When you create an account, we collect your name, email address, phone number, gender, and primary sport. As you use the app, we also store your workout logs, weekly commitment amount, rest day preferences, and payment handles you optionally provide (Venmo, PayPal, Zelle, Bitcoin).
If you connect Strava, we store your Strava athlete ID and OAuth tokens to sync your activities automatically.
Your data is used solely to run the app — tracking workouts, calculating deductions, displaying the leaderboard, and sending push notifications. We don't sell your data, share it with advertisers, or use it for anything beyond operating ForFyt.
If you subscribe to notifications, your topic and credentials are handled through ntfy. You can unsubscribe at any time from your device's notification settings or the ntfy app.
Connecting Strava is optional. If connected, we use your access token to fetch activity details and sync workouts. You can disconnect Strava at any time from Settings, which removes the stored tokens.
All data is stored on a private server and is not hosted on any public cloud. Passwords are hashed using scrypt and never stored in plain text.
Want your account removed? Reach out to your trainer directly and we'll delete your data.
We may update this policy occasionally. If anything significant changes, we'll let you know.