Privacy Policy

Last updated: 11/4/2025

Introduction

Welcome to Plate Progress ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our app.

Information We Collect

1. Account Information

When you create an account, we collect:

• Email address - For account creation, authentication, and communication
• Username - Your unique identifier within the application
• Display name - Optional public-facing name
• Password - Stored encrypted via Supabase authentication
• Avatar image - Optional profile picture (if uploaded)

2. Workout and Fitness Data

To provide our core service, we collect and store:

• Exercise logs - Names of exercises, sets, reps, weight, and rest periods
• Workout sessions - Start/end times, duration, notes, and titles
• Personal records - Your best performances for tracked exercises
• Workout templates - Saved routines you create
• Body metrics - Optional weight, height, and body composition data (Premium)
• Progress photos - Optional transformation images with timestamps (Premium)
• Hydration logs - Daily water intake tracking (Premium)

3. Gamification and Progress Data

• XP and levels - Experience points and leveling progress
• Streaks - Consecutive workout days and longest streaks
• Badges and achievements - Unlocked accomplishments
• Weekly goals - Your fitness targets and progress
• Rank and prestige - Competitive ranking data (Premium)

4. Social and Community Data

• Friend connections - Your friend list and pending requests
• Gym memberships - Community gym affiliations (optional)
• Leaderboard participation - Opt-in competitive rankings
• Shared content - Any progress cards or data you choose to share

5. Payment Information (Premium Subscribers)

• Subscription data - Managed entirely by Stripe (not stored on our servers)
• Billing history - Transaction records stored by Stripe
• Payment methods - Securely stored by Stripe, not accessible to us

6. Technical and Analytics Data

• Device information - Browser type, device type, screen size
• Usage analytics - Page views, feature usage, performance metrics (via Vercel Analytics)
• Error logs - Technical errors for debugging and improvement
• IP address - For security and fraud prevention
• Cookies - Essential cookies for authentication and preferences

How We Use Your Information

Legal Basis for Processing (GDPR)

We process your data based on the following legal bases:

• Contractual necessity - To provide the service you've signed up for
• Legitimate interests - To improve the app and prevent fraud
• Consent - For optional features like analytics and marketing emails
• Compliance - To meet legal obligations

Specific Uses

• Service delivery - Provide core workout tracking functionality
• Progress tracking - Calculate PRs, generate charts, track achievements
• Gamification - Compute XP, levels, streaks, and badges
• Social features - Enable friend connections and leaderboards (opt-in)
• Communication - Send essential emails (password resets, security alerts)
• Premium services - Manage subscriptions via Stripe
• Analytics - Understand usage patterns to improve the app
• Security - Detect and prevent fraud, unauthorized access
• Support - Respond to help requests and troubleshoot issues

Data Storage and Security

Infrastructure

Your data is stored securely using:

• Supabase - PostgreSQL database hosted on AWS in EU regions (Ireland/Frankfurt)
• Vercel - Application hosting with global CDN (EU data centers)
• Supabase Storage - Encrypted file storage for images (EU region)

We prioritize EU-based infrastructure to minimize international data transfers and ensure GDPR compliance.

Security Measures

• Encryption in transit - All connections use TLS/SSL (HTTPS)
• Encryption at rest - Database and file storage encrypted
• Row-Level Security - Database policies ensure users can only access their own data
• Authentication - Secure password hashing with bcrypt
• API security - Rate limiting and CORS protection
• Regular updates - Dependencies and security patches applied promptly
• Access controls - Minimal team access with audit logging

Data Sharing and Third Parties

We DO NOT:

• ❌ Sell your personal data to anyone
• ❌ Share your workout data with third parties
• ❌ Use your data for advertising purposes
• ❌ Track you across other websites

Third-Party Service Providers:

We share limited data with these services to operate the app:

• Supabase - Database and authentication (see their privacy policy)
• Vercel - Hosting and analytics (see their privacy policy)
• Stripe - Payment processing for Premium subscriptions (see their privacy policy)
• Resend - Transactional email delivery (see their privacy policy)

User-Controlled Sharing:

You may choose to share:

• Progress cards publicly (your explicit action)
• Profile visibility to friends (opt-in)
• Leaderboard participation (opt-in)

Your Rights and Control

Under GDPR and other privacy laws, you have the following rights:

1. Right to Access

Request a copy of all personal data we hold about you.

2. Right to Rectification

Correct inaccurate or incomplete data through your account settings.

3. Right to Erasure ("Right to be Forgotten")

Request permanent deletion of your account and all associated data.

4. Right to Data Portability

Export your workout data in machine-readable format (JSON/CSV).

5. Right to Restrict Processing

Limit how we process your data while maintaining your account.

6. Right to Object

Object to processing based on legitimate interests.

7. Right to Withdraw Consent

Withdraw consent for optional processing at any time.

To exercise your rights: Visit the Privacy & Data section in your account settings or contact us at privacy@plateprogress.com

Data Retention

• Active accounts - Data retained as long as your account exists
• Deleted accounts - All data permanently deleted within 30 days
• Backups - Backup copies deleted within 90 days
• Legal holds - Data may be retained longer if required by law
• Analytics - Aggregated, anonymized data may be retained indefinitely

International Data Transfers

Our primary infrastructure is hosted within the EU (Ireland). Where data is transferred outside the EU, we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs) - Approved by the European Commission
• EU-US Data Privacy Framework - For US-based service providers (Stripe, Resend)
• Adequacy decisions - We only transfer to countries with adequate protection as recognized by the EU Commission
• EU hosting preference - We prioritize EU data centers where available

As an Irish company, we adhere to strict EU data transfer regulations to protect your personal data.

Cookies and Tracking

We use minimal cookies essential for the app to function:

• Authentication cookies - Keep you logged in securely (essential)
• Preference cookies - Remember your settings like theme (essential)
• Analytics cookies - Vercel Analytics for basic usage stats (optional)

We do NOT use advertising cookies or third-party tracking pixels.

Children's Privacy

Plate Progress is not intended for users under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@plateprogress.com.

Irish and EU Data Protection

As a company based in Ireland, we are subject to the Irish Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). This means you have strong data protection rights:

• Right to know what personal data is collected and how it's used
• Right to access, rectify, and delete your personal data
• Right to data portability in machine-readable format
• Right to object to processing and restrict processing
• Right to lodge a complaint with the Irish Data Protection Commission
• Protection against automated decision-making

See our GDPR Compliance page for detailed information.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top
• Notify you via email (if you've opted in)
• Display a notice in the app
• Request new consent if required by law

Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions, concerns, or to exercise your data rights:

• Privacy Email: privacy@plateprogress.com
• General Support: support@plateprogress.com
• Data Protection Officer: privacy@plateprogress.com
• Irish Data Protection Commission: If you are not satisfied with our response, you may lodge a complaint with the Data Protection Commission at dataprotection.ie

This privacy policy was last updated on November 4, 2025. We are committed to transparency and protecting your privacy.