Legal
Privacy Policy
Last updated: April 19, 2026
1. Who we are
FitLog is operated by an independent developer based in Montpellier, France. You can reach us at +33 7 73 56 71 95 or via the contact link in the footer.
We are a small team. We built this app because we train and wanted something better. That context shapes every decision here.
2. The short version
- We collect only what is necessary to run the service.
- We do not run advertising. Your data is never sold or shared with third parties for marketing.
- We do not use analytics SDKs that track your behaviour across the web.
- You can export all your data at any time.
- You can delete your account and all data permanently.
3. Data we collect
3.1 Account information
When you register, we store your email address and a hashed password. Optionally: your display name and profile photo.
3.2 Training data
Every workout, set, rep, weight, RPE value, rest time, and note you log is stored and associated with your account. This data is the core product. Without it, the app has no reason to exist.
3.3 Body and nutrition data
If you use the body tracking or nutrition features, we store weight entries, measurements, food logs, and macro targets. This is sensitive health data. It is encrypted at rest and in transit.
3.4 Technical data
Server logs include IP addresses, user agent strings, and timestamps. These are retained for 30 days for security and debugging purposes, then deleted. We do not cross-reference logs with user profiles.
4. Data we do not collect
- Advertising identifiers
- Cross-site tracking pixels
- Location data beyond what you explicitly enter (gym address fields, etc.)
- Contacts or social graph data
- Data from your device beyond what you send to the API
5. How we use your data
Your data is used exclusively to:
- Render the application you are using
- Persist your training history across devices
- Send transactional emails you explicitly trigger (password reset, account confirmation)
- Diagnose bugs and performance issues
We do not use your data for any form of personalised marketing, profiling, or sale.
6. Data sharing
We use a small number of infrastructure providers to run the service: a cloud hosting provider for compute and storage, a transactional email provider for authentication emails. These providers process data on our behalf under data processing agreements and do not have permission to use your data for their own purposes.
We will disclose data if required by law in France or the EU. We will challenge requests we believe to be disproportionate.
7. Your rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access all data we hold about you
- Rectify inaccurate data
- Erase your account and all associated data
- Export your data in a portable format (CSV)
- Object to processing
- Withdraw consent at any time
To exercise any of these rights, use the data export and account deletion controls in the app, or contact us directly.
8. Data retention
Active account data is retained indefinitely as long as your account is active. Server logs are deleted after 30 days. When you delete your account, all training, nutrition, and body data is permanently deleted within 30 days.
9. Security
All data is transmitted over HTTPS. Passwords are hashed using bcrypt. Health and body data is encrypted at rest. We conduct periodic security reviews. If you discover a vulnerability, please contact us directly before public disclosure.
10. Cookies
We use a single session cookie to maintain your logged-in state. It is an httpOnly, Secure cookie. It is not used for tracking. We do not use third-party cookies. There is no cookie banner because there is nothing to consent to beyond the strictly necessary session cookie.
11. Changes to this policy
If we make material changes, we will notify users via in-app notification and update the date at the top of this page. Continued use of the service after notification constitutes acceptance of the updated policy.
12. Contact
Questions, requests, or concerns: +33 7 73 56 71 95. Or reach out via the contact form on the homepage.