Featherweight

Privacy Policy

Last updated: December 4, 2025

Welcome to Featherweight, a weightlifting tracking application designed for serious lifters. We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information.

1. Information We Collect

1.1 Account Information

  • Email Address: Used for account creation, authentication, and important account-related communications
  • Password: Stored securely using Firebase Authentication (hashed and never stored in plain text)

1.2 Health and Fitness Data

Featherweight collects and stores the following workout and fitness-related data:

  • Workout Data: Exercises performed, sets, repetitions, weights lifted, rest times, workout duration, and workout dates
  • Programme Data: Training plans, structured multi-week programmes, workout templates
  • Personal Records: One-rep max (1RM) calculations and estimates for various exercises
  • Body Measurements: Optional body weight and other physical measurements you choose to track
  • Progress Analytics: Training insights, performance trends, and progression metrics derived from your workout data
  • Exercise Library: Your custom exercises and modifications to the built-in exercise database

1.3 Technical and Usage Data

  • Device Information: Device type, operating system version, app version
  • Analytics Data: App usage patterns, feature interactions, screen views (collected via Firebase Analytics)
  • Crash Reports: Technical diagnostics and crash logs to improve app stability (collected via Firebase Crashlytics)
  • Performance Data: App performance metrics to optimize user experience

2. How We Use Your Information

2.1 Core App Functionality

  • Providing workout tracking and programme management features
  • Calculating one-rep max (1RM) estimates using the Brzycki formula
  • Generating personalized training insights and progress analytics
  • Storing and organizing your workout history
  • Syncing your data across multiple devices via Firebase Cloud Sync

2.2 AI-Powered Features

  • Analyzing your training data to provide intelligent workout recommendations
  • Processing workout history through AI (via Firebase Cloud Functions) to generate personalized programme suggestions
  • Your workout data is sent to AI services only when you explicitly use AI features, and is processed in accordance with the provider's data usage policies

2.3 Voice Input (Microphone)

  • Purpose: The app uses microphone access to enable voice-based workout logging, allowing you to dictate exercises, sets, reps, and weights hands-free
  • Processing: Audio recordings are sent to AI transcription services (via Firebase Cloud Functions) for conversion into text
  • Data Retention: Audio recordings are NOT stored after transcription. They are immediately deleted once the text has been extracted
  • Optional Feature: Microphone access is only requested when you choose to use voice input. You can use all other app features without granting microphone permission

2.4 Account Management

  • Authenticating your identity and securing your account
  • Enabling password resets and account recovery
  • Sending email verification for account security
  • Processing account deletion requests

2.5 Service Improvement

  • Analyzing app usage patterns to improve features and user experience
  • Diagnosing and fixing technical issues and crashes
  • Monitoring app performance and reliability
  • Understanding feature adoption and usage trends

3. Data Storage and Security

3.1 Local Storage (On Your Device)

  • Device Encryption: Your data is protected by Android's Filesystem-Based Encryption (FBE), which encrypts all app data at rest using your device's secure credentials
  • Offline-First Architecture: Your local database is the primary source of truth, ensuring data availability even without internet connection

3.2 Cloud Storage (Firebase)

  • Firebase Firestore: Encrypted workout data synced to Google Cloud Platform infrastructure
  • Firebase Authentication: Secure authentication tokens and hashed credentials
  • Data Isolation: Your data is isolated per user account and not accessible to other users
  • Transport Encryption: All data transmitted between your device and Firebase servers uses TLS/SSL encryption

3.3 Security Measures

  • Industry-standard encryption for data at rest and in transit
  • Regular security updates and vulnerability patches
  • Secure authentication using Firebase Auth with email verification
  • No storage of payment information (app is currently free)

4. Third-Party Services

Featherweight integrates with the following third-party services:

4.1 Firebase (Google Cloud Platform)

  • Firebase Authentication: User account management and authentication
  • Firebase Firestore: Cloud database for data synchronization
  • Firebase Analytics: Usage analytics and feature tracking
  • Firebase Crashlytics: Crash reporting and diagnostics
  • Firebase Cloud Functions: Serverless backend processing

Firebase Privacy Policy: firebase.google.com/support/privacy

4.2 AI Services

  • Purpose: AI-powered training analysis, programme parsing, and voice transcription
  • Data Shared: Workout history, exercise data, and performance metrics (only when you use AI features)
  • Processing: Handled through Firebase Cloud Functions to protect your privacy

5. Your Rights and Choices

5.1 Access and Portability (GDPR Article 15 & 20)

  • You can export all your workout data at any time using the "Export Workouts" feature in the Data tab
  • Exported data is provided in JSON format for portability
  • You can request a complete copy of your account data by contacting us

5.2 Correction and Modification (GDPR Article 16)

  • You can edit or delete individual workouts, exercises, and 1RM records directly in the app
  • You can update your email address and password in the Settings tab
  • Changes are immediately reflected in both local and cloud storage

5.3 Deletion and Erasure (GDPR Article 17)

  • You can delete your entire account and all associated data using the "Delete Account" option in Settings
  • Account deletion is permanent and irreversible
  • Upon deletion, all your data is removed from both local storage and Firebase cloud storage within 30 days
  • Some anonymized analytics data may be retained for service improvement

5.4 Restriction and Objection (GDPR Article 18 & 21)

  • You can disable cloud sync to prevent data from being sent to Firebase (data will remain local only)
  • You can opt out of AI features by not using them (no data is sent to AI services unless you explicitly use AI features)
  • You can contact us to object to specific data processing activities

5.5 Analytics Opt-Out

  • Analytics collection is enabled by default to improve the app
  • To opt out of Firebase Analytics: Go to your device Settings → Google → Ads → Opt out of Ads Personalization
  • To completely disable analytics: Contact us at featherweight.app@gmail.com and we will manually disable analytics for your account
  • Note: Opting out of analytics does not affect core app functionality

6. Data Retention

  • Active Accounts: Your workout data is retained indefinitely while your account is active
  • Deleted Accounts: All personal data is deleted within 30 days of account deletion
  • Crash Logs: Retained for 90 days for debugging purposes
  • Analytics Data: Aggregated and anonymized analytics may be retained for up to 2 years
  • Backup Data: Firebase backups are retained for 30 days

7. Age Restrictions

Featherweight is intended for users aged 16 and older. Due to the nature of health and fitness data we collect, we require users to be at least 16 years old to comply with GDPR requirements for processing sensitive personal data. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately, and we will delete such information.

8. International Data Transfers

Featherweight is operated from the United Kingdom. Your data may be transferred to and processed in countries other than your country of residence, including the United States, where Firebase servers are located. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place for such transfers in accordance with UK GDPR and EU GDPR requirements, including Standard Contractual Clauses (SCCs) where applicable.

9. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the app's core functionality
  • Consent: For AI features, analytics, and optional data processing (you can withdraw consent at any time)
  • Legitimate Interests: For app improvement, security, and fraud prevention
  • Legal Obligations: To comply with applicable laws and regulations

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law within 72 hours of becoming aware of the breach.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Displaying an in-app notification for significant changes
  • Sending an email notification to your registered email address (for major changes)

Your continued use of Featherweight after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: featherweight.app@gmail.com

Response Time: We aim to respond to all privacy inquiries within 30 days.

For GDPR-related requests, you also have the right to lodge a complaint with your local data protection authority.