Privacy Policy

Last updated: 12 April 2026

This Privacy Policy explains how Lifting Coach (“we”, “us”, “our”) processes personal data when you use the web application at https://app.lifting.coach (the “Service”).

If you have questions, contact us at privacy@lifting.coach.

1. Data Controller

For the purposes of the General Data Protection Regulation (GDPR), the data controller is:

Lifting Coach
Auckland, New Zealand
privacy@lifting.coach

2. Personal Data We Collect

When you register or sign in using OAuth 2.0 (Google or Facebook), we may collect:

• Full name
• Email address
• Authentication/account identifiers required to manage your account

We also process technical and security-related data that is strictly necessary to operate the Service (for example, login/session and security event data).

3. How We Collect Data

We collect personal data:

• Directly from you when you use the Service
• From identity providers (Google or Facebook) when you choose OAuth login
• Automatically through essential technical mechanisms required for authentication and security

4. Purposes and Legal Bases (GDPR Article 6)

We process your personal data for these purposes:

1. Account creation and authentication
   • Data: full name, email address, provider account information
   • Legal basis: performance of a contract (Art. 6(1)(b))
2. Security and account protection (including password reset and fraud-prevention controls)
   • Data: email address, authentication/security data
   • Legal basis: legitimate interests (Art. 6(1)(f)) and, where required, performance of a contract (Art. 6(1)(b))
3. Essential service communications (for example, reset-password emails and critical account notifications)
   • Data: email address
   • Legal basis: performance of a contract (Art. 6(1)(b))

We do not use your personal data for unrelated marketing without a separate lawful basis.

5. Data Sharing and Recipients

We share personal data only when necessary to provide the Service, including with:

• OAuth identity providers (Google, Facebook) during sign-in flows
• Email delivery providers for essential notifications
• Infrastructure and hosting providers that support operation and security of the Service

All processors are required to process data only on our instructions and with appropriate safeguards.

6. International Data Transfers

Some providers we use (for example, Google/Facebook or email/hosting providers) may process data outside the European Economic Area (EEA).

Where transfers occur, we apply GDPR-compliant safeguards, such as:

• Adequacy decisions, where available
• Standard Contractual Clauses (SCCs), where applicable
• Additional technical and organizational safeguards where needed

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

• Account data (including name and email address): for as long as your account is active
• Security and audit-related records: for a limited period needed to protect the Service and resolve incidents
• Legally required records: for the period required by applicable law

When data is no longer required, we delete or anonymize it.

8. Your GDPR Rights

Subject to applicable law, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Object to processing based on legitimate interests
• Data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with your local supervisory authority

To exercise your rights, contact: privacy@lifting.coach.

9. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including controls for authentication, secure transmission, and access management.

No method of transmission or storage is completely risk-free, but we continuously work to protect your data.

10. Children’s Data

The Service is not intended for children under the age required by applicable law in your jurisdiction. We do not knowingly collect personal data from children in violation of applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last updated” date.

12. Contact

For privacy-related questions or requests, please contact us at privacy@lifting.coach.