This Privacy Policy explains how FORGE ("the App", "we", "us", "our"), operated by Luca Lusoli, collects, uses, and protects your personal information.
By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account information: Email address, name, password (encrypted)
- Profile information: Training experience, goals, preferences
- Training data: Workout logs, exercise data, progress notes, session history
- Assessment data: Movement screening responses, fitness level indicators
- Payment information: Processed by our payment provider (we do not store card details)
1.2 Information Collected Automatically
- Device information: Device type, operating system, browser type
- Usage data: Features used, session duration, interaction patterns
- Technical data: IP address, error logs, performance data
1.3 Cookies and Local Storage
The App uses local storage (similar to cookies) to:
- Keep you logged in
- Store your training data for offline access
- Remember your preferences
2. How We Use Your Information
We use your information to:
- Provide the service: Create your account, store your training data, generate AI programmes
- Improve the App: Analyse usage patterns, fix bugs, develop new features
- Communicate with you: Send service updates, trial reminders, important notices
- Process payments: Manage subscriptions through our payment provider
- Ensure security: Detect fraud, protect against unauthorized access
We do NOT use your information to:
- Sell to third parties
- Target advertising
- Share with unrelated businesses
3. AI-Generated Programmes
If you use FORGE+ AI features:
- Your assessment answers and training history are sent to our AI provider (Anthropic) to generate personalised programmes
- This data is processed according to Anthropic's privacy policy
- AI-generated content is based on your inputs and general training principles
- We do not share identifying information with the AI provider beyond what's necessary for programme generation
4. Data Sharing
We share your data only with:
4.1 Service Providers
- Supabase: Database and authentication (stores your account and training data)
- Anthropic: AI programme generation (FORGE+ users only)
- Resend: Email delivery (for account emails and notifications)
- Stripe: Payment processing (when implemented)
These providers are bound by their own privacy policies and data protection obligations.
4.2 Legal Requirements
We may disclose your information if required by law or to:
- Comply with legal process
- Protect our rights or safety
- Prevent fraud or security issues
5. Data Security
We implement appropriate security measures including:
- Encrypted data transmission (HTTPS)
- Secure password storage (hashed, not plain text)
- Access controls on our systems
- Regular security reviews
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your data as follows:
- Active accounts: Data kept while your account is active
- Cancelled subscriptions: Data kept for 12 months (in case you return)
- Deleted accounts: Data deleted within 30 days of account deletion request
- Legal requirements: Some data may be retained longer if required by law
7. Your Rights
Under UK data protection law (UK GDPR), you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Object: Object to certain processing of your data
- Withdraw consent: Withdraw consent at any time (where consent is the legal basis)
To exercise these rights, contact us at luca@forgetraining.app.
We will respond to requests within 30 days.
8. Children's Privacy
The App is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover such data has been collected, we will delete it immediately.
9. International Data Transfers
Your data may be processed in countries outside the UK, including:
- European Union (Supabase, Resend)
- United States (Anthropic)
These transfers are protected by appropriate safeguards including Standard Contractual Clauses.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
- Posting the new policy in the App
- Sending an email notification
Your continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
For questions about this Privacy Policy or your personal data, contact:
Luca Lusoli
Email: luca@forgetraining.app
For complaints about how we handle your data, you may also contact the UK Information Commissioner's Office (ICO) at ico.org.uk.
12. Legal Basis for Processing (UK GDPR)
We process your data under the following legal bases:
| Purpose |
Legal Basis |
| Providing the service | Contract performance |
| Processing payments | Contract performance |
| Sending service emails | Legitimate interest |
| AI programme generation | Consent (when you use FORGE+) |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
By using FORGE, you acknowledge that you have read and understood this Privacy Policy.