olune

Privacy

Draft only. This document is a placeholder pending legal review before public launch.

What we collect

  • Account data — your email, the auth provider you used (Apple, Google, password), and the devices you sign in from.
  • Training and nutrition data — every workout, set, food log, body metric, and check-in you create in the app.
  • Coach conversations and progress photos — encrypted with a per-user key on your device before they leave your phone. We can decrypt the metadata (timestamps, sizes) but not the contents.

What we don’t do

  • We do not sell your data.
  • We do not use your data to train third-party AI models.
  • We do not run cross-site tracking pixels or third-party advertising tags.

Where data lives

  • DigitalOcean Managed Postgres (NYC3 region).
  • DigitalOcean Spaces (NYC3 region) for media blobs.
  • Cloudflare in front for TLS and edge caching.

Your controls

  • ExportPOST /v1/me/export returns a JSON dump of everything we store about you.
  • Delete — Account deletion tombstones your row immediately. A nightly job hard-deletes 30 days later. The 30-day window exists so you can change your mind.
  • Revoke devices — Sign out a single device or all of them from Settings → Devices.

Subprocessors

DigitalOcean (compute, storage, DB), Cloudflare (DNS + edge), Doppler (secrets management), Sentry (error reporting). Full list available on request.

Contact

Privacy questions: [email protected].