Levelan ("we," "our," or "us") operates the Levelan mobile application and related services (the "Services"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Services. By using the Services, you agree to the collection and use of information in accordance with this policy.
Summary of key points
We collect account, profile, onboarding, and workout data to provide personalized training and recovery recommendations. We use Apple Health (HealthKit) with your permission to compute a readiness score; health data is processed on your device and we do not receive or store raw health samples on our servers. We use Supabase for authentication and storage, and we may send limited onboarding data to an AI provider (e.g., OpenAI) via our backend solely to generate your workout plan. We do not sell your personal information or use it for advertising targeting. You may delete your account and associated data at any time from Settings in the app.
1. Information we collect
1.1 Information you provide
Account data: Email address, sign-in method (Apple, Google, or magic link), and a unique user identifier. Stored with our authentication provider (Supabase).
Profile data: Display name, age, and sex (optional). Stored in your account profile in our database.
Onboarding and plan data: Goals, experience level, equipment, pain or limitation areas, exercise preferences, days per week, time per session, and related answers used to build your workout plan. Stored locally on your device and synced to our servers; used to generate your personalized plan.
Workout and progression data: Your plan, logged workouts, sets, reps, weight, rest, and completion status. Stored in our systems and optionally cached on your device for offline use.
Recovery and check-in data: Daily check-in answers (e.g., stress, soreness, mood, sleep quality), recovery preferences, and decision history. Stored in our systems.
Other preferences: Notification settings, units (imperial/metric), and theme. Stored in your profile or on device.
1.2 Health data (Apple HealthKit)
If you grant permission, we read the following from Apple Health (HealthKit) to compute a readiness score:
Sleep analysis (e.g., time in bed, stages)
Heart rate variability (HRV)
Resting heart rate
Step count (for display only; optional)
This data is processed on your device or within the app. We do not receive or store raw HealthKit samples on our servers. We do not write fitness or health data back to HealthKit unless you explicitly enable such a feature. Your health data remains under your control and is subject to Apple's privacy and permission model.
1.3 Information collected automatically
When you use our Services we or our service providers may collect:
Device and usage data: Device type, operating system, app version, and similar technical information necessary for security, troubleshooting, and improving the Services.
Error and performance data: We use Sentry (or similar) for crash reporting and performance monitoring. This may include device identifiers, error logs, and performance metrics. Such data is used only to operate and improve the Services and is governed by our agreements with those providers.
We do not use your personal or health data for advertising, and we do not sell your data.
2. How we use your information
To provide the Services: Account creation and authentication, personalized workout plans, readiness-based recommendations, workout logging, progression tracking, and sync across your devices.
Plan generation: Onboarding answers (and optional profile data) are sent to our plan-generation service (which may use an AI provider such as OpenAI) to create your personalized workout plan. We control the prompt and payload; only data necessary for plan generation is sent.
Recommendations: Readiness (derived from health and check-in data), your plan, and workout history drive daily recommendations and any recovery adjustments.
To operate and improve: Security, troubleshooting, analytics (e.g., crash and performance via Sentry), and improving the app.
To communicate: Service-related messages (e.g., account or security). We do not use your data for marketing or advertising targeting.
3. Legal basis for processing (EEA/UK)
If you are in the European Economic Area or the United Kingdom, we process your personal data on the following bases:
Contract: To perform our contract with you (providing the Services).
Consent: Where you have given consent (e.g., HealthKit access, optional profile fields). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Legitimate interests: To operate, secure, and improve the Services, and to defend our rights, where not overridden by your interests.
Legal obligation: Where required by applicable law.
Authentication, database, sync. Access restricted to your own data via access controls.
OpenAI (or similar, via our Edge Function)
Onboarding answers and optional profile when generating or updating a plan
To generate your personalized workout plan. We control the prompt and payload; provider is contractually bound to use data only for that purpose.
Apple HealthKit
Read-only: sleep, HRV, resting HR (we do not write fitness data back by default)
To compute readiness. Data stays on your device / with Apple; we do not receive raw health samples on our servers.
Expo / push (if enabled)
Device token
To send notifications you have opted into.
Sentry (or similar)
Crash/error and performance data
To monitor stability and improve the app. Governed by our agreements with the provider.
We do not sell your personal information. We may disclose information if required by law, to protect our rights or safety, or in connection with a merger, sale, or transfer of assets (with notice where required by law).
5. AI and third-party models
We use third-party AI services (e.g., OpenAI) only to generate your workout plan. When we do:
Only the data necessary for plan generation (onboarding answers and optional profile fields) is sent to the provider.
We use providers that adhere to applicable data protection and security standards and are bound by contracts that limit use to the purposes we specify.
We do not use your health data or raw HealthKit data for AI plan generation.
6. Data retention and deletion
We retain your data while your account is active. When you delete your account (via Settings in the app):
We delete your authentication account and all associated app data, including: profile, plans, workout templates and logs, exercise logs, set logs, progressions, daily check-ins and answers, recovery-related data, and preferences.
Deletion is completed in accordance with our technical process; some data may remain in backups for a limited period before being overwritten, and we do not use such data for any purpose.
You may request access to, correction of, or deletion of your data by contacting us (see Contact). We will respond in accordance with applicable law.
7. Security
We use industry-standard measures to protect your data, including encryption in transit (e.g., TLS) and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. You are responsible for keeping your account credentials secure and for the security of your device.
8. Children and minors
The Services are not intended for users under 18. We do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Services. If we learn that we have collected information from a user under 18, we will take steps to delete that information. If you believe we have collected information from a minor, please contact us (see Contact).
9. Your rights
Depending on where you live, you may have the right to:
Access and receive a copy of your personal information
Correct inaccurate personal information
Request deletion of your personal information
Request restriction or object to certain processing
Data portability (where applicable)
Withdraw consent where processing is based on consent
Lodge a complaint with a supervisory authority (e.g., in the EEA or UK)
To exercise these rights, contact us at the email below. We will respond within the time required by applicable law. You may also delete your account and associated data at any time from Settings in the app.
10. International transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards (e.g., standard contractual clauses or other mechanisms recognized by applicable law) where required for such transfers.
11. U.S. state privacy rights
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you may have additional rights under state law, such as the right to know, correct, delete, or port your personal information, and the right to opt out of certain "sales" or "sharing" of personal information. We do not sell or share your personal information for cross-context behavioral advertising. To exercise your rights, contact us (see Contact). We will not discriminate against you for exercising your privacy rights.
12. Changes to this policy
We may update this policy from time to time. We will notify you of material changes (e.g., in the app or by email). The "Last updated" date at the top reflects the effective date. Your continued use of the Services after changes constitutes acceptance of the updated policy. For material changes we may ask you to accept the updated policy again where appropriate.
13. Contact
For privacy questions, access requests, deletion requests, or other inquiries about this policy, contact us at: