Privacy Policy
Last updated: April 2, 2026
This policy describes how ILTT (if_lift→then_that), built by RADLAB LLC, handles your data. If something is unclear, contact us at privacy@iltt.io.
What We Collect
We collect only the data necessary to provide the features you use.
| What we collect | Why | How long | Who can access it |
|---|---|---|---|
| Email address | Account creation and login | Until you delete your account | RADLAB LLC (via Supabase) |
| Trainer profile (name, bio) | Personalizing your dashboard and client-facing experience | Until you delete your account | RADLAB LLC (via Supabase) |
| Client records you create | Managing clients in Workoutflows and AI Agents | Until you delete them or your account | You and RADLAB LLC (via Supabase) |
| Workoutflow configurations | Running automated fitness programs | Until you delete them or your account | You and RADLAB LLC (via Supabase) |
| AI Agent configurations and usage | Running automated coaching messages | Until you delete them or your account | You and RADLAB LLC (via Supabase) |
| Token balance and transaction history | Billing and usage tracking | Until you delete your account (may be retained for legal purposes) | RADLAB LLC (via Supabase, Stripe) |
| Subscription status | Unlocking token tiers and features | Until you delete your account | RADLAB LLC, RevenueCat |
| Push notification token | Sending session reminders and client alerts | Until you revoke permission or delete your account | RADLAB LLC (via Firebase/APNS) |
| Product usage analytics (anonymized) | Understanding how features are used to improve the product | 90 days | RADLAB LLC (via PostHog) |
If we ever need to collect new categories of data, we will update this policy and notify you before collection begins.
What We Do Not Collect
ILTT does not:
- Record keystrokes, screen content, or ambient audio
- Track your location in the background
- Monitor your activity across other apps or websites
- Build advertising profiles from your behavior
- Sell your data to third parties
- Store your clients' personal data beyond what you explicitly enter
How We Use Your Data
Your data is used for the purposes described in the table above. We do not repurpose your data. If we derive new information from your data, we treat it as your data too.
What We Share
We share your data with third parties only when necessary, and only the minimum required.
| Third party | What they receive | Why |
|---|---|---|
| Supabase | Email, profile data, client records, Workoutflow configs, token balance | Authentication and database hosting |
| Stripe | Payment method data, billing address, transaction history | Token purchase and subscription billing |
| RevenueCat | User ID, App Store / Play Store purchase events | In-app subscription management |
| PostHog | Anonymized product usage events (no PII; email is one-way hashed before transmission) | Product analytics to improve features |
| Sentry | Crash reports, performance traces, scrubbed of email and user identifiers | Diagnosing and fixing app errors |
| Anthropic | The content of messages you send to Chip (our AI strength coach inside ILTT) or to AI Agents you configure — which can include client names and free-text notes you write about clients | Running AI features (chat assistant, agent generation) |
| Vercel (AI Gateway) | Same AI-feature content as above, routed through Vercel as the model-provider gateway | Routing requests to the Anthropic model provider |
| Apple APNS / Google FCM | Push notification token, notification content | Delivering session reminders and client alerts |
We do not share your data with advertisers. We do not sell your data.
Your Choices
Optional data collection (analytics) is turned off by default — you choose to turn it on. On the website, a cookie banner appears on your first visit so you can accept or decline product analytics. In the mobile app, you can manage the same setting in the Profile section. Either choice can be changed at any time.
Push notifications can be disabled in your device Settings at any time. You can request deletion of your account and all associated data from the Profile section of the app.
How We Protect Your Data
We use encryption in transit and at rest, access controls, regular security scanning, and monitoring for unauthorized access. We do not store your password in a readable form. Payment data is handled exclusively by Stripe and never stored on our servers.
How Long We Keep Your Data
We keep your data only as long as we need it to provide the service. When you delete your account, your data is permanently removed from our systems within 30 days, except where we are legally required to retain billing records.
Deleting Your Data
You can request deletion of your account and all associated data from the Profile section of the app. Deletion is permanent and irreversible. Client records you created are deleted along with your account. We aim to complete deletion within 30 days. If you have an active subscription, cancel it before deleting your account.
Children
ILTT is designed for professional personal trainers and is not intended for children under 13. We do not knowingly collect data from children under 13.
Changes to This Policy
We will notify you before changes take effect and will not apply weaker rules retroactively. Continued use after notification constitutes acceptance of the updated policy.
Contact
Email: privacy@iltt.io
We respond to privacy inquiries within 30 days.