Back to ShiftFit
Legal

Privacy Policy

Last updated: April 2026

ShiftFit respects your privacy and is committed to protecting your personal data. This policy explains what data we collect when you use the ShiftFit app, how we use it, who we share it with, and what rights you have over it. It applies to the ShiftFit mobile application and website.

Who we are

ShiftFit is a fitness app designed for shift workers. For any privacy-related questions, please contact us at shiftfit.fitness@gmail.com.

What data we collect

Account data: When you create an account, we collect your email address and, optionally, a display name.

Fitness profile: During onboarding, we collect information about your fitness goals, experience level, available equipment, training location, preferred session length, days per week, and any injuries or areas to avoid. This information is used solely to generate and adapt your training plan.

Workout data: We record your workout sessions including exercises performed, sets, reps, weights used, session duration, and difficulty feedback. This constitutes health-related data and is treated accordingly.

Usage data: We collect anonymised analytics about how you use the app — such as which screens you visit, when you start and complete workouts, and whether you complete onboarding. This is collected via PostHog and is used to improve the app. IP addresses are anonymised.

Push notification token: If you grant permission, we store a device token to deliver push notifications. You can disable this at any time in the app or your device settings.

Preferences: We store your app preferences such as theme and unit settings (kg/lbs).

How we use your data

  • To create and manage your account
  • To generate and adapt your personalised training plan
  • To display your workout history and progress
  • To send push notifications about your training (if enabled)
  • To process your subscription and manage billing (via RevenueCat)
  • To understand how the app is used and improve it (via PostHog analytics)
  • To respond to support requests

Lawful basis for processing

We process your data on the following bases under UK GDPR:

  • Contract: processing necessary to provide the ShiftFit service you have signed up for
  • Legitimate interests: anonymised analytics to improve the app
  • Consent: push notifications (you can withdraw consent at any time)

Health data

Workout logs, including exercises, weights, and difficulty ratings, are health-related data. This data is stored securely in your account and is never shared with third parties for advertising or profiling purposes. Only you can access your workout data.

Third-party services

We use the following third-party services to operate ShiftFit:

  • Supabase — database and authentication, hosted on AWS infrastructure. Your data is stored in their secure cloud database with row-level security ensuring only you can access your records.
  • PostHog — product analytics. Collects anonymised usage events. IP addresses are anonymised. No personally identifiable information is shared.
  • RevenueCat — subscription billing and management. Handles in-app purchase processing via Apple and Google. RevenueCat does not store your payment card details.
  • Apple / Google — payment processing for subscriptions and push notification delivery.
  • Expo (Expo Push Notification Service) — used to route push notifications to your device.

We do not sell your personal data to any third party.

Data security

All data is transmitted over encrypted HTTPS connections. Your account data is protected by row-level security — no other user can access your data. Passwords are never stored in plain text; authentication is handled by Supabase Auth.

Data retention

We retain your data for as long as your account is active. If you delete your account, all your personal data — including your profile, training plan, and workout history — is permanently deleted immediately. This deletion is irreversible. Anonymised analytics data may be retained in aggregated form.

Your rights

Under UK GDPR, you have the following rights:

  • Right of access: you can request a copy of the data we hold about you
  • Right to rectification: you can correct inaccurate data
  • Right to erasure: you can delete your account and all associated data at any time from the Profile screen in the app
  • Right to withdraw consent: you can disable push notifications at any time in the app or device settings
  • Right to object: you can object to processing based on legitimate interests
  • Right to lodge a complaint: you can contact the Information Commissioner's Office at ico.org.uk

To exercise any of these rights, contact us at shiftfit.fitness@gmail.com.

Children

ShiftFit is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. We will notify you of significant changes via the app or email.

Contact us

If you have any questions about this privacy policy or how we handle your data, contact us at shiftfit.fitness@gmail.com.