Privacy Policy

1. Introduction

Loga Fitness Limited ("we", "us", or "our") operates the Loga Fitness application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring you understand how your personal data is processed. By using the Service, you consent to the data practices described in this policy.

2. Company Information

3. Information We Collect

3.1 Personal Information

We collect personal information that you voluntarily provide to us when you register for the Service, including:

• Email address (Gmail or Googlemail accounts only)
• Password (stored in encrypted format)
• Name (if provided)
• Profile information

3.2 Workout and Fitness Data

When you use our Service, we collect and store:

• Workout routines and exercise data
• Scheduled workout sessions
• Workout history and progress
• Exercise preferences and custom workouts
• Notes and annotations related to workouts

3.3 Google Calendar Data

If you choose to connect your Google Calendar, we access and process:

• Google Calendar events (to create, read, update, and delete workout schedule entries)
• Calendar metadata (calendar name, timezone)
• OAuth authentication tokens (securely stored and encrypted)

3.4 Automatically Collected Information

When you access the Service, we may automatically collect:

• IP address and device information
• Browser type and version
• Access times and dates
• Pages viewed and features used
• Technical diagnostics and error logs

4. How We Use Your Information

4.1 Primary Purposes

We use the information we collect for the following purposes:

• Service Provision: To provide, operate, and maintain the Loga Fitness application
• Account Management: To create and manage your user account
• Workout Scheduling: To schedule and sync your workout sessions with Google Calendar
• Personalization: To customize your experience and provide personalized workout recommendations
• Communication: To send you technical notices, updates, and security alerts
• Support: To respond to your inquiries and provide customer support

4.2 Google Calendar Integration

We use Google Calendar API access specifically to:

• Create calendar events for your scheduled workouts
• Update workout events when you modify your schedule
• Delete workout events when you remove them from your schedule
• Read your calendar settings (timezone, calendar name)

We will never:

• Access or read non-Loga Fitness calendar events
• Share your Google Calendar data with third parties
• Use your calendar data for advertising purposes
• Modify calendar events that were not created by Loga Fitness

4.3 Legal Basis for Processing (GDPR)

Our legal basis for processing your personal data includes:

• Consent: You have given explicit consent for us to process your data for specific purposes (e.g., Google Calendar integration)
• Contract Performance: Processing is necessary to provide the Service you have requested
• Legitimate Interests: Processing is necessary for our legitimate interests in operating and improving the Service

5. Data Storage and Security

5.1 Data Storage

Your data is stored securely using industry-standard practices:

• Database: PostgreSQL database hosted by Neon (serverless platform) with SSL/TLS encryption
• Location: Data centers located in the United States (AWS US-East-1)
• Passwords: Encrypted using bcrypt hashing algorithm (12 rounds)
• OAuth Tokens: Stored encrypted in our secure database
• Backups: Regular automated backups with encryption at rest

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

• HTTPS/TLS encryption for all data transmission
• Encrypted storage for passwords and sensitive tokens
• JWT (JSON Web Token) authentication with 7-day expiration
• Regular security audits and updates
• Access controls and authentication requirements
• Secure hosting infrastructure (Vercel platform)

5.3 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Data permanently deleted within 30 days of account deletion
• Google Calendar Tokens: Revoked immediately upon disconnecting Google Calendar integration
• Logs and Analytics: Retained for up to 90 days for security and diagnostics

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We may share your information with the following third-party service providers:

• Neon: Database hosting and management
• Vercel: Application hosting and deployment
• Google: Google Calendar API integration (only when you explicitly connect your calendar)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests from law enforcement or government authorities
• Court orders or subpoenas
• Protection of our legal rights or defense against legal claims
• Prevention of fraud, security threats, or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

6.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Your Rights and Choices

7.1 GDPR Rights (EU/UK Users)

If you are located in the European Union or United Kingdom, you have the following rights under GDPR:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing of your data
• Right to Data Portability: Request transfer of your data in a machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time (e.g., disconnect Google Calendar)
• Right to Complain: Lodge a complaint with your local data protection authority

7.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days. We may request additional information to verify your identity before processing your request.

7.3 Account Controls

You can manage your data directly within the application:

• Update Information: Edit your profile and account settings
• Delete Workouts: Remove individual workout routines and schedules
• Disconnect Google Calendar: Revoke calendar access at any time from Account settings
• Delete Account: Permanently delete your account and all associated data

7.4 Google Calendar Permissions

You can revoke Loga Fitness's access to your Google Calendar at any time by:

• Visiting your Google Account Permissions
• Selecting "Loga Fitness" and clicking "Remove Access"
• Or disconnecting within the Loga Fitness application Account settings

8. Google API Services User Data Policy

Loga Fitness's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum calendar scopes necessary to provide workout scheduling functionality
• We do not use Google user data for serving advertisements
• We do not allow humans to read Google user data unless:
  • We have your explicit consent for specific data
  • It is necessary for security purposes (e.g., investigating abuse)
  • It is required to comply with applicable law
• We do not transfer Google user data to third parties except as necessary to provide the Service

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

9.1 Essential Cookies

• Authentication Tokens: JWT tokens stored in browser localStorage to maintain your logged-in session
• Session Management: Cookies necessary for the Service to function properly

9.2 Analytics and Performance

We may use analytics tools to understand how users interact with our Service. This helps us improve functionality and user experience. These tools may collect:

• Pages visited and features used
• Time spent on pages
• Device and browser information
• Referring websites

9.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Service.

10. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at jamesshrub9@gmail.com.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data from the EU/UK to other countries, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Your explicit consent for the transfer

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice in the application
• Where required by law, obtain your consent for material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Additional Information for Specific Jurisdictions

14.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (Note: we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

14.2 UK Residents (UK GDPR)

UK residents have rights under UK GDPR as outlined in Section 7.1. Our UK representative for data protection matters is Caspar Rose at the address listed in Section 13.

15. Consent

By using the Loga Fitness Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

For Google Calendar integration specifically, you will be asked to provide explicit consent through Google's OAuth authorization flow before we access your calendar data.