Privacy Policy

Effective Date: September 24, 2025

This Privacy Policy explains how Pltly ("we," "us," or "our") collects, uses, shares, and protects information when you use the Pltly mobile application and related services (collectively, the "Service"). We are committed to protecting your privacy and being transparent about our data practices.

By using Pltly, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address (or Apple's private relay email if using Sign in with Apple)
Full name
Username
Password (hashed and encrypted; never stored in plain text)
Profile photo (optional)
Bio and profile information (optional)

1.2 Authentication Data

When you use third-party authentication:

Apple Sign In: User identifier, email (if provided), name
Google Sign In: User ID, email address, full name, authentication tokens

1.3 Workout and Fitness Data

When you log workouts, we collect:

Exercise names, sets, reps, and weights
Workout duration and timestamps
Personal records (PRs) and achievements
Workout notes and mood indicators (if provided)
Exercise intensity levels (1-10 scale)
Workout categories and muscle groups targeted

1.4 Health Data (Apple HealthKit)

With your explicit permission, we access Apple Health data:

Data We Read:

Body weight/mass
Date of birth
Heart rate
Active and basal energy burned
Distance metrics (walking/running)
Existing workout data

Data We Write:

Workout sessions
Active calories burned
Exercise duration
Workout metadata (exercises, volume lifted)

Important: You have complete control over HealthKit permissions and can revoke access at any time through iOS Settings → Health → Data Access & Devices → Pltly.

1.5 Body Metrics

You may optionally provide:

Height (cm or ft/in)
Current weight (kg or lbs)
Weight history over time

1.6 Social Activity Data

When you use social features:

Followers, following, and friend relationships
Likes and comments on posts
Workout sharing activity and visibility settings
Community posts and interactions
Gym check-ins and community participation

1.7 Gym and Location Data

If you enable location-based features:

Location data (when in use) to show nearby gyms and community activity
Gym memberships and home gym preferences
Gym check-ins (location, time, duration)
Nearby user discovery (approximate location, not precise coordinates)

We only access location while you are using the app and only if you grant permission.

1.8 Device and Usage Information

We automatically collect:

Device type and model (iPhone, Apple Watch)
Operating system version (iOS, watchOS)
App version and build number
App interactions and feature usage
Error logs and crash reports (for debugging)
Network connection type
Language and timezone settings

1.9 Apple Watch Data

If you use our Apple Watch companion app:

Workout data synced between iPhone and Watch via Apple's WatchConnectivity framework
Exercise set completion and tracking data
Watch app usage and interactions

Important: Watch data syncs only between your devices and is not transmitted to our servers unless you explicitly save or share workouts.

2. How We Use Your Information

We use collected information to:

2.1 Provide Core Services

Create and manage your account
Log and track your workouts
Calculate and display fitness statistics and progress
Sync workout data to Apple Health (if enabled)
Provide personalized workout insights and recommendations
Enable Apple Watch workout tracking

2.2 Social and Community Features

Connect you with friends and other users
Display your workouts to followers (per your privacy settings)
Show leaderboards and community challenges
Enable gym-based community features
Facilitate workout sharing and social interactions

2.3 Personalization

Customize your experience based on training style and goals
Calculate accurate calorie estimates using your body weight and workout volume
Detect and celebrate personal records automatically
Provide exercise standardization and form recommendations

2.4 Service Improvement

Analyze usage patterns to improve features and performance
Identify and fix bugs and technical issues
Develop new features based on user behavior
Optimize app performance and reliability

2.5 Security and Fraud Prevention

Protect against unauthorized access and abuse
Detect and prevent fraudulent activity
Enforce our Terms of Service
Verify user identity during authentication

2.6 Communications

Send transactional emails (password resets, account confirmations)
Notify you of workout milestones and achievements
Provide customer support responses
Send important service updates and policy changes
Deliver push notifications (if enabled) for social interactions and reminders

2.7 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and prevent harm
Enforce our legal rights and terms

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share information in the following circumstances:

3.1 With Your Consent

Public profile data when you set your profile to public
Workout data when you share workouts with followers or the community
Social interactions (likes, comments) visible to other users per your settings

3.2 With Service Providers

We work with trusted third-party service providers who help us operate the Service:

Cloud hosting and storage providers
Analytics and performance monitoring services
Authentication services (Apple, Google)
Customer support tools

All service providers are contractually obligated to:

Use data only for specified purposes
Implement appropriate security measures
Comply with applicable privacy laws
Not sell or share your data with others

3.3 For Legal Reasons

Comply with law, regulation, legal process, or governmental request
Enforce our Terms of Service and other agreements
Detect, prevent, or address fraud, security, or technical issues
Protect the rights, property, or safety of Pltly, our users, or the public

3.4 Business Transfers

If Pltly is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice and choices regarding such transfer.

3.5 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably identify you, such as:

General fitness trends and statistics
Aggregate usage metrics
Industry research and benchmarking

4. Third-Party Services

4.1 Authentication Services

Apple Sign In

Used for secure account creation and login
Provides option for private email relay
Subject to Apple's Privacy Policy: https://www.apple.com/legal/privacy/

Google Sign In

Used for account creation and login via Google
Google may collect device and usage data
Subject to Google's Privacy Policy: https://policies.google.com/privacy

4.2 Apple HealthKit

HealthKit data is stored on your device and controlled by iOS
We read/write only data you explicitly authorize
Subject to Apple's Health Data Usage Policy

4.3 Apple Watch Integration

Uses Apple's WatchConnectivity framework
Data syncs only between your personal devices
Subject to Apple's watchOS Privacy Policy

Important: Each third-party service processes data according to their own privacy policies. We encourage you to review them.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

Encryption in transit: All data transmitted between your device and our servers uses TLS/SSL encryption
Encryption at rest: Sensitive data stored on our servers is encrypted
Keychain storage: Authentication tokens stored securely in iOS Keychain with device-only access
Password security: Passwords are hashed using industry-standard algorithms and never stored in plain text

5.2 Access Controls

Role-based access controls for internal systems
Multi-factor authentication for administrative access
Regular security audits and penetration testing
Employee training on data protection practices

5.3 Limitations

While we strive to protect your information, no security system is 100% secure. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems.

6. Data Retention

6.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide the Service.

6.2 Account Deletion

Account data: Deleted within 30 days of deletion request
Workout data: Permanently deleted within 30 days
Social interactions: Comments and likes are anonymized or removed
Backups: Deleted data may remain in system backups for up to 90 days
Legal holds: Data may be retained longer if required by law or ongoing legal proceedings

6.3 Data Type-Specific Retention

Analytics data: Aggregated and anonymized after 90 days
Error logs: Retained for 180 days for debugging purposes
Communications: Support emails retained for 2 years for quality assurance

6.4 HealthKit Data

HealthKit data remains on your device and in Apple's Health app regardless of account deletion. To remove HealthKit data, use iOS Settings → Health.

7. Your Rights and Choices

7.1 Access and Correction

You can:

View and edit your profile information in Settings
Access your workout history and data
Update your preferences at any time

7.2 Account Deletion

You can request account deletion by:

Emailing support@pltly.app with subject "Delete My Account"
Providing your username or email for verification
We will respond within 30 days

7.3 Data Portability

You can request an export of your data in machine-readable format (JSON) by emailing noah@noah.miami. We will provide your data within 30 days.

7.4 Privacy Settings

Control your visibility:

Profile visibility: Public, Friends Only, or Private
Workout sharing: Choose who can see your workouts
Social features: Enable/disable likes, comments, and followers
Location features: Enable/disable gym discovery and nearby users

7.5 HealthKit Control

Manage Apple Health integration:

Enable/disable automatic workout syncing
Revoke HealthKit permissions in iOS Settings
Choose specific data types to share

7.6 Location Services

Control location access:

Enable/disable location permissions in iOS Settings
Use gym features without sharing precise location
Disable "nearby users" feature at any time

7.7 Notifications

Control push notifications:

Manage notification preferences in app Settings
Disable specific notification types
Opt out of promotional notifications

7.8 Marketing Communications

You can opt out of promotional emails by:

Clicking "unsubscribe" in any marketing email
Updating communication preferences in Settings
Note: You will still receive transactional emails (password resets, security alerts)

8. Children's Privacy

Pltly is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we discover that a child under 13 has provided us with personal information:

We will delete the account and all associated data immediately
We will take steps to prevent the child from re-registering

If you are a parent or guardian and believe your child has provided us with information, please contact us at noah@noah.miami.

9. International Data Transfers

9.1 Data Processing Locations

Pltly is based in the United States. Your information may be transferred to, stored, and processed in:

United States
Countries where our service providers operate

These countries may have different data protection laws than your country of residence.

9.2 Legal Basis for Transfers

By using Pltly, you consent to the transfer of your information to countries outside your residence, including the United States, which may have different data protection rules.

10. Privacy Rights by Region

10.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

Right to Know: Request disclosure of personal information collected, used, or disclosed
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of sale/sharing (Note: we do not sell personal information)
Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment
Right to Correct: Request correction of inaccurate information
Right to Limit: Limit use of sensitive personal information

Categories of Personal Information We Collect:

Identifiers (name, email, username)
Commercial information (workout data, purchase history)
Internet activity (app usage, device data)
Geolocation data (when enabled)
Physical characteristics (height, weight)
Health information (workout data, HealthKit sync)

To Exercise Your Rights: Email noah@noah.miami with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. We require written authorization.

Do Not Track: We do not currently respond to "Do Not Track" browser signals.

10.2 European Economic Area and UK Residents (GDPR)

If you are in the EEA or UK, you have rights under GDPR:

Legal Basis for Processing:

Consent: Health data, location data, marketing communications
Contract: Account creation, service delivery
Legitimate Interests: Service improvement, fraud prevention
Legal Obligation: Compliance with laws

Your Rights:

Access: Obtain a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive data in structured, machine-readable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for consent-based processing

10.3 Virginia, Colorado, Connecticut, Utah Residents

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have rights to:

Confirm whether we process your personal data
Access your personal data
Correct inaccuracies in your personal data
Delete your personal data
Obtain a copy of your personal data
Opt out of targeted advertising (Note: we do not engage in targeted advertising)

To Exercise Your Rights: Email support@pltly.app with your state name and request type.

10.4 Other Regions

If you reside in other jurisdictions with privacy laws, you may have additional rights. Contact us at noah@noah.miami for information specific to your region.

11. Changes to This Privacy Policy

11.1 Notification of Changes

When we make material changes, we will notify you by:

Updating the "Last Updated" date at the top
Sending an email notification to your registered email address
Displaying an in-app notification
Posting a notice on our website

11.2 Your Acceptance

Continued use of Pltly after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please discontinue use and delete your account.

11.3 Review History

We maintain a history of privacy policy versions. Contact us to request previous versions.

12. Data Breach Notification

In the event of a data breach that affects your personal information:

We will notify affected users within 72 hours of discovery
Notification will include nature of breach, data affected, and steps we're taking
We will notify relevant regulatory authorities as required by law
We will provide guidance on protective steps you can take

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: noah@noah.miami

Subject Line: "Privacy Inquiry"

Response Time: We aim to respond within 5 business days for general inquiries and within 30 days for data access/deletion requests.

14. Additional Information

14.1 Terms of Service

This Privacy Policy should be read in conjunction with our Terms of Service, available at /terms.

14.2 Cookies and Tracking

The Pltly mobile app does not use browser cookies. Our backend API may use session tokens for authentication purposes only.

14.3 Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

14.4 User Content

You are responsible for any personal information you choose to include in workout notes, comments, or other user-generated content that may be visible to other users.

14.5 Research and Analytics

We may use aggregated, de-identified data for research purposes to:

Understand fitness trends and patterns
Improve workout recommendations
Contribute to fitness and health research

Such data cannot be used to identify individual users.

By using Pltly, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is effective as of September 24, 2025.