Privacy Policy
Effective July 11, 2026
This policy explains what Overload (“we”, “us”) collects when you use the Overload iOS app and overloadai.app, why we collect it, and the controls you have. Short version: we collect what's needed to run your training program, we don't sell your data, and you can delete everything in the app.
What we collect
- Account. When you sign in with Apple or Google we receive an account identifier and, unless you hide it, your email address. Sign in with Apple lets you use a private relay address.
- Training setup. Your onboarding answers: goal, experience level, schedule, available equipment, and any body areas you ask the plan to work around. The work-around list is a training preference you choose to share, not a medical record — and it's used only to filter exercise selection.
- Training data. Your program, logged workouts and sets, personal records, and plan-edit history. Stored locally on your device first (offline-first) and synced to our backend (Supabase) so your history survives phone changes.
- Purchases. Subscription status via RevenueCat and Apple. We never see your payment details — Apple handles payment.
- Usage analytics. Product events (e.g., onboarding steps completed, feature usage) via PostHog, tied to a pseudonymous identifier, to improve the app. No advertising trackers, no data brokers.
AI processing
Coaching explanations, weekly reviews, and replanning run on our servers: relevant slices of your training data (like recent sets and your program state) are sent to our AI provider to generate the coaching text. These calls happen server-side through our backend — the app never embeds AI provider keys — and the outputs are constrained by our deterministic programming engine. We don't allow our AI providers to use your data to train their models.
What we don't do
- We don't sell or rent your personal data. Ever.
- We don't run third-party ads or ad trackers.
- We don't read anything from Apple Health without asking first; if you connect it, we only write finished workouts (and you can disconnect anytime).
Service providers
We use a small set of processors to run Overload: Supabase (database, auth, hosting of our API), RevenueCat (subscription status), PostHog (product analytics), Apple (payments, notifications), Cloudflare (this website), and our AI model provider (server-side coaching text). Each receives only what it needs to do its job.
Retention and deletion
We keep your data while your account exists. Delete your account in the app (You → Delete account) to permanently remove your account and cloud training data; local data is removed with the app. You can also email support@overloadai.app and we'll delete it for you. Backups age out within 30 days.
Your rights
Depending on where you live (e.g., GDPR, CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Email us and we'll honor them — you don't need to cite a statute.
Security
Data is encrypted in transit, access to production systems is restricted, and secrets are never shipped in the app. No system is perfectly secure, but we treat your training history like it's ours.
Children
Overload is not directed at children and requires users to be at least 16.
Changes
If we change this policy materially, we'll notify you in the app or by email before the change takes effect. The effective date above always reflects the current version.
Contact
Privacy questions or requests: support@overloadai.app.