Legal

Privacy Policy

Last updated: April 2026

Lucia Training Systems ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Lucia application, website, and related services (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Who We Are

Lucia Training Systems is the data controller for personal data collected through the Service. If you have any questions about this policy or how we handle your data, contact us at privacy@lucia.app.

2. Data We Collect

Data you provide directly

  • Account information: name, email address, password (hashed).
  • Profile data: height, weight, fitness goals, and other information you choose to provide.
  • Training data: workouts, exercises, sets, reps, weight, and session notes you log through the Service.
  • Communications: messages or feedback you send to us.

Data collected automatically

  • Usage data: features used, screens visited, session duration, and interaction patterns.
  • Device data: device type, operating system, app version, and unique device identifiers.
  • Log data: IP address, timestamps, crash reports, and diagnostic information.

Data from third parties

  • If you connect Apple HealthKit or Google Fit, we may receive health and activity data you authorise. This data is used only to enhance your training insights and is never sold.
  • If you sign in via Apple or Google, we receive basic profile information (name, email) from those providers.

3. How We Use Your Data

We use your personal data to:

  • Provide, operate, and improve the Service.
  • Personalise your experience and generate AI-powered training insights.
  • Track your personal records, volume trends, and readiness scores.
  • Send you important service notifications (e.g. account security, subscription updates).
  • Respond to your support requests and communications.
  • Analyse usage trends to improve our product (using anonymised or aggregated data where possible).
  • Comply with legal obligations.

We do not use your data to serve third-party advertising, and we do not sell your personal data to any third party.

4. Legal Basis for Processing (UK/EEA Users)

Where applicable under UK GDPR or the EU GDPR, we process your data on the following legal bases:

  • Contract: processing necessary to deliver the Service you've signed up for.
  • Legitimate interests: improving the Service, ensuring security, and preventing fraud.
  • Consent: for optional features such as health data integration (you can withdraw consent at any time).
  • Legal obligation: where we are required to process data by law.

5. Data Sharing

We share your data only in the following circumstances:

  • Service providers: trusted third-party vendors who help us operate the Service (e.g. cloud hosting, analytics, AI inference). These providers are bound by data processing agreements and may not use your data for their own purposes.
  • Legal requirements: if required by law, court order, or to protect the rights and safety of Lucia or others.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@lucia.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK: the ICO).

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. International Transfers

Your data may be processed in countries outside your own, including the United Kingdom and the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with applicable law.

11. Cookies & Tracking

Our website may use cookies and similar tracking technologies to improve your browsing experience and analyse site usage. You can control cookie preferences through your browser settings. We do not use tracking cookies for advertising purposes.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or email. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or concerns, please contact us at:
privacy@lucia.app

You may also review our Terms & Conditions.