Privacy Policy
DRAFT — pending legal review. This is a plain-language draft that reflects how Áfram handles data today. It has not yet been reviewed by a lawyer and is not legal advice.
Who we are
Áfram ("we", "us") is a fitness app operated by a sole trader registered in the United Kingdom. We are the data controller for your personal data under UK GDPR. For privacy questions or requests, contact us at hello@afram.coach.
What we collect
- Account: your email address and password (handled by our authentication provider).
- Profile: your display name and preferences (units, training goal, experience level, and your weight goal).
- Training data: your routines, workouts, logged sets, progression state and prescriptions, any custom exercises you create, and any cardio or sport activities you log.
- Nutrition: the foods and drinks you log (name, calories, macros, and portion), and any recipes or saved meals you create.
- Health and wellbeing you choose to enter: your bodyweight, weekly recovery check-ins, hydration (water) entries, and your daily mood notes.
- Connected health data you choose to link (optional): with Apple Health, your bodyweight, step count, and active energy; with WHOOP, your recovery score, heart-rate variability, and resting heart rate.
- Coaching messages: text you send to Nova, our in-app coach.
- Coaching connections: if you link with a coach, a record of that connection and your recorded consent.
- Technical data: the minimal device and diagnostic information needed to run the app.
We do not sell your data, and we do not use it for advertising.
Why we use it (lawful bases under UK GDPR)
- To provide the service you signed up for (performance of a contract).
- To keep the app secure and reliable (our legitimate interests).
- Where we ask for it, your consent (for example optional analytics) — which you can withdraw at any time.
How Nova handles your messages
When you chat with Nova online, your message and minimal context are sent to our AI provider to generate a reply. Messages are processed to answer you; they are not used to build an advertising profile. Nova gives general fitness guidance, not medical advice.
Apple Health and connected devices
Connecting a health source is optional and you control it.
- Apple Health: with your permission, Áfram reads your bodyweight, step count, and active energy from Apple Health. This is read-only — we never write to Apple Health, never use Apple Health data for advertising, and never share it with third parties for marketing. It is used only inside the app to show your stats and, when a Health bodyweight is more recent than one you logged, to update your current weight. You can revoke access in your iOS Health settings at any time.
- WHOOP: if you connect WHOOP, Áfram receives your recovery score, heart-rate variability (HRV), and resting heart rate through WHOOP's API to show your recovery. Your WHOOP login tokens are held securely on our server and are never exposed to the app. You can disconnect at any time, which removes the connection and the synced recovery data.
Sharing your routine with a coach
Áfram has an optional coaching feature. If you accept a coach's invite, you give explicit, recorded consent for that coach to view your current training routine — read-only. They cannot see your logged sets, bodyweight, nutrition, recovery check-ins, or Nova messages, and they cannot edit your data. You can revoke a coach's access at any time, and it stops immediately. If you act as a coach, the same limits apply to what you can see of a client who links with you.
Sharing routines and recipes
You can share a training routine or a recipe by generating a share code and giving it to someone. Anyone with the code can import a copy into their own account. A share includes only the routine's or recipe's structure (its exercises and targets, or its ingredients and totals) — never your logs, history, or personal data. You can stop sharing at any time, which disables the code for new imports; copies already imported by others stay in their own accounts.
Camera, microphone, and voice
Some features ask for device permissions, only when you use them. The camera is used to scan a product barcode for food logging — we send only the scanned barcode (not the image) to look it up. The microphone is used for optional voice input to Nova; your speech is transcribed to text by your device's speech-recognition service, and we do not store the audio. You can decline either permission and keep using the app by entering things manually.
Who we share it with (subprocessors)
We use a small number of trusted providers to run Áfram:
- Supabase — database, authentication, and hosting.
- Anthropic — the AI that powers Nova's online coaching.
- Open Food Facts — the food database we query for nutrition search and barcode lookups (we send only your search term or scanned barcode — no account or personal data).
- Expo — app build and delivery.
Each processes data only to provide their service to us, under a data-processing agreement. We do not share your data with anyone else except where required by law.
International transfers
Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards such as UK-approved transfer mechanisms.
How long we keep it
We keep your data for as long as your account exists. When you delete your account we erase your data (see "Your rights"). We may delete accounts that have been inactive for a long period, and only after notifying you first.
Your rights
Under UK GDPR you can: access your data; receive a copy (we provide an in-app "Export my data"); have it deleted (the in-app "Delete account" erases your account and data); correct it; restrict or object to processing; and withdraw consent. Use the in-app controls or contact us. You also have the right to complain to the UK Information Commissioner's Office (ICO).
How we protect it
Data is encrypted in transit (HTTPS) and at rest. Access is restricted per-user by database row-level security, administrative access is limited and protected, and server secrets are never shipped in the app.
Health data
The fitness information you enter (workouts, bodyweight, recovery ratings) is used to give general training guidance. We do not use it to provide medical or clinical services, and we do not treat it as special-category health data for diagnosis.
Children
Áfram is not intended for children. You must meet the minimum age set out in our Terms to use it.
Analytics and tracking
Product analytics are off by default and only run with your consent. We do not use third-party advertising trackers.
Changes
We may update this policy. We will change the version and effective date shown in the app and, for material changes, let you know.
Contact
Questions or requests: hello@afram.coach.