Published: 2026-05-14
Fix8 ("we", "us", "Fix8") respects your privacy. This Privacy Policy explains what information we collect when you use the Fix8 web application and mobile apps (together, the "Services"), how we use it, who we share it with, and what choices you have.
If you do not agree with this Policy, please do not use the Services.
1. Information We Collect
We collect the following categories of information.
1.1 Account information
- Name and email address (when you create or update your account).
- Authentication credentials (passwords are handled by our identity provider and never stored by us in plain text).
- Organisation membership (the coach or club you are associated with, if any).
1.2 Training and performance information
- Training session data: exercise type, sets, reps, cadence, duration, weights, timer presets, rest intervals.
- Lift-judging metrics: arm angles, vertical angles, and similar pose-derived metrics produced by on-device analysis (no images or video are uploaded to us).
- Programmes and schedules: the training programmes assigned to you and your progress through them.
- Feedback and notes you submit during or after sessions.
1.3 Diagnostics and crash data
- Crash reports: stack traces, device model, operating system version, and app version when the app crashes or throws an unhandled error.
- Performance traces: sampled performance data to help us diagnose issues.
1.4 Optional analytics
- App interactions: events describing how you use features (e.g. "timer started", "fixation set completed"), including timestamps, feature parameters, and your user ID so events from the same account can be grouped. This is only collected if you opt in to analytics in the app and can be turned off at any time.
1.5 Device permissions you grant
- Camera: used on-device for live preview and to run pose detection during training. Camera frames are processed locally and are not uploaded to our servers.
- Photo Library / device media storage: used only when you choose to save a recording from the Fix8 camera to your own device. Fix8 does not browse your existing photo or video library, and saved videos are not uploaded to our servers.
- Biometric authentication (Face ID / Touch ID / fingerprint): handled entirely by your device's operating system. Fix8 never sees your biometric data.
2. How We Use Your Information
We use the information described in Section 1 for the following purposes:
- Provide the Services: authenticate you, store your training history, deliver programmes assigned by your coach, and sync data across devices.
- Improve the Services: investigate crashes, fix bugs, monitor reliability, and (where you have opted in) measure how features are used.
- Communicate with you: send transactional messages (e.g. email verification, password reset, security alerts) and respond to support requests.
- Comply with law and protect rights: meet legal obligations, enforce our Terms of Use, and protect the safety of users and the Services.
3. Third-Party Service Providers
We use the following service providers to operate the Services. Each processes only the data needed for its specific function.
| Provider | What it does | Data it processes |
|---|---|---|
| Supabase (Supabase, Inc., USA) | Hosts our database, authentication, and backend functions. | Account info, training data, programmes, and any other data you submit through the Services. |
| Sentry (Functional Software, Inc., USA) | Crash and error reporting for the mobile and web apps. | Crash stack traces, device model, OS version, app version, and the IP address from which the report was sent. We do not attach your name or email to Sentry reports. |
| PostHog (PostHog Inc., USA — host varies by region) | Optional product analytics. Only used if you opt in. | Event names, event properties (feature parameters), your user ID (so events from the same account can be grouped). The PostHog server logs the IP address from which events are sent. |
| Vercel (Vercel, Inc., USA) | Hosts our web application. | Standard web request logs (IP address, user-agent, request path). |
We do not sell your personal information, and we do not share it with third parties for cross-app advertising.
4. Where Your Data Is Processed
We have configured each of our service providers to store and process your data in the European Union or Australia, in line with where our users are based. The companies that operate these services are based in the United States. As a result, your information may, in limited circumstances (such as provider-side technical support, on-call response, or US-based subprocessors), be accessed from the United States or other countries. Where this happens, we and our providers rely on appropriate safeguards — including, where applicable, Standard Contractual Clauses — to protect your information.
5. Data Retention
- We retain account, training, and programme data for as long as your account is active.
- If you delete your account (see Section 7), we delete or anonymise your personal information within a reasonable period after the 30-day grace period ends, except where we are required to retain it for legal, accounting, or security purposes.
- Crash reports and diagnostics are retained for a limited period as configured with Sentry, typically no longer than 90 days.
- Anonymised, aggregated data that no longer identifies you may be retained for analytics and product-improvement purposes.
6. Your Rights and Choices
Depending on where you live, you may have the following rights with respect to your personal information:
- Access — request a copy of the data we hold about you.
- Correction — ask us to correct inaccurate information (you can also edit most of it directly in the app).
- Deletion — ask us to delete your data (see Section 7).
- Restriction or objection — ask us to limit or stop certain processing.
- Withdraw consent — turn off optional analytics in the app at any time. Withdrawal does not affect processing carried out before the withdrawal.
- Portability — request a structured export of the data you have provided.
- Complaint — lodge a complaint with your local data-protection authority.
To exercise any of these rights, contact us at support@fix8.app.
6.1 California residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect, the right to delete it, and the right not to be discriminated against for exercising these rights. We do not sell personal information as defined under the CCPA.
6.2 EEA / UK / Switzerland residents
If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for processing your information is:
- Performance of a contract with you (to provide the Services).
- Legitimate interests (to secure and improve the Services and respond to support requests), balanced against your privacy rights.
- Your consent (for optional analytics, which you can withdraw at any time).
- Legal obligation (where required by applicable law).
7. Account Deletion
You can delete your Fix8 account at any time from within the mobile app: Settings → tap your name → Delete Account. Deletion is final after a 30-day grace period, during which you can cancel the deletion by signing back in. After the grace period:
- Your account, profile, training history, and programme assignments are deleted from our systems within a reasonable period.
- Certain historical records (for example, audit logs and submission history) are retained in anonymised form where required for security and integrity, with personal identifiers removed.
- Active paid subscriptions are cancelled at the end of the billing period you have already paid for; you are not charged again.
If you cannot access the in-app flow, email support@fix8.app from the address on your account and we will action your request.
8. Children
The Services are not directed to children under 13 (or under 16 in jurisdictions where that is the minimum age for digital consent). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
9. Security
We use industry-standard measures to protect your information, including encryption in transit (HTTPS), encrypted storage of authentication credentials, row-level access controls in our database, and least-privilege access for our team. No system is 100% secure, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will notify you through the Services or by email and update the "Published" date at the top of this Policy. Continued use of the Services after the changes take effect means you accept the revised Policy. Previous versions are kept for reference.
11. Contact
For any questions, requests, or complaints about this Policy or our handling of your information, contact:
- Email: support@fix8.app