Privacy Policy

Last updated: February 2026

This Privacy Policy explains how MyLift AI (“we,” “us,” or “our”) collects, uses, stores, and protects your personal data when you use our application. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Dutch privacy law.

1. Data Controller

The data controller responsible for your personal data is:

Aron RuizendaalNetherlandslegal@myliftai.com

2. Data We Collect

We collect the following categories of personal data:

Account Data

  • Full name
  • Email address
  • Date of birth (to verify minimum age of 16)
  • Hashed password (never stored in plain text)

Fitness & Health Data

  • Workout logs (exercises, sets, reps, weight, duration, distance)
  • Body weight and height (optional)
  • Fitness goals and fitness level (optional)
  • RPE (Rate of Perceived Exertion) ratings

AI Interaction Data

  • Chat messages with the AI coach
  • AI-generated workout analyses

Technical Data

  • Device type and operating system (via app store analytics)
  • App usage preferences (units, notification settings)
  • Subscription status

3. Legal Basis for Processing

We process your data on the following legal bases under GDPR Article 6:

Performance of a Contract (Art. 6(1)(b))Account creation, authentication, delivering workout tracking and coaching services.
Legitimate Interest (Art. 6(1)(f))Improving app functionality, security monitoring, fraud prevention.
Consent (Art. 6(1)(a))Optional health data (body weight, height) and push notifications.
Legal Obligation (Art. 6(1)(c))Complying with applicable law and regulatory requirements.

Health data (body metrics, workout intensity) is processed under GDPR Article 9(2)(a) — your explicit consent given at account creation.

4. Third-Party Processors

We share your data only with the following processors who are contractually obligated to protect it:

Google Gemini AIProcesses your workout logs and chat messages to generate AI analysis and coaching. Data is sent to Google's API under Google's data processing terms.
MailgunTransactional email delivery (account activation, password reset). Your email address is shared for delivery purposes only.
Cloud Hosting ProviderOur backend servers and database are hosted on a cloud provider. Data is stored in a secure, access-controlled environment.
Apple App Store / Google PlaySubscription billing and app distribution. Subject to Apple's and Google's respective privacy policies.

We do not sell your personal data to third parties.

5. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

  • Account data (name, email, password) is deleted within 30 days
  • Workout logs and chat history are deleted immediately
  • Anonymized aggregate analytics data may be retained indefinitely
  • Backup copies are purged within 90 days

We may retain certain data longer if required by law (e.g., tax/accounting records).

6. Your Rights Under GDPR

As a data subject under GDPR Articles 15–22, you have the following rights:

Right of Access (Art. 15)Request a copy of all personal data we hold about you.
Right to Rectification (Art. 16)Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17)Request deletion of your personal data ("right to be forgotten"). You can delete your account directly in the app.
Right to Data Portability (Art. 20)Request your data in a structured, machine-readable format.
Right to Object (Art. 21)Object to processing based on legitimate interests.
Right to Restrict Processing (Art. 18)Request that we limit how we use your data in certain circumstances.
Right to Withdraw ConsentWithdraw consent at any time where processing is consent-based, without affecting prior processing.

To exercise any of these rights, contact us at legal@myliftai.com. We will respond within 30 days.

7. Data of Minors

MyLift AI is not intended for children under 16 years of age. We require users to confirm they are at least 16 years old during registration. If we discover we have collected data from a child under 16 without parental consent, we will delete that data promptly.

If you believe a minor under 16 has registered, please contact us at legal@myliftai.com.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Passwords hashed using bcrypt
  • API access secured with JWT tokens
  • HTTPS/TLS encryption in transit
  • Database access restricted to application servers

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including by Google (Gemini AI) and Mailgun. Such transfers are subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or email. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact & Complaints

For any privacy-related questions or to exercise your rights, contact:

MyLift AI — Privacylegal@myliftai.comAron Ruizendaal, Netherlands

If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevenswww.autoriteitpersoonsgegevens.nlHoge Nieuwstraat 8, 2514 EL Den Haag