MUSCLEFORGE
← Home

Privacy Policy

Last updated April 26, 2026

1. Who we are

Muscle Forge ("we", "us") is a fitness and nutrition service. Our contact email is support@muscleforge.app.

2. Data we collect

  • Account data: email, name, password (hashed).
  • Fitness data you provide: goals, training experience, schedule, equipment, body metrics (height, weight, target weight), diet preferences, allergies.
  • Workout logs: sets, reps, weights, durations, readiness check-ins.
  • Payment data: processed by Stripe. We never see or store your full card number.
  • Usage data: pages visited, features used, device type, IP address (hashed), referrer.
  • Marketing identifiers: UTM parameters, fbclid, gclid (used only to attribute ad spend).

3. How we use it

  • To deliver the Service: build your plan, save your progress, generate meal suggestions.
  • To process payments and manage subscriptions.
  • To send transactional emails (welcome, receipt, password reset, trial-ending notifications).
  • To measure ad performance (e.g., which ad campaigns lead to signups).
  • To debug and improve the product.

4. Who we share with

  • Stripe — for payment processing.
  • Supabase — for authentication and database storage.
  • Resend — for transactional email delivery.
  • Vercel — for hosting and content delivery.
  • Meta, TikTok, Google — only when you arrive from one of their ads, to measure conversions. We share hashed email and the event name (e.g., "Purchase"), not your fitness data.
  • Sentry — for error monitoring.

We do not sell your personal information.

5. Cookies and tracking

We use cookies and similar technologies for authentication (required), analytics, and ad attribution (optional, gated behind your consent). You can change your consent at any time using the cookie banner.

6. Your rights

You may at any time:

  • Access or download your data.
  • Delete your account and all associated data.
  • Opt out of marketing emails (transactional emails are required while you have an account).

Email support@muscleforge.app to exercise any of these rights. If you're in the EU, UK, or California, you have additional rights under GDPR / CCPA — same email applies.

7. Data retention

We keep your data while you have an account. After deletion, we remove personal data within 30 days, except where law requires longer retention (e.g., financial records: 7 years).

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with industry-standard algorithms. We follow Supabase's row-level security model so users can only access their own data.

9. Children

The Service is not for anyone under 18. We do not knowingly collect data from children.

10. Changes

We'll post material changes here and email subscribers at least 30 days before they take effect.