Privacy Policy

Last Updated: January 26, 2026

Welcome to JustLift ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

This policy complies with the Google API Services User Data Policy, including the Limited Use requirements.

1. Information We Collect

Personal Information

When you create an account with JustLift, we collect:

• Account Information: Name, email address, and profile picture (via Google Sign-In)
• Fitness Data: Workout logs, exercise details, sets, reps, weights, and workout notes
• Body Metrics: Weight entries, height, goal weight, and date of birth
• Progress Photos: Photos you upload to track your fitness transformation

Automatically Collected Information

• Device Information: Device type, operating system, and unique device identifiers
• Usage Data: App features used, session duration, and interaction patterns
• Log Data: IP address, browser type, and access times

2. Google User Data Access and Usage

JustLift's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google Data We Access

When you sign in with Google, we access the following information from your Google account:

• Basic Profile Information: Your name, email address, and profile picture
• Authentication Token: To verify your identity and maintain your session

How We Use Google User Data

We use Google user data exclusively for the following purposes:

• Account Creation and Authentication: To create and manage your JustLift account
• User Identification: To identify you within the app and personalize your experience
• Profile Display: To display your name and profile picture in the app
• Communication: To send you important account-related notifications via email

Limited Use Disclosure

We do NOT:

• Transfer Google user data to third parties (except as required for core app functionality with Firebase)
• Use Google user data for serving advertisements
• Allow humans to read Google user data unless necessary for security purposes, to comply with applicable law, or with your explicit consent
• Use or transfer Google user data for purposes unrelated to providing JustLift's core fitness tracking functionality

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: Enable you to log workouts, track progress, and view your fitness data
• Personalization: Customize your experience and provide workout recommendations
• AI Features: Generate personalized workout suggestions, progress analysis, and workout plans using AI
• Data Synchronization: Sync your data across multiple devices
• Analytics: Understand how users interact with our app to improve functionality
• Communication: Send important updates, security alerts, and support messages
• Security: Detect, prevent, and address technical issues and fraudulent activity

4. Data Storage and Security

Where Your Data is Stored

Your data is stored securely using Google Firebase services in the United States:

• Firestore Database: Stores your workout logs, exercise data, weight entries, body metrics, and profile information
• Firebase Storage: Stores your profile picture and progress photos with encryption
• Firebase Authentication: Manages your account credentials and authentication tokens securely
• Cloud Functions: Processes AI-generated workout suggestions and analysis

How Long We Store Your Data

We store your data for the following durations:

• Active Account Data: Stored indefinitely while your account is active
• Workout Logs: Retained for the lifetime of your account
• Progress Photos: Stored until you delete them or close your account
• Authentication Tokens: Expire after 1 hour and are automatically refreshed
• Deleted Account Data: Permanently deleted within 30 days of account deletion

Security Measures

We implement industry-standard security measures including:

• Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS 1.3
• Encryption at Rest: All stored data is encrypted using AES-256 encryption
• Secure Authentication: OAuth 2.0 and Firebase Authentication protocols
• Access Controls: Role-based access controls and least-privilege principles
• Regular Security Audits: Periodic security assessments and vulnerability scanning
• Secure API Endpoints: All API endpoints require authentication and authorization

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

Third-Party Service Providers

We share your information with the following service providers who help us operate JustLift:

• Google Firebase: Provides authentication, database hosting, file storage, and cloud functions. Data is processed in accordance with Google's privacy policies and security standards.
• Google Cloud Platform: Hosts our backend services and API endpoints
• Google Gemini AI: Processes your workout data to generate personalized suggestions, analysis, and workout plans. Your data is sent to Google's AI services but is not used to train AI models or shared with other users.

AI Data Processing

When you use AI features (Suggestions, Analysis, Generate Plan, Chat):

• Your workout history and profile data is sent to Google Gemini AI for processing
• This data is used solely to generate personalized recommendations for you
• Your data is not used to train AI models or improve Google's services
• AI-generated content is stored in your account for your reference
• You can delete AI-generated content at any time

Other Disclosure Circumstances

We may share your information only in the following additional circumstances:

• Legal Requirements: When required by law, court order, subpoena, or government regulation
• Safety and Security: To protect the rights, property, or safety of JustLift, our users, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
• With Your Consent: When you explicitly authorize us to share your information

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: View all data we have collected about you
• Correction: Update or correct your personal information
• Deletion: Request deletion of your account and all associated data
• Export: Download a copy of your workout data
• Opt-Out: Disable certain data collection features

To exercise these rights, contact us at the email address provided below.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you delete your account:

• All workout logs and weight entries are permanently deleted
• Progress photos are removed from our servers
• Profile information is erased
• Some anonymized analytics data may be retained for statistical purposes

8. Children's Privacy

JustLift is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Third-Party Services

Our app uses the following third-party services:

• Google Firebase: Authentication, database, and file storage (Privacy Policy)
• Google Sign-In: Account authentication via OAuth 2.0 (Privacy Policy)
• Google Gemini AI: AI-powered workout suggestions and analysis (Terms)
• Google Cloud Platform: Backend infrastructure and API hosting (Privacy Notice)

These services have their own privacy policies, and we encourage you to review them. Our use of these services is governed by their respective terms and our commitment to protecting your data.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that your data receives adequate protection.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an in-app notification for significant changes

Your continued use of JustLift after changes are posted constitutes acceptance of the updated policy.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

© 2026 JustLift. All rights reserved.