Privacy Policy

Last updated: May 2026

Leg It! ("we", "our", or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.

1. Information We Collect

We collect the following types of information:

• Account information: Name, email address, and password (stored as a one-way hash) when you register. Optionally, a profile photo.
• Profile data: Age group, birth year and month, gender, fitness level, height, weight, school affiliation, and display preferences if you choose to provide them.
• Sprint data: GPS coordinates, speed, distance, duration, timestamps, and derived metrics (acceleration, speed profile, stride cadence) recorded during sprint sessions.
• Device and session data: Device type, operating system, and push notification token for delivering in-app alerts.
• Usage data: Features used, badges earned, points, levels, training activity, and social interactions (challenges, duels, team participation) within the app.
• Apple Health data (iOS only, optional): If you grant permission, we read your heart rate samples and VO2 max (cardio fitness) data from Apple Health. We also write completed sprint workouts back to Apple Health. This data is processed on your device and is used solely to display your fitness metrics within the app. We do not upload raw Apple Health data to our servers.
• Coach and roster data: If you are a coach, we store your roster, session plans, athlete notes, and goal assignments. If you are an athlete on a coach's roster, we store the relationship and associated data visible to your coach as described in Section 4.

2. How We Use Your Information

• To provide and improve the app's sprint tracking and training features.
• To calculate leaderboard rankings and enable social features.
• To award badges, XP, and track your fitness progress.
• To send push notifications about challenges, duels, tournaments, coach invitations, and other activity you participate in.
• To generate AI-powered coaching insights using anonymised, aggregated sprint statistics (see Section 5).
• To process subscription purchases and enforce entitlements through our payments provider.
• To respond to support requests.

3. Location Data

Leg It! requests access to your device's GPS only while you are actively recording a sprint. Location data is used to calculate speed, distance, and GPS waypoints for your sprint session record. We do not track your location in the background or at any other time. GPS waypoints are stored as part of your sprint record and may be visible to a coach if you are on their roster.

4. Data Sharing

We do not sell your personal data. We may share data only in the following circumstances:

• With other users (social features): Your display name and sprint stats appear on leaderboards and in challenges if you participate in social features. Friends can see your sprint activity in the social feed.
• With your coach: If you accept an invitation to join a coach's roster, that coach can view your sprint performance metrics (speed, distance, duration), GPS waypoints from sprint sessions, progress trends, training plan completion, and related athletic data for as long as you remain on their roster. Removing yourself from a coach's roster stops all further data sharing with that coach. If you are a child profile, your parent or guardian manages this consent on your behalf.
• Via shareable progress links: Your coach may generate a publicly accessible link to a summary of your progress. Anyone with this link can view your display name, total sprint count, top speed, and 30-day improvement trend. These links expire after 14 days and are automatically deactivated if you leave your coach's roster.
• OpenAI (AI Coach feature): To generate AI coaching insights, anonymised, aggregated performance statistics — including sprint speed, duration, frequency, acceleration patterns, and time-of-day patterns — are sent to OpenAI. No personally identifiable information (name, email, or account ID) and no GPS location data are included. OpenAI processes this data under its own privacy policy. You can learn more at openai.com/privacy.
• RevenueCat (subscription management): We use RevenueCat to manage in-app subscription purchases and entitlements. RevenueCat receives your app user ID and purchase events to verify and maintain your subscription status. See RevenueCat's privacy policy at revenuecat.com/privacy.
• Resend (transactional email): We use Resend to deliver transactional emails such as password reset codes and coach invitation emails. Your email address is shared with Resend only for the purpose of delivering a specific email you or your coach has triggered.
• Infrastructure providers: We use trusted third-party services to host and operate the app. These providers process data on our behalf and are contractually bound to protect it.
• Legal requirements: If required by law, court order, or to protect the rights and safety of our users or others.

5. AI Coach and Third-Party AI Processing

The AI Coach feature analyses your recent sprint performance and generates personalised training suggestions. To do this, aggregated sprint statistics are sent to OpenAI's API. The data sent includes performance metrics such as average and peak speeds, sprint duration, frequency, acceleration rate, speed fade, and training patterns. It does not include your name, email address, account ID, or any GPS location data.

AI Coach results are cached on our servers for up to 30 days and regenerated when your sprint data changes materially. The feature requires a minimum of 3 sprint sessions within the past 90 days to activate. You can choose not to use the AI Coach feature; doing so does not affect any other part of the app.

6. Push Notifications

If you enable push notifications, we store a push notification token associated with your account on our servers. This token is used solely to deliver notifications relevant to your activity in the app (challenges, duels, tournaments, social activity, coach updates). You can disable push notifications at any time through your device's system settings. Disabling notifications removes the token from active use; you can also contact us to have your token deleted.

7. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us. Note that deleting your account will also remove you from any coach roster you are on and deactivate any shareable progress links associated with your account.

8. Children's Privacy

Leg It! includes a Family Mode that allows parents or legal guardians to create child profiles linked to their own account. We do not knowingly collect personal data from children under 13 without verified parental consent provided through this mechanism.

If a parent adds a child profile to a coach's roster, the coach will have access to that child's athletic performance data, including GPS waypoints from sprint sessions, for as long as the child remains on the roster. Parents can remove a child from any coach's roster at any time through the app. We strongly encourage parents to review and approve any coach before granting access to their child's data.

If you believe we have inadvertently collected personal data from a child under 13 without parental consent, please contact us immediately at The.leg.it.app@gmail.com and we will delete it promptly.

9. Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data, to object to certain processing, or to request a portable copy of your data. To exercise any of these rights, contact us at The.leg.it.app@gmail.com.

10. Security

We use industry-standard security measures including encrypted connections (TLS), one-way password hashing, and signed session tokens to protect your data. Share link tokens are cryptographically signed and expire automatically. Despite these measures, no internet transmission is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app. Continued use of Leg It! after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy, please contact us at The.leg.it.app@gmail.com.