Legal

Privacy Policy

Effective date: April 25, 2026  ·  Last updated: April 25, 2026

HEAFT ("we", "our", or "us") is committed to protecting your personal information. This policy explains what data we collect, why we collect it, how we use it, and your rights regarding it. By using the HEAFT app you agree to the practices described here.

Questions? Email us at support@heaft.app — we respond within 2 business days.

1 Information We Collect

We collect only what is necessary to deliver a personalised training experience.

Category Examples Why we need it
Account data Name, email address, profile photo Create and secure your account
Fitness data Body weight, workout history, exercise logs, goals, fitness level Generate personalised plans and track progress
AI conversation data Messages sent to the AI coach Provide contextual coaching responses
Device data Push notification tokens, device type, OS version Send workout reminders and app notifications
Usage data Feature interactions, session duration, app errors Improve reliability and product quality

We do not collect payment information directly. We do not access your contacts, microphone, camera, or location.

2 How We Use Your Information

We do not use your data for advertising or sell it to any third party, ever.

3 Third-Party Services

HEAFT relies on the following sub-processors to operate. Each is bound by their own privacy policy and data processing agreements.

Service Provider Purpose
Firebase Authentication Google LLC Account sign-in (email, Google, Apple)
Firebase Cloud Messaging Google LLC Push notifications
Gemini API Google LLC AI workout generation
Groq API Groq Inc. AI coaching responses
Together AI Together Computer Inc. AI fallback inference
Resend Resend Inc. Transactional email delivery
DigitalOcean DigitalOcean LLC Cloud infrastructure and database hosting

AI providers receive only the minimum data required to generate a response (your fitness context and the conversation message). Your name and email are never sent to AI providers.

4 Data Storage and Security

Your data is stored in a PostgreSQL database hosted on DigitalOcean infrastructure. We apply the following protections:

No system is 100% secure. If you discover a security issue, please disclose it responsibly to support@heaft.app.

5 Data Retention

We retain your data for as long as your account is active. If you delete your account:

6 Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

To exercise any of these rights, email support@heaft.app with the subject line "Privacy Request". We will respond within 30 days.

7 Children's Privacy

HEAFT is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal data, contact us at support@heaft.app and we will delete it promptly.

8 Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you via in-app notification or email at least 14 days before the change takes effect. Continued use of the app after that date constitutes acceptance of the updated policy.

The current version is always available at heaft.app/privacy.

9 Contact Us

For any privacy-related questions, data requests, or concerns: