Privacy Policy
DRAFT — pending legal review. This is a plain-language draft that reflects how Áfram handles data today. It has not yet been reviewed by a lawyer and is not legal advice.
Who we are
Áfram ("we", "us") is a fitness app operated by a sole trader registered in the United Kingdom. We are the data controller for your personal data under UK GDPR. For privacy questions or requests, contact us at hello@afram.coach.
What we collect
- Account: your email address and password (handled by our authentication provider).
- Profile: your display name and preferences (units, training goal, experience level).
- Training data: your workouts, logged sets, progression state, and prescriptions.
- Health-adjacent data you choose to enter: bodyweight and weekly recovery check-ins.
- Coaching messages: text you send to Nova, our in-app coach.
- Technical data: the minimal device and diagnostic information needed to run the app.
We do not sell your data, and we do not use it for advertising.
Why we use it (lawful bases under UK GDPR)
- To provide the service you signed up for (performance of a contract).
- To keep the app secure and reliable (our legitimate interests).
- Where we ask for it, your consent (for example optional analytics) — which you can withdraw at any time.
How Nova handles your messages
When you chat with Nova online, your message and minimal context are sent to our AI provider to generate a reply. Messages are processed to answer you; they are not used to build an advertising profile. Nova gives general fitness guidance, not medical advice.
Who we share it with (subprocessors)
We use a small number of trusted providers to run Áfram:
- Supabase — database, authentication, and hosting.
- Anthropic — the AI that powers Nova's online coaching.
- Expo — app build and delivery.
Each processes data only to provide their service to us, under a data-processing agreement. We do not share your data with anyone else except where required by law.
International transfers
Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards such as UK-approved transfer mechanisms.
How long we keep it
We keep your data for as long as your account exists. When you delete your account we erase your data (see "Your rights"). We may delete accounts that have been inactive for a long period, and only after notifying you first.
Your rights
Under UK GDPR you can: access your data; receive a copy (we provide an in-app "Export my data"); have it deleted (the in-app "Delete account" erases your account and data); correct it; restrict or object to processing; and withdraw consent. Use the in-app controls or contact us. You also have the right to complain to the UK Information Commissioner's Office (ICO).
How we protect it
Data is encrypted in transit (HTTPS) and at rest. Access is restricted per-user by database row-level security, administrative access is limited and protected, and server secrets are never shipped in the app.
Health data
The fitness information you enter (workouts, bodyweight, recovery ratings) is used to give general training guidance. We do not use it to provide medical or clinical services, and we do not treat it as special-category health data for diagnosis.
Children
Áfram is not intended for children. You must meet the minimum age set out in our Terms to use it.
Analytics and tracking
Product analytics are off by default and only run with your consent. We do not use third-party advertising trackers.
Changes
We may update this policy. We will change the version and effective date shown in the app and, for material changes, let you know.
Contact
Questions or requests: hello@afram.coach.