Last Updated: December 21, 2025
Powr is a powerlifting application designed to help athletes track workouts, manage training programs, calculate weight plates, and record form videos. Our platform is built by powerlifters for powerlifters, with the goal of eliminating the chaos of juggling multiple tools during training sessions. Powr operates as a mobile application available on iOS and Android platforms, with supporting web services for marketing and user acquisition.
This Privacy Policy describes how Powr ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application, websites, and related services (collectively, the "Services"). We are committed to protecting your privacy and ensuring transparency about our data practices. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
We process personal data in compliance with applicable privacy laws, including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and other applicable national and international data protection regulations. This Policy applies to all users regardless of location, though specific rights and protections may vary based on your jurisdiction of residence.
Definitions:
"Personal information" means information that identifies, relates to, or could reasonably be linked with you or your household. This includes direct identifiers (name, email), indirect identifiers (device IDs, IP addresses), and usage data that is linked to your account.
| What We Collect | Why We Collect It | Who We Share It With | Your Controls |
|---|---|---|---|
| Account info (email, name) | Account creation & authentication | Supabase (hosting), Google/Apple (if you use social sign-in) | Update in app settings; delete account |
| Workout data (sets, reps, weights, RPE) | Track training progress | Supabase (hosting), Amplitude (analytics) | Delete account to remove |
| Equipment inventory (bars, plates) | Calculate plate loading | Supabase (hosting) | Edit/delete in app |
| Form videos | Review lifting technique | api.video (video hosting) | Delete individual videos or entire account |
| Usage analytics | Improve app features | Amplitude (analytics) | Limit in device settings |
| Subscription status | Manage premium features | RevenueCat (subscription management) | Cancel subscription anytime |
When you create an account with Powr, we collect personal identification information necessary to provide our Services and authenticate your identity. This includes your email address and the display name you choose to use within the application. If you choose to authenticate using third-party services such as Google Sign-In or Apple Sign-In, we receive basic profile information from these providers, including your name and email address. We do not access your passwords from these third-party authentication services, as authentication is handled securely through industry-standard OAuth protocols that only provide us with authorization tokens.
As you use Powr for your training, we collect comprehensive workout and fitness data to provide you with accurate tracking and progress analytics. This includes detailed information about your workout sessions such as exercise names, set and repetition counts, weight values in your preferred unit system, timestamps indicating when you started and completed workouts, and Rate of Perceived Exertion (RPE) or Reps in Reserve (RIR) ratings that you record. We also store information about your training programs and workout templates, including program names, descriptions, exercise ordering, and structured multi-week training plans that you create or import.
Our plate calculator feature requires information about your equipment inventory to provide accurate loading suggestions. We store data about your barbells including their names and weights, as well as your available weight plates categorized by type and quantity. This equipment data enables our app to calculate optimal plate loading configurations for any target weight across different gym environments you may train in.
A distinctive feature of Powr is the ability to record and review form videos linked directly to specific workout sets. When you choose to record a video, we capture video content through your device's camera. These videos are uploaded and stored on our video hosting infrastructure to enable playback, review, and analysis of your lifting technique. Video identifiers are associated with the corresponding workout sets in your training history, allowing you to review your form for any recorded lift. We do not use automated facial recognition or biometric analysis technology on your videos for identification or surveillance purposes. Our video hosting provider processes uploaded videos for transcoding, thumbnail generation, and content delivery optimization. This processing is limited to technical functions necessary for video playback and does not include identification or surveillance features.
To provide you with application functionality and improve your experience, we collect certain technical and usage data. This includes device information such as device type, operating system version, and application version. We collect analytics data about how you use the app, including features accessed, screen views, and user interactions, which helps us understand usage patterns and improve our Services. We may also collect diagnostic information such as crash reports and performance metrics to maintain and improve application stability.
If you subscribe to Powr's premium features, we collect and store information related to your subscription status. This includes subscription identifiers from our payment processing partner, subscription start and expiration dates, and trial period information. We do not directly collect or store your payment card details, bank account information, or other financial information; all payment processing is handled by Apple App Store, Google Play Store, and our subscription management partner, RevenueCat.
When you contact us for support through our website or application, we collect your name, email address, and the content of your message to respond to your inquiry and provide assistance. If you join our waitlist before product launch, we collect your email address to notify you when the application becomes available.
Data Minimization Principle:
We adhere to the principle of data minimization, collecting only personal information that is necessary to provide our Services. We do not collect sensitive health information, government identifiers, financial account details, or other data unnecessary for workout tracking functionality. If we identify opportunities to reduce data collection while maintaining service quality, we will do so.
We use the personal information we collect for several essential purposes directly related to providing and improving our Services. Your account information enables us to authenticate your identity, maintain your user profile, and provide personalized access to your training data across multiple devices. Your workout data, training programs, and equipment inventory information are fundamental to the core functionality of tracking your lifts, calculating plate loading, displaying progress analytics, and estimating your one-repetition maximum across different exercises.
We use video content that you upload to store and deliver your form videos for playback within the application, enabling you to review your technique and track form improvements over time. This video content is stored on secure third-party infrastructure and is only accessible to you and any individuals with whom you explicitly choose to share your content.
Your subscription and payment-related information is used to manage your access to premium features, process trial periods, verify subscription status, and provide appropriate feature access based on your subscription tier. We use your contact information to communicate with you about your account, respond to support inquiries, send important service announcements, and provide information about new features or updates when you have opted to receive such communications.
Analytics and usage data help us understand how users interact with our application, identify popular features, diagnose technical issues, and make data-driven decisions about product improvements. We use aggregated and anonymized data to analyze trends in powerlifting training, though such analysis never identifies individual users.
We also use your information to ensure the security of our Services, detect and prevent fraud, enforce our terms of service, and comply with our legal obligations. In some cases, we may use your information to conduct research and analysis aimed at improving our products and developing new features that serve the powerlifting community.
For users located in the European Union, European Economic Area, United Kingdom, or other jurisdictions that require a legal basis for processing personal data, we process your information under the following legal grounds.
We process certain information as necessary for the performance of our contract with you. This includes processing your account information to maintain your user profile and authenticate your access, processing your workout data to provide the core training tracking functionality you have requested, processing your video content to enable the form recording feature, and processing your subscription information to provide access to premium features you have purchased.
We process certain information based on your explicit consent. Before recording videos, you must grant camera access permission on your device, which serves as your consent to capture and store video content. You may also provide consent to receive marketing communications, which you can withdraw at any time. Where consent is the legal basis for processing, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
We process certain information based on our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving and optimizing our Services through analytics, ensuring the security and integrity of our platform, and communicating with you about important service updates. When relying on legitimate interests, we have conducted a Legitimate Interest Assessment (LIA) to ensure our interests do not override your fundamental rights and freedoms. We balance our business needs against potential risks to your privacy and implement safeguards to minimize any impact. You have the right to object to processing based on legitimate interests at any time.
Finally, we process some information as necessary to comply with our legal obligations, such as maintaining financial records for tax purposes, responding to lawful requests from government authorities, and preserving data that may be relevant to legal proceedings.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your data only as described in this Privacy Policy and only to the extent necessary to provide our Services.
We use Supabase as our backend infrastructure provider for authentication, database storage, and application hosting. Supabase processes your account information, workout data, equipment inventory, and other application data on our behalf to provide the Services. Supabase maintains data centers and employs industry-standard security measures to protect the data they process for us. Supabase acts as a data processor under our instructions and is contractually bound to use your data only to provide services to us.
We use api.video as our video hosting and delivery platform. When you upload form videos, the video content is transmitted to and stored on api.video's infrastructure. api.video provides secure video storage, transcoding, and content delivery network (CDN) services to ensure your videos are available for playback across different devices and network conditions. api.video may store and process video content on servers located in the United States and European Union. For EU users, api.video maintains GDPR compliance through appropriate safeguards including Standard Contractual Clauses. Video content is stored in accordance with api.video's security and privacy practices, and we maintain a data processing agreement that limits their use of your content to providing video hosting services on our behalf.
For authentication services, we integrate with Google and Apple to offer convenient sign-in options. When you authenticate using Google Sign-In, Google processes your authentication request and provides us with basic profile information and authentication tokens. Similarly, Apple Sign-In handles authentication and provides profile information according to Apple's privacy practices. We receive only the information necessary to create and authenticate your account from these providers.
We use RevenueCat as our subscription management platform to handle in-app purchases and subscription lifecycles. RevenueCat receives and processes: (1) device identifiers (such as IDFA on iOS or Advertising ID on Android), (2) app user identifiers we generate for your account, (3) subscription transaction data including purchase dates, renewal dates, and subscription tier, and (4) device and app version information. RevenueCat does not receive your email address, workout data, or video content. Payment processing itself is handled by Apple App Store and Google Play Store, which process your payment information according to their respective privacy policies. We maintain a data processing agreement with RevenueCat that limits their use of subscription data to providing analytics and subscription management services.
We use Amplitude for analytics to understand how users interact with our application. Amplitude receives usage data including feature interactions, screen views, and device information. This data is used in aggregate to analyze user behavior patterns and inform product decisions. Amplitude data is processed in accordance with their privacy policy and our data processing agreement.
In addition to our primary service providers, we may share your information with professional advisors such as lawyers, auditors, and accountants where necessary in the course of their professional services, and with competent authorities such as courts, regulatory bodies, or government agencies when required by law or to protect our legal rights.
We implement comprehensive technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security practices are aligned with industry standards and best practices for protecting sensitive user data.
All data transmitted between your device and our servers is protected using Transport Layer Security (TLS) encryption, ensuring that your information cannot be intercepted or read during transit. Our database infrastructure employs encryption at rest through our service provider's security measures, protecting your stored data using strong cryptographic algorithms. Data in transit is protected using TLS 1.2 or higher encryption.
We implement Row Level Security (RLS) policies in our database as an additional security layer to enforce data isolation. Combined with authentication mechanisms, RLS helps ensure users can only access their own data through normal application usage. Each database query is evaluated against security policies that verify the requesting user's identity and authorization to access the requested data.
Authentication tokens are stored securely on your device using platform-native secure storage mechanisms. We implement PKCE (Proof Key for Code Exchange) flows for OAuth authentication to prevent authorization code interception attacks. Session tokens are automatically rotated and have limited validity periods to reduce the window of opportunity for token theft.
Our application uses secure state management practices with JWT (JSON Web Token) authentication, and we implement automatic token refresh mechanisms to maintain security while providing a seamless user experience. API keys and secrets are stored securely and are never exposed in client-side code.
We regularly review and update our security practices to address new threats and vulnerabilities. Our infrastructure providers maintain SOC 2 compliance and implement physical security measures at their data centers. We limit access to personal data to authorized personnel who need to access such information to perform their job functions and provide services to you.
While we implement industry-standard security measures, no system is completely immune to security threats. We continuously monitor for vulnerabilities and respond promptly to security incidents. We cannot guarantee absolute security, but we strive to protect your personal information using commercially reasonable security measures.
Employee Access to Your Data:
Access to user data is restricted to authorized personnel on a need-to-know basis. Engineers may access aggregated, anonymized data for debugging and feature development. Support staff can access your account information and workout history when you submit a support ticket. We maintain audit logs of data access and conduct regular access reviews. No employee has unrestricted access to video content; videos are accessed only when technically necessary to resolve specific support issues you have reported.
In the event of a data breach affecting your personal information, we will comply with applicable breach notification laws. For EU/EEA/UK users, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach likely to result in risk to your rights and freedoms, and we will notify affected users without undue delay when the breach is likely to result in high risk. For California residents, we will notify affected individuals in accordance with California Civil Code § 1798.82. Notifications will describe the nature of the breach, categories of data affected, and steps you can take to protect yourself.
Powr operates globally and may transfer, store, and process your personal information in countries other than the country in which you reside. Our service providers, including Supabase, api.video, RevenueCat, and Amplitude, may process data in the United States and other countries where they maintain data centers.
For users located in the European Union, European Economic Area, or the United Kingdom, we ensure that international data transfers are conducted in compliance with applicable data protection laws. When transferring personal data outside of these regions, we implement appropriate safeguards to ensure that your data receives an adequate level of protection.
We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a primary transfer mechanism when transferring personal data to third countries that have not received an adequacy decision from the European Commission. Our agreements with service providers incorporate these contractual protections, which impose obligations on data recipients to protect personal data to standards consistent with European data protection law.
Additionally, several of our service providers maintain supplementary measures and certifications that provide enhanced protections for transferred data. These may include binding corporate rules, encryption of data in transit and at rest, access controls, and audit rights that allow us to verify compliance with data protection obligations.
We continuously monitor the legal landscape regarding international data transfers and adapt our practices as necessary to ensure ongoing compliance with applicable laws and regulations. If you have questions about our data transfer practices or would like more information about the safeguards we have implemented, please contact us using the information provided at the end of this Policy.
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements, and to provide our Services to you.
Your account information and associated data, including workout history, training programs, equipment inventory, and form videos, are retained for as long as you maintain an active account with us. This enables you to access your historical training data and review your progress over time, which is essential to the value proposition of our Services.
If you request deletion of your account, we will initiate deletion of your personal information within thirty (30) days of your verified request. Account data, workout history, and equipment information stored in our database will be permanently deleted. Video content stored with our video hosting provider will be marked for deletion and removed from our systems within 30 days, though cached copies in content delivery networks may persist for up to 60 days until cache expiration. We may retain anonymized or aggregated statistical data that no longer identifies you for analytical purposes. Where legal obligations require retention (such as financial records for tax compliance), we will retain only the minimum necessary information in a segregated archive with restricted access.
Deleted data may remain in encrypted backup systems for up to 90 days before permanent deletion as part of our disaster recovery procedures. Backup data is not accessible through our application and is maintained solely for system restoration purposes.
Video content uploaded to our platform is retained for as long as your account remains active and until you delete specific videos or request account deletion. When videos are deleted at your request, they are removed from our video hosting provider's systems, though cached copies may persist briefly in content delivery networks before expiration.
Subscription and payment-related information is retained for the duration of your subscription relationship with us and for a period thereafter as required for financial record-keeping, tax compliance, and to resolve any disputes that may arise. We typically retain financial records for seven (7) years after the end of the fiscal year in which the transaction occurred, as required by tax authorities.
Support inquiries and related communications are retained for a reasonable period to provide ongoing support, improve our services, and maintain records of our interactions with you. Waitlist email addresses are retained until you are notified of product availability and have the opportunity to create an account or request removal.
We periodically review our data retention practices and delete information that is no longer necessary for the purposes described in this Policy. When information is deleted, we use secure deletion methods to prevent unauthorized recovery.
Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights and responding to verified requests in a timely manner.
You have the right to access your personal information and obtain a copy of the data we hold about you. You may request information about the categories of data we process, the purposes of processing, the recipients of your data, and the retention periods we apply. We will provide this information in a commonly used electronic format.
You have the right to rectification, meaning you can request that we correct inaccurate personal information or complete incomplete data. You can update most of your account information directly through the application settings, and you may contact us for assistance with data that cannot be corrected through the app.
You have the right to erasure, also known as the "right to be forgotten." You may request that we delete your personal information when it is no longer necessary for the purposes for which it was collected, when you withdraw consent and there is no other legal basis for processing, when you object to processing and there are no overriding legitimate grounds, when the data has been unlawfully processed, or when erasure is required for compliance with a legal obligation. Please note that certain data may need to be retained for legal compliance or legitimate business purposes even after you request deletion.
You have the right to data portability, which allows you to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit your data directly to another controller where technically feasible. This right applies to data you have provided to us and that we process based on your consent or for the performance of a contract.
You have the right to restrict processing in certain circumstances, such as when you contest the accuracy of your data, when processing is unlawful but you oppose deletion, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification of whether our legitimate grounds override yours.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to processing for direct marketing, we will cease processing your data for such purposes. When you object on grounds relating to your particular situation, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
For users in the European Union, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.
For California residents, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide specific rights, including the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of personal information; the right to opt-out of the sale or sharing of personal information (note that we do not sell personal information); the right to non-discrimination for exercising your privacy rights; and the right to limit use and disclosure of sensitive personal information. California residents may also designate an authorized agent to make requests on their behalf.
For Canadian residents, PIPEDA provides rights including access to your personal information, the ability to challenge the accuracy and completeness of your information, and the right to have your information amended as appropriate. You may also withdraw consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
How to Withdraw Consent:
To exercise these rights, submit a request to raine@powrtrainingapp.com. We will verify your identity and respond within the timeframes required by applicable law. You will not face discrimination for exercising your privacy rights, and we will not charge fees for requests unless they are manifestly unfounded or excessive. We will respond to verified requests within the timeframes required by applicable law, generally within 30 days for GDPR requests and 45 days for CCPA requests, with the possibility of extension in complex cases.
Powr is not intended for use by individuals under the age of digital consent in their jurisdiction. In the United States, our Services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). In the European Union and United Kingdom, we do not knowingly collect information from individuals under 16 years of age (or the applicable age of digital consent in their member state).
If we become aware that we have collected personal information from a child under the applicable age, we will take immediate steps to delete such information from our systems. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at raine@powrtrainingapp.com, and we will take appropriate action to remove the data.
We encourage parents and guardians to monitor their children's internet and mobile device usage and to help enforce this Policy by instructing their children never to provide personal information through our Services without permission. If you have concerns about children's safety in relation to our Services, please contact us.
We currently do not use artificial intelligence or automated decision-making systems that produce legal effects or similarly significantly affect you. Our application provides data visualization, calculations (such as estimated one-rep max), and organization features, but all training decisions remain under your control. If we introduce AI-powered features in the future (such as form analysis or program recommendations), we will update this Privacy Policy and obtain your consent where required by law.
Our mobile application does not use cookies, as cookies are a web browser technology. However, our websites and web-based services may use cookies and similar tracking technologies to enhance your experience and collect information about how you interact with our online services.
Cookies are small text files stored on your device that help us remember your preferences and understand how you use our websites. We use essential cookies that are necessary for the basic functionality of our websites, such as maintaining session state and security. We may use analytics cookies to collect information about your browsing behavior, which helps us improve our websites and understand user preferences.
You can control cookie preferences through your browser settings. Most web browsers allow you to refuse cookies, delete existing cookies, or alert you when cookies are being sent. Please note that disabling essential cookies may affect the functionality of our websites.
Our mobile application uses mobile analytics SDKs that may collect device identifiers, usage data, and performance metrics. These technologies help us understand app usage patterns, diagnose issues, and improve the user experience. You can limit ad tracking and analytics collection through your device's privacy settings, such as enabling "Limit Ad Tracking" on iOS or opting out of "Ads Personalization" on Android.
We honor Do Not Track signals and similar mechanisms where technically feasible and required by law. When we detect such signals, we limit the collection of tracking data to only what is necessary for the functionality of our Services.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes to this Policy, we will notify you through appropriate means, such as posting a prominent notice within the application, sending you an email notification to raine@powrtrainingapp.com, or displaying an in-app notification when you next access our Services.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices. The "Last Updated" date at the top of this Policy indicates when the most recent revisions were made. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated Policy.
If we make changes that materially affect how we process your personal information or that require your consent under applicable law, we will obtain your consent before implementing such changes. We will not reduce your rights under this Privacy Policy without your explicit consent.
This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents.
Categories of Personal Information Collected: In the preceding twelve months, we have collected the following categories of personal information: identifiers (such as name and email address); commercial information (such as subscription records); internet or other electronic network activity information (such as usage data and device information); geolocation data (derived from IP address, if available); audio, electronic, visual, or similar information (form videos); and inferences drawn from other personal information to create a profile.
Sources of Personal Information: We collect personal information directly from you when you create an account, use our Services, or communicate with us. We also collect information automatically through your use of our Services and from third-party authentication providers when you use social sign-in options.
Business or Commercial Purposes for Collection: We collect personal information to provide and improve our Services, process transactions, communicate with you, personalize your experience, ensure security, and comply with legal obligations, as described in detail in the "How We Use Your Information" section above.
Categories of Personal Information Disclosed for Business Purposes: We may disclose the following categories of personal information to service providers for business purposes: identifiers, commercial information, internet or network activity information, geolocation data, audio and visual information, and inferences.
Sale or Sharing of Personal Information: We do not sell personal information, and we have not sold personal information in the preceding twelve months. We do not share personal information for cross-context behavioral advertising purposes.
Sensitive Personal Information: We collect (1) account login credentials used for authentication, and (2) video recordings that may contain biometric identifiers such as your face, body proportions, or movement patterns visible during exercise performance. We use login credentials only for authentication and account access. We use video recordings only to enable form review and technique analysis features you have requested, and we do not use video content for biometric identification, surveillance, or any purpose beyond the workout tracking functionality. Under CPRA, you have the right to limit use of sensitive personal information, though doing so may limit our ability to provide video recording features.
Retention: We retain personal information as described in the "Data Retention" section above.
California residents may exercise their rights by contacting us at raine@powrtrainingapp.com. We will verify your identity before processing your request, which may require you to provide additional information or verify ownership of your account.
This Privacy Policy is governed by the laws of the State of California, United States, without regard to conflict of law principles. However, your statutory privacy rights under applicable local laws (including GDPR, CCPA, PIPEDA) remain unaffected and take precedence where they provide greater protection.
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the following information:
For General Privacy Questions:
Email: raine@powrtrainingapp.com
Response time: Within 5 business days
For Data Subject Rights Requests:
Email: raine@powrtrainingapp.com with subject line "Data Rights Request"
We will respond to verified requests within 30 days (45 days for California residents)
For California Residents - Authorized Agent Requests:
If submitting a request through an authorized agent, the agent must provide proof of authorization and you must verify your identity directly with us.
For EU/EEA/UK Residents:
You may also contact your local data protection supervisory authority if you have concerns about how we process your personal information. A list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en
When contacting us regarding privacy matters, please provide:
We may require additional information to verify your identity before processing certain requests, which may include confirming account credentials, answering security questions, or providing government-issued identification (for high-risk requests only).
We are committed to resolving any complaints or concerns you may have about our privacy practices. If you have a complaint that we have not addressed satisfactorily, you may have the right to seek recourse through alternative dispute resolution mechanisms or regulatory bodies in your jurisdiction.
Thank you for trusting Powr with your training data. We are dedicated to protecting your privacy while helping you achieve your powerlifting goals.
END OF PRIVACY POLICY