Privacy Policy

Last updated: March 21, 2026 — Effective: March 21, 2026

Version francaise

1. Introduction

Straddly ("we", "our", "us") is operated by Pierre-Louis Favreau, sole proprietor, based in France. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Straddly application and related services (the "Service"), available on iOS, Android, and the web.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertes), and all other applicable data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Pierre-Louis Favreau
Trade name: Straddly
Country: France
Contact: support@straddly.app

3. Information We Collect

3.1 Information you provide directly

  • Account information: email address, password (hashed, never stored in plain text), and Google account information if you sign in with Google.
  • Profile information: username, display name, avatar (from Google profile or default), body weight.
  • Fitness data: workout routines, exercise logs, sets, reps, weights, durations, personal records, goals, milestones, and session descriptions.
  • AI chat content: messages you send to the AI coach, including text, photos, videos, and URLs you share for analysis.
  • Social information: friend connections, friend requests, session tags, and invitation links you create or redeem.

3.2 Information collected automatically

  • Device information: device type, operating system, platform (iOS/Android), and app version.
  • Push notification tokens: your device's push notification identifier, stored with your platform information, used solely to deliver notifications you have opted into.
  • Usage and analytics data: screen views, feature usage patterns, touch interactions, app lifecycle events (open, background), and network telemetry. This data is collected via PostHog (see Section 7).
  • Session recordings: anonymized session replays for product improvement purposes, with all text inputs masked. Collected via PostHog with EU data residency.

3.3 Information from third parties

  • Google Sign-In: if you authenticate via Google, we receive your Google ID token, email address, display name, and profile photo URL.
  • Apple App Store / Google Play Store: subscription and purchase status, managed via RevenueCat.

3.4 Information we do NOT collect

  • We do not access your device microphone (microphone permission is explicitly disabled).
  • We do not collect your precise location or GPS data.
  • We do not upload your device contacts to our servers. Contact access is used locally on your device only to help you find and invite friends.
  • We do not serve advertising or share data with advertising networks.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

  • Performance of a contract (Art. 6(1)(b)): processing necessary to provide the Service you have requested, including account management, workout tracking, AI coaching, and subscription management.
  • Consent (Art. 6(1)(a)): for optional features such as push notifications, contact access, camera/photo library access, and analytics/session replay collection. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f)): for product improvement, security, fraud prevention, and anonymized usage analytics.
  • Legal obligation (Art. 6(1)(c)): where we are required to retain data by law.

5. How We Use Your Information

We use your personal information to:

  • Provide, operate, and maintain the Service, including generating personalized AI coaching responses and workout recommendations.
  • Process and manage your subscriptions and in-app purchases.
  • Enable social features (friend connections, workout sharing, invitations).
  • Send push notifications you have opted into (workout activity, friend interactions, Service updates).
  • Enforce usage limits and prevent abuse of the Service.
  • Improve and develop the Service through aggregated and anonymized usage analytics.
  • Respond to your support requests and communicate with you about the Service.
  • Comply with legal obligations and protect our rights.

6. AI Processing

Straddly uses artificial intelligence to provide personalized fitness coaching through the AI coach "Auguste". When you interact with the AI coach:

  • Your chat messages, attached media (photos, videos), and shared URLs are processed by our AI systems to generate relevant responses.
  • The AI may use tools to search our exercise database, create routines, create goals, and analyze imported content on your behalf.
  • Chat history is stored to maintain conversation context and allow you to review past interactions.
  • We do not use your personal fitness data or chat content to train general-purpose AI models. Your data is used solely to provide the Service to you.

7. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing how they handle data:

  • Supabase (database, authentication, file storage) — Privacy Policy
  • PostHog (product analytics, session replay) — EU data residency (eu.posthog.com). Text inputs are masked in session recordings. Privacy Policy
  • RevenueCat (subscription and in-app purchase management) — Privacy Policy
  • Google Sign-In (authentication) — Privacy Policy
  • Apple App Store / Google Play Store (payment processing for subscriptions and in-app purchases).
  • Expo Push Notification Service (push notification delivery) — Privacy Policy

8. Data Sharing

We do not sell your personal information. We do not share your data with advertising networks. We may share your data only:

  • With the third-party service providers listed above, solely to operate and improve the Service.
  • With other users through social features you choose to use (e.g., friends can see your workout activity, username, and display name).
  • When required by law, regulation, or legal process (e.g., a court order or government request).
  • To protect the rights, safety, or property of Straddly, our users, or the public.
  • In connection with a merger, acquisition, or sale of assets, in which case you will be notified.

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA), including the United States, where some of our third-party service providers are based. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and profile data: retained until you delete your account.
  • Workout and fitness data: retained until you delete your account.
  • AI chat history: retained until you delete individual threads or your account.
  • Media uploads (photos, videos): retained in cloud storage until you delete your account.
  • Analytics data: retained by PostHog in accordance with their data retention policies.
  • Push notification tokens: deleted when you sign out or delete your account.

If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records related to subscriptions).

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS) for all communications.
  • Secure password hashing (never stored in plain text).
  • JWT-based authentication with secure token management.
  • Row-level security (RLS) policies on our database to ensure users can only access their own data.
  • EU data residency for analytics data (PostHog EU).

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Your Rights

Under the GDPR and applicable French law, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data (you can also delete your account directly in the app settings).
  • Right to restriction: request that we restrict processing of your data in certain circumstances.
  • Right to data portability: request your data in a structured, commonly used, and machine-readable format.
  • Right to object: object to processing based on legitimate interest.
  • Right to withdraw consent: withdraw consent at any time for processing based on consent (e.g., push notifications, analytics), without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@straddly.app. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.

13. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are between 13 and 16, we require parental consent for the processing of your personal data in accordance with GDPR Article 8.

If we become aware that we have collected data from a child under 13 without appropriate consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@straddly.app.

14. Cookies and Local Storage

The mobile application uses local device storage (AsyncStorage and secure storage) solely to persist your authentication session and active workout state. The web application may use cookies for authentication and analytics purposes. We do not use cookies for advertising.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@straddly.app.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where practicable, notify you through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

17. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

support@straddly.app

Data Controller: Pierre-Louis Favreau, sole proprietor
Trade name: Straddly
Country: France
Supervisory authority: CNIL (Commission Nationale de l'Informatique et des Libertes) www.cnil.fr