Skip to main content
OVERLOADOVERLOAD
Get Pro
Back

Legal

Privacy Policy

Last Updated: April 7, 2026

1. Introduction

This Privacy Policy describes how Evan Lara ("we," "us," or "our") collects, uses, and shares information about you when you use the OVERLOAD mobile application ("App") and associated website at getoverload.app ("Site"). By using the App or Site, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Full name and email address
  • Password (encrypted and managed by Supabase Auth — we never have access to your plaintext password)
  • Bodyweight, height, and age
  • Preferred weight unit and training preferences

2.2 Information Generated Through Use

  • Workout sessions including names, dates, and durations
  • Exercise names, sets, reps, and weights
  • Personal records and estimated 1-rep max values
  • Training streak and session history
  • Progress photos and bodyweight log entries (Pro users)

2.3 Information Stored Locally Only (Never Transmitted)

  • Exercise notes
  • Theme and display preferences

2.4 Payment Information

If you purchase OVERLOAD Pro, payment is processed by Stripe, Inc. We never receive or store your card details — Stripe handles all payment data under their own privacy policy. We receive only a customer ID, subscription status, and transaction metadata sufficient to activate your Pro access.

3. How We Use Your Information

We use the information we collect to:

  • Create and maintain your account
  • Provide core App functionality (workout logging, analytics, progress tracking)
  • Calculate and display personal records and training statistics
  • Maintain your training streak
  • Process and manage Pro subscriptions
  • Improve the App based on usage patterns

We do not use your information for advertising, profiling, or sale to third parties.

4. How We Store Your Information

Your account and workout data is stored in a PostgreSQL database managed by Supabase, Inc., hosted on Amazon Web Services (AWS) infrastructure. All database tables are protected by Row Level Security (RLS), which means your data is cryptographically isolated from other users — no user can access another user's data.

All data in transit is encrypted using HTTPS/TLS.

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties except in the following limited circumstances:

  • Supabase, Inc. — processes your account and workout data on our behalf as a data processor. Contractually bound to protect your data and may not use it for their own purposes.
  • Stripe, Inc. — processes payment data for Pro subscriptions. Subject to their own privacy policy.
  • Legal Requirements — we may disclose information if required by law, court order, or governmental authority.
  • Business Transfer — in the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified via email and/or prominent notice in the App.

We use no advertising networks, third-party analytics SDKs, or cross-app tracking of any kind.

6. Apple Health

With your permission, OVERLOAD can write completed workout data to Apple Health. Health data is accessed solely to fulfill that sync — it is never stored on our servers, shared with third parties, or used for advertising.

7. Your Rights

7.1 All Users

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data at any time through the App's profile settings
  • Delete your account and all associated data by contacting us at the email below
  • Export your data upon request

7.2 California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, include "CCPA Request" in your email subject line.

7.3 EU / EEA Residents (GDPR)

If you are located in the EU or EEA, you have the following rights under GDPR:

  • Right of Access — obtain a copy of your personal data
  • Right to Rectification — correct incomplete or inaccurate data
  • Right to Erasure — request deletion of your data
  • Right to Restriction — limit how we process your data
  • Right to Data Portability — receive your data in a machine-readable format
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — where processing is consent-based, withdraw at any time

Legal basis for processing (GDPR Art. 6): performance of a contract; legitimate interests (security, fraud prevention, app improvement); consent where explicitly obtained. Include "GDPR Request" in your email subject line. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

9. Children's Privacy

The App is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately and we will delete it.

10. Security

We implement the following measures to protect your data:

  • Rate limiting on authentication attempts
  • Input validation and sanitization on all user-submitted data
  • HTTPS/TLS encryption for all data in transit
  • Row Level Security on all database tables
  • Passwords hashed and never stored or accessible in plaintext

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to using industry-standard practices.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date at the top and, where appropriate, through in-app notification or email. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact

Questions, requests, or complaints regarding this Privacy Policy or your personal data:

Developer: Evan Lara
Email: evan@getoverload.app