Privacy Policy

Last updated: July 9, 2025

This Privacy Policy describes how Loadline ("we," "our," or "us") collects, uses, and protects your personal information when you use our fitness analytics platform. We are committed to protecting your privacy and being transparent about our data practices.

Summary: We only store your application settings and encrypted authentication tokens. We do not store your workout data or health information, and we do not sell or share your personal information with third parties.

What We Collect

Account Information

  • Your email address (for authentication and communications)
  • Application preferences and dashboard settings
  • Newsletter subscription (if you opt-in)

Integration Data

  • OAuth tokens for Hevy, Withings, and Google (encrypted storage)
  • Integration status and last synchronization times

Usage Information

  • Application usage patterns (to improve features)
  • Error logs (for bug resolution)
  • Basic device information (browser, operating system)

What We Do Not Store

  • Your workout data (remains with Hevy)
  • Your weight/health data (remains with Withings)
  • Payment information (service is free during alpha)
  • Precise location data

How We Use Your Data

  • Provide core services: Connect to your fitness services and display analytics
  • Communications: Send newsletter updates about new features (only if you subscribe)
  • Technical maintenance: Debug issues and improve performance
  • Product development: Understand which features are popular

Legal Basis for Processing

Under GDPR, we need a legal reason to process your personal data. Here's what we rely on:

Contract Performance

  • Account creation and management
  • Connecting to fitness services (Hevy, Withings)
  • Providing analytics and app features

Legitimate Interests

  • Improving app performance and fixing bugs
  • Understanding feature usage (anonymized analytics)
  • Security monitoring and fraud prevention

Consent

  • Newsletter subscriptions (you can withdraw anytime)
  • Marketing communications
  • Non-essential cookies and analytics

Third-Party Services

Fitness Platforms

  • Hevy: We connect to fetch your workout data in real-time
  • Withings: We connect to fetch your weight data in real-time
  • Google: For secure login via OAuth

Infrastructure & Cloud Services

  • Vercel: Hosts our website and provides analytics services
  • Google Cloud Platform: Core infrastructure for app hosting, databases, and storage
  • Google Cloud Services: Authentication, secure storage, and encrypted data processing
  • Google Cloud Security: DDoS protection, threat detection, and access monitoring

Google Cloud Compliance: All Google Cloud services we use maintain certifications for SOC 2, ISO 27001, and GDPR compliance. Your data is processed according to Google's Data Processing Addendum.

Note: We do not sell your data to third parties. These services help us operate the application.

Security & Storage

Security

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • OAuth Security: Tokens stored with encryption and secure key management
  • Access Controls: Role-based access with minimal privileges
  • Infrastructure: Hosted on Google Cloud with enterprise-grade security
  • Monitoring: 24/7 security monitoring and automated threat detection
  • Updates: Regular security patches and vulnerability assessments
  • Backup Security: Encrypted backups with access logging

Security Standards: We follow industry best practices including OWASP guidelines and maintain SOC 2 Type II compliance standards.

How Long We Keep Data

  • Account data: Until you delete your account, then permanently deleted within 30 days
  • OAuth tokens: Until you disconnect services, then immediately deleted
  • Usage logs: 90 days maximum (for debugging and security)
  • Newsletter data: Until you unsubscribe, then removed within 7 days
  • Error logs: 30 days maximum (for bug fixes)
  • Analytics data: 24 months maximum (anonymized)

Automatic Deletion: When retention periods expire, data is automatically deleted from our systems and backups. You can also request immediate deletion of your data at any time.

Your Rights

Under GDPR and other privacy laws, you have comprehensive rights over your personal data:

Data Subject Rights

  • Right of Access: Get a copy of your data and understand how it's processed
  • Right to Rectification: Fix any wrong or incomplete information
  • Right to Erasure: Delete your data (account deletion)
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Stop certain data processing activities
  • Right to Restrict Processing: Limit how we use your data
  • Right to Withdraw Consent: Cancel permissions you've given

How to Exercise Your Rights

  • Email us at patriklevak@gmail.com with your request
  • We will respond within 30 days (or explain if we need more time)
  • Most requests are free, but We may charge for excessive requests
  • We may need to verify your identity before processing requests

Complaints: You can also file a complaint with your local data protection authority if you're not satisfied with how we handle your data.

Cookies

We use the following types of cookies:

  • Essential: Maintain your login session and application functionality
  • Analytics: Help us understand application usage (anonymized)

You can disable cookies in your browser, but some features may not function properly.

Age Requirements & International Use

Age Requirements

You must be at least 16 years old to use Loadline. If you are under 16, please do not create an account.

International Data Transfers

We comply with GDPR (EU) and CCPA (California). Your data may be processed in multiple locations:

  • Primary Processing: European Union (where possible)
  • Cloud Infrastructure: Google Cloud regions in EU and US
  • Third-party Services: Hevy (EU), Withings (France), Google (global)

Transfer Safeguards: All international transfers use Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent safeguards to ensure your data remains protected according to EU standards.

Updates to This Policy

If we make significant changes to this privacy policy, we will email you and update the date at the top. Minor updates (such as fixing typographical errors) will not trigger notifications.

Contact Information

For questions about privacy or data, please contact us:

Data Controller

Name: Patrik Levak
Email: patriklevak@gmail.com
Company: Loadline
Location: European Union

We will respond to all inquiries within the timeframes specified by applicable data protection laws.

This policy is effective as of the date above. Thank you for trusting us with your fitness data.

← Back to Home