FORGEFIT PRIVACY POLICY

Last Updated: February 3, 2026

ForgeFit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and phone number
• Health and Fitness Data: Body measurements, weight, photos, workout logs, and nutritional information
• Onboarding Responses: Information you provide during the onboarding process, including goals, preferences, and health information
• Payment Information: Processed securely through Apple's App Store and RevenueCat (we do not store payment card details)

1.2 Required vs Optional Data Collection

Required for Core Features:

• Workout logs (exercises, sets, reps, weight lifted)
• Nutrition tracking (meals, macros, food logs)
• Account information (email address, name)
• Basic device information for app functionality

Optional - You Choose:

• Health Connect/HealthKit data (HRV, heart rate, steps, calories, sleep)
• Photos for body composition analysis
• Location data for outdoor workout tracking

You can use ForgeFit's core workout tracking and nutrition features without granting access to optional health data. Health Connect/HealthKit integration enhances your experience with recovery insights but is not required.

1.3 Information Collected Automatically

• Health Data: We integrate with Apple HealthKit (iOS) and Google Health Connect (Android) to access health and fitness data including:
  • Steps, active calories, and distance
  • Heart rate and heart rate variability (HRV)
  • Resting heart rate
  • Workout data from connected devices and services (for example, Apple Watch on iOS or Health Connect sources on Android)
  • Sleep data (if you enable it via HealthKit/Health Connect permissions)

  Heart Rate Variability (HRV) - Recovery Monitoring:

  We collect Heart Rate Variability (HRV) data specifically for recovery assessment and training optimization. HRV is a key indicator of your nervous system recovery and overall readiness to train. Here's how we use HRV data:

  • Recovery Assessment: We analyze HRV trends to determine if you are adequately recovered from previous workouts
  • Workout Readiness: Based on your HRV levels, we display a recovery status (Good, Fair, or Low) on your dashboard to help you decide whether to push hard or take it easy
  • Training Optimization: Low HRV indicates insufficient recovery. Our AI coach uses this data to recommend rest days or lighter training to prevent overtraining
  • Injury Prevention: By monitoring HRV trends, we can alert you when your body needs more recovery time, helping prevent overtraining-related injuries

  User Control: Health data collection is entirely optional. You can connect or disconnect HealthKit/Health Connect access at any time through your device settings. If you disconnect, you will still be able to use all core workout tracking and nutrition features.

• Device Information: Device ID, operating system, and app version
• Usage Data: How you interact with the App, features used, and app performance data
• Diagnostics: Crash reports and performance data to improve app stability

2. How We Use Your Information

We use the information we collect to:

• Provide and personalize your AI coaching experience
• Generate customized workout plans and meal plans
• Track your progress and provide feedback
• Send you notifications and reminders related to your fitness goals
• Process subscription payments and manage your account
• Improve our services and develop new features
• Ensure app security and prevent fraud
• Comply with legal obligations

3. Data Storage and Security

Your data is stored securely using Supabase, a cloud database service. We implement industry-standard security measures to protect your information, including encryption in transit and at rest. However, no method of transmission over the internet or electronic storage is 100% secure.

4. Third-Party Services

We use the following third-party services that may collect or process your data:

• Apple HealthKit: To access and store health and fitness data on your device
• Google Health Connect (Android): To access (and, if you enable it, write) health and fitness data on Android devices
• RevenueCat: To manage subscription payments and restore purchases
• Supabase: To store and manage your account data and app content securely with encryption
• OpenAI/Modal Labs: To power AI features such as meal photo recognition and coaching responses. Note: We do NOT send raw HRV or heart rate data to these services. Only aggregated, anonymized fitness summaries are used for AI coaching context.
• Apple App Store: To process in-app purchases and subscriptions

Important: Health data (including HRV, heart rate, and activity data) is NOT shared with third parties for advertising, marketing, or any purpose beyond providing you with personalized fitness coaching. Your health data stays private and is only used to enhance your personal fitness journey.

These third parties have their own privacy policies. We encourage you to review them to understand how they handle your data.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or respond to legal requests
• To protect our rights, privacy, safety, or property
• In connection with a business transfer (merger, acquisition, etc.)
• With service providers who assist us in operating the App (as described in Section 4)

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Data Portability: Request your data in a portable format
• Opt-Out: Adjust notification preferences in the App settings
• Health Data: Control HealthKit (iOS) or Health Connect (Android) data sharing through your device settings

To exercise these rights, please contact us at the email address provided below.

7. Account Deletion

You can request deletion of your account and all associated data at any time. We provide multiple ways to request account deletion:

7.1 In-App Account Deletion

The easiest way to delete your account is directly through the App:

1. Open the ForgeFit app
2. Navigate to Settings (tap your profile icon in the top right corner of the Dashboard)
3. Scroll down to the "Delete Account" option
4. Follow the on-screen prompts to confirm deletion

When you delete your account through the App, the following data will be permanently deleted:

• Your account information (name, email, phone number)
• All workout logs and exercise history
• All nutrition data and meal logs
• All hydration and sleep tracking data
• Your onboarding responses and preferences
• Your progress photos and body composition data
• Your personalized workout and meal plans
• All chat history with Coach Alex
• Your subscription information (subscription will be canceled)

7.2 Alternative Deletion Request

If you are unable to access the App or prefer to request deletion via email, please contact us at support@forgefitapp.com with the subject line "Account Deletion Request" and include:

• Your account email address or phone number
• A clear statement that you wish to delete your account
• Any additional information that will help us locate your account

We will process your deletion request within 30 days of receipt.

7.3 Data Retention After Deletion

After you delete your account, we will permanently delete or anonymize all of your personal information from our systems. However, we may retain certain information for a limited period of time in the following circumstances:

• Legal Requirements: We may be required to retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements
• Backup Systems: Deleted data may remain in our backup systems for up to 90 days before being permanently purged
• Anonymized Analytics: We may retain anonymized, aggregated data that cannot be used to identify you

Once your account is deleted, you will not be able to recover any of your data. If you wish to use ForgeFit again in the future, you will need to create a new account and start fresh.

8. Children's Privacy

Our App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or regulatory purposes. For more details on what happens when you delete your account, please see Section 7 (Account Deletion) above.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our App, you consent to the transfer of your information to these countries.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the App and updating the "Last Updated" date. Your continued use of the App after such changes constitutes acceptance of the updated policy.

12. Contact Us

© 2026 ForgeFit. All rights reserved.