Mirror updates happen in near-real-time as you log new entries.

What's mirrored is bounded by your toggles:

Workouts: exercise names, sets, reps, weights, durations, and timestamps for sessions you've completed.
Nutrition: daily food entries, calories, macros, and meal labels.
Body data: weight, body measurements, and body-fat estimates you've entered.
Progress photos: only if you flip on the photo scope, which is off by default. Photo files are stored in a private Supabase Storage bucket; the connected trainer's authenticated session fetches them through our backend via short-lived (15-minute) signed URLs.

You can disconnect a trainer at any time from the Connect a Trainer screen — disconnect requires you to type the trainer's name to confirm. Disconnection ends the relationship immediately, stops further mirror updates, and removes that trainer's access. The mirror rows you previously shared (workouts, nutrition, body data, photos) remain on our backend keyed to your account but are no longer visible to that ex-trainer or to any other trainer unless you connect a new one and grant the matching scope. The mirror data is fully removed when you delete your account (Section 5).

If you never connect a trainer, none of your fitness, nutrition, body, or photo data is ever mirrored to our backend. The mirror is created on the moment you toggle a scope on, never before.

Forgd's admin team manually reviews trainer applications. Approval and rejection decisions are recorded in an internal audit log (admin email, decision, timestamp) so we can answer compliance and account-recovery questions later.

2. How We Use Information

We use the information above solely to operate the app's features for you:

Personalize workout and nutrition recommendations
Save and sync your training programs, logs, photos, and goals across your Apple devices
Show your progress trends, streaks, badges, and achievements
Integrate with Apple Health to reflect your real activity
Enable in-app purchases and subscription features
Respond to your support requests

We do not use your data for advertising, profiling across services, training machine-learning models, data brokering, or any purpose unrelated to the fitness features you've enabled.

3. Where Your Data Is Stored

On your device: app data is written to your device's local application sandbox. Identity tokens are stored in the iOS Keychain. This data is protected by iOS's standard file-system encryption when your device is locked.

In your iCloud account: when you're signed into iCloud and allow CloudKit sync, your fitness, nutrition, photo, and progress data is synced through Apple's CloudKit Private Database. This is end-to-end encrypted between your Apple devices, and Apple provides the storage and encryption infrastructure. We never have access to the contents of your private CloudKit zone.

On our backend (forgd-backend): the account record described in Section 1.7 lives on infrastructure we operate: Cloudflare Workers handle requests, and a managed Postgres database on Supabase (in the United States) stores the rows. Database access is restricted by row-level security defaults that deny non-service requests; passwords are stored only as PBKDF2 hashes; refresh tokens are rotated and revocable. If you've connected a trainer with sharing scopes enabled (Section 1.8), the mirrored fitness/nutrition/body data also lives in Supabase Postgres, and any progress photos you've shared are stored in a private Supabase Storage bucket and accessed only via short-lived (15-minute) signed URLs.

With Apple: sign in, subscription, HealthKit, and CloudKit all flow through Apple's services per their privacy policies.

4. How We Share Information

We do not sell, rent, license, or otherwise disclose your personal information to any third party for marketing or commercial purposes.

We share information with the following service providers solely to operate Forgd. Each acts as a processor on our behalf and is contractually limited in what they may do with the data:

Apple, as necessary to provide Sign in with Apple, HealthKit, CloudKit sync, and In-App Purchase functionality. Apple's handling is governed by Apple's Privacy Policy at apple.com/legal/privacy.
Cloudflare, our hosting provider for the forgd-backend Worker, the forgd.fit marketing website, and the trainer dashboard at trainers.forgd.fit. Cloudflare also handles DNS, TLS termination, and edge caching for these properties.
Supabase, the managed Postgres host for the backend database described in Section 3, and — when you have connected a trainer with the Photo scope enabled — the private object-storage host for the progress photos you have shared.
Google, in two narrow situations: (a) if you choose to sign in with Google, we receive the Google account identifier and verified email Google attests to; (b) if you tap the "How To" tutorial on an exercise, the in-app private web view loads YouTube content from youtube-nocookie.com or m.youtube.com directly. Google's handling of those video-loading requests is governed by Google's Privacy Policy and YouTube's terms; Forgd does not pass Google any other information about you.
Resend, when we send you transactional email — verification messages, password-reset links, and trainer-decision notifications. Resend processes the message and your email address; it does not receive any of your fitness or nutrition data.
Connected trainers you have explicitly chosen to share with, via the per-scope toggles described in Section 1.8.
Law enforcement or regulators, if required by a valid legal request. We retain only the minimum information described in Section 1.7 and Section 1.8; we cannot disclose data we do not hold.

5. Your Rights and Choices

You control your data at all times:

Access and export: from the Profile → Data → Export All Data screen, you can download a ZIP archive containing the JSON of your locally-stored data plus your saved progress photos.
Delete account and all data: from Profile → Account → Delete Account, you can permanently delete your iCloud zone, local data, app session, the backend account record described in Section 1.7, any progress photos you've stored on our backend (Supabase Storage), and any trainer-mirror data on our backend. This is immediate and irreversible.
Disconnect a connected trainer: Profile → Connected Trainer → End Relationship. Disconnect requires you to type the trainer's name to confirm; once confirmed, the trainer loses access immediately and the mirror is wiped as part of relationship cleanup.
Adjust trainer sharing scopes: Profile → Connected Trainer lets you toggle each scope (workouts, nutrition, body data, photos) independently. Turning a scope off stops further mirror updates for that scope.
Revoke Apple sign-in: from iOS Settings → your Apple ID → Sign in with Apple → Forgd → Stop Using Apple ID, you can disconnect your Apple ID from the app at any time.
Revoke HealthKit access: Settings → Health → Data Access & Devices → Forgd.
Revoke location and photo access: Settings → Privacy & Security.
Opt out of notifications: Settings → Notifications → Forgd or from the in-app Notifications settings.
Cancel subscriptions: Settings → your Apple ID → Subscriptions, or via Profile → Subscription → Manage Subscription inside the app.

Lawful bases for processing (EEA / UK). We process your account record (Section 1.7) under contract necessity (Art. 6(1)(b) GDPR) — providing the app you signed up for. Trainer-mirror data (Section 1.8) is processed only under your explicit consent (Art. 6(1)(a)), which you give per-scope and may withdraw at any time. HealthKit data (Section 1.2) is processed under your explicit consent for special-category health data (Art. 9(2)(a)).

Data-subject rights (EEA / UK / California). You have the rights to: (i) access the personal information we hold about you, (ii) rectify inaccurate data, (iii) erasure ("right to be forgotten") — handled by Profile → Account → Delete Account, (iv) restrict processing, (v) object to processing, (vi) data portability — handled by Profile → Data → Export All Data, and (vii) not be subject to a decision based solely on automated processing — Forgd makes no such decisions about you. EEA / UK residents may also lodge a complaint with their supervisory authority. To exercise any right we cannot provide directly in-app, email the contact address below.

California residents — Your CCPA Rights. We do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act (Cal. Civ. Code § 1798.140). We have not done so in the preceding 12 months and do not anticipate doing so. There is therefore no opt-out mechanism to provide; if this changes we will update this notice and provide one. You retain the rights described above to access, correct, and delete your information.

EU representative. Forgd does not target EU residents and does not regularly offer goods or services to data subjects in the European Union. We have not designated a representative under GDPR Article 27. If this changes we will update this notice.

6. Children

Forgd is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, please contact us and we will delete it.

7. Data Retention

Local and iCloud data are retained until you delete them. Because that data lives in your own iCloud and on your device, we do not set retention limits — you do.

Backend account data (Section 1.7) is retained for as long as your account is active. Email-verification and password-reset tokens are short-lived (hours) and self-expiring. Refresh tokens are revoked when you sign out, change your password, or delete your account. When you delete your account, the account row is anonymized within minutes and any associated Supabase Storage photo objects and trainer-mirror rows (workouts, nutrition entries, body data, photos) are removed. The anonymized account stub is preserved for up to 30 days for compliance and audit purposes before being purged.

Trainer-mirror data (Section 1.8) is retained while your account exists. When you disconnect a trainer, the relationship is marked as ended and that trainer immediately loses access; the underlying mirror rows remain associated with your account so they can re-populate seamlessly if you re-connect or grant access to a different trainer. The mirror rows are deleted in full only when you delete your account. Trainer admin-decision audit rows persist (with the user reference set to null on account deletion) so we can answer compliance and account-recovery questions later.

8. Security

We rely on Apple's platform security features for on-device and CloudKit data: device-level encryption, Keychain-protected credentials, CloudKit's transport and at-rest encryption, and App Transport Security for any network calls.

For backend data we operate, traffic uses TLS 1.3 in transit; the database enforces row-level security defaults that deny non-service requests; passwords are stored only as PBKDF2 hashes generated via Web Crypto; refresh tokens are rotated on use and revocable; the trainer admin panel sits behind Cloudflare Access (single-administrator policy) and every approve/reject decision is recorded in an immutable audit log. Trainer-shared data is gated by the per-scope consent toggles you control.

No system is perfectly secure; report suspected vulnerabilities to the contact email below. If we become aware of a personal-data breach affecting your information, we will notify affected users without undue delay and within 72 hours where required by law, and provide a clear description of what happened, what data was affected, and what mitigations we recommend.

9. International Transfers

Cloudflare and Supabase operate global networks. Backend requests are accepted at Cloudflare's nearest point-of-presence and proxied to Supabase's primary region in the United States, where account data and trainer-mirror data are stored at rest. Apple's services follow Apple's own data-handling policies. If you are based in the European Economic Area or the United Kingdom, you are sending data internationally to the United States when you sign in or use trainer features; you can stop at any time by signing out, deleting your account, and / or never connecting a trainer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest change. Material changes will be surfaced in the app before they take effect.

11. Contact

Questions, requests, or concerns: [email protected]

Data controller. Forgd Fitness is operated by Bryce Harr from the United States.
Email: [email protected]

If you prefer to send postal correspondence (for example, a formal data-subject access or erasure request), email the address above and we will provide a mailing address by reply within five business days.

12. Website Cookies and Trackers

Forgd's marketing website at forgd.fit and the trainer dashboard at trainers.forgd.fit are hosted on Cloudflare Pages. The marketing site sets no first-party cookies for tracking or analytics. Web fonts are loaded from Bunny Fonts (fonts.bunny.net), an EU-based privacy-friendly font CDN that does not log IP addresses for tracking purposes. The trainer dashboard uses session cookies (HttpOnly, Secure, SameSite=Strict) for authentication only — these are functional and not used for tracking.

The Forgd iOS app does not use the web cookie infrastructure for app data; identity tokens live in the iOS Keychain (Section 3).