Privacy Policy

Effective date: April 11, 2026 · Last updated: April 11, 2026

We keep it simple: we collect only what we need to run the app, we never sell your data, and you can delete your account at any time.

1. Who We Are

Cali Fit Lab ("we", "our", "the app") is a workout tracking application operated by the owner of califitlab.com. If you have questions about this policy, contact us at privacy@califitlab.com.

2. Information We Collect

We collect the following when you create an account:

Email address — used to identify your account and for account recovery.
Display name — the name you choose to appear in the app.
Password — stored as a one-way bcrypt hash. We never see your plaintext password.

We also store data you actively create in the app:

Workout sessions — exercises, sets, reps, weight, duration, and timestamps.
Equipment selection — which equipment you have selected for recommendations.

We do not collect location data, device identifiers, advertising IDs, or any data unrelated to your fitness activity.

3. How We Use Your Information

To authenticate you and keep your account secure.
To sync your workout data across your devices.
To provide personalized workout recommendations based on your equipment and history.
To calculate your progress statistics within the app.

We do not use your data for advertising, profiling, or sale to third parties. Ever.

4. Data Storage and Security

Your data is stored in a secured database on servers in the United States. We use the following security measures:

HTTPS encryption for all data in transit.
Bcrypt password hashing (passwords are never stored in plain text).
Session tokens (64-character cryptographically random hex strings) that are separate from your password.
Server-side validation on all inputs.

No system is 100% secure. If you become aware of any security issue, please contact us immediately at privacy@califitlab.com.

5. Cookies and Local Storage

The app does not use cookies. It uses your browser's localStorage to store your session token, preferences (theme, weight unit), and a local copy of your workout data so the app works offline. This data never leaves your device except when syncing to our server.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all associated data (email, display name, password hash, tokens, and workout data) is permanently deleted from our servers within 30 days.

7. Age Requirement

You must be 18 years of age or older to create an account. By registering, you confirm that you meet this requirement. We do not knowingly collect personal information from anyone under 18. If we learn that we have done so, we will delete that account immediately.

8. Your Rights

You have the right to:

Access — request a copy of the data we hold about you.
Correction — request that inaccurate data be corrected.
Deletion — request that your account and all associated data be deleted.
Portability — request your workout data in a machine-readable format.

To exercise any of these rights, email privacy@califitlab.com. We will respond within 30 days.

9. Third Parties

We do not share your personal data with third parties except as required by law (e.g., a valid court order). We do not use third-party analytics, advertising networks, or tracking services.

10. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy. For significant changes, we will make a reasonable effort to notify registered users via the app.

11. Contact

Questions, requests, or concerns about your privacy can be sent to:
privacy@califitlab.com