Back to home

Privacy Policy

Last updated: 2 March 2026

1. Who we are

LiftIt.fit (“we”, “us”, or “our”) operates the LiftIt exercise tracking application available at app.liftit.fit. This policy explains what personal data we collect, why we collect it, and how it is handled.

We are the data controller for the personal data described in this policy. This policy is written in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where users are based in the European Economic Area, the EU GDPR also applies.

2. Data we collect

We collect only the minimum personal data necessary to provide you with an account:

  • Email address — used to create and identify your account, and to contact you about your account if needed.
  • Name — used to personalise your experience within the app.

Beyond these two fields, your workout data (exercises, sets, reps, volume, etc.) is stored solely to power the features of the app.

3. Lawful basis for processing

Under UK/EU GDPR we must have a lawful basis to process your personal data. We rely on the following:

  • Performance of a contract (Article 6(1)(b)) — processing your email and name is necessary to provide you with the service you signed up for.
  • Legitimate interests (Article 6(1)(f)) — for transactional communications such as magic link sign-in emails and security notices.
  • Soft opt-in (PECR Regulation 22) — as an existing customer, we may send you product and onboarding emails about LiftIt.fit. You can opt out at any time (see section 8).

4. How we use your data

We use your email and name to:

  • Create and maintain your account.
  • Send transactional emails (e.g. magic link sign-in emails, account notices).
  • Send onboarding and product emails — such as welcome messages and tips during your trial period — to help you get the most out of the app. These are sent under the PECR soft opt-in rule and you can unsubscribe at any time using the link in any such email.
  • Respond to support requests you initiate.

We do not use your data for advertising, profiling, or any automated decision-making.

5. Data sharing

We do not sell, rent, or share your personal data with any third party, for any purpose. Your data stays with us.

6. Data retention

Your personal data is retained for as long as your account is active. If you delete your account, your email and name will be permanently deleted within 30 days.

7. Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. We do not store passwords — authentication is handled via magic links or OAuth (Google), so no credentials are held by us.

8. Your rights under UK/EU GDPR

You have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your personal data (“right to be forgotten”).
  • Restriction of processing — ask us to limit how we use your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Opt out of marketing emails — unsubscribe from onboarding and product emails at any time using the link in any such email, or by contacting us directly. Transactional emails (e.g. magic link sign-in emails) are not affected.

To exercise any of these rights, contact us at the address in section 10. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top of this page. Continued use of the app after any changes constitutes acceptance of the updated policy.

10. Contact

Questions or requests regarding your privacy can be sent to: [email protected]