When you create an account, we collect your name, email address, phone number, gender, and primary sport. As you use the app, we also store your workout logs, weekly commitment amount, rest day preferences, and payment handles you optionally provide (Venmo, PayPal, Zelle, Bitcoin).
If you import your Strava avatar, we store your Strava athlete ID. If you have Strava workout sync enabled, we also store OAuth tokens to sync your activities automatically.
Your data is used solely to run the app — tracking workouts, calculating deductions, displaying the leaderboard, and sending push notifications. We don't sell your data, share it with advertisers, or use it for anything beyond operating ForFyt.
If you subscribe to notifications, your topic and credentials are handled through ntfy. You can unsubscribe at any time from your device's notification settings or the ntfy app.
You can optionally import your Strava profile photo in Settings by entering your Strava athlete URL. No account connection is required for this.
If you have Strava workout sync enabled, we store your Strava athlete ID and OAuth tokens to automatically sync your activities. You can disconnect at any time from Settings, which removes the stored tokens.
All data is stored on a private server and is not hosted on any public cloud. Passwords are hashed using scrypt and never stored in plain text.
You can request account deletion at any time from the Account section in Settings. This notifies your sponsor, who will contact you to settle any open payments before removing your account. Deletion requests are fulfilled within 30 days. Once deleted, all personal data — including your profile, workout history, and payment records — is permanently removed from the server.
We may update this policy occasionally. If anything significant changes, we'll let you know.