← Back to home

Privacy Policy

Last updated: June 16, 2026

1. Introduction

NorLevel ("we", "our", or "the App") is a fitness and nutrition application that provides personalized training programs, workout tracking, strength grading, and nutrition logging. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

By creating an account and using NorLevel, you agree to the practices described below.

The data controller responsible for your personal data is [LEGAL ENTITY NAME], established in [COUNTRY OF ESTABLISHMENT]. You can reach us about any privacy matter at hayk.grigoryan27@gmail.com.

2. Data We Collect

Account information

  • Email address (from your Google or Apple sign-in)
  • Authentication identifier issued by Firebase
  • Timezone (inferred from your device)

Profile and fitness data

  • Biological sex, height, weight, and age
  • Fitness goals and preferences
  • Answers you provide in questionnaires when enrolling in personalized programs — for example training background, available equipment, training days, injuries or areas to work around, and muscles you want to focus on
  • Workout logs: sets, reps, weights, durations, and completion status
  • Daily calorie and macronutrient targets

Nutrition data

  • Meal entries you log manually (food name, portion, calories, and macros)
  • Per-day completion status used to build your nutrition averages

Subscription and device data

  • Subscription status (whether you have an active premium subscription)
  • Push notification token, if you enable notifications
  • Limited device and diagnostic data automatically collected by our authentication and messaging providers (Firebase) to deliver notifications and keep your account secure — for example device model, operating-system version, app version, language, and timezone

We do not collect precise location data, contacts, browsing history, photos, or advertising identifiers.

3. How We Use Your Data

  • Personalized training: We use your profile and questionnaire answers to generate training programs tailored to your goals, fitness level, and any injuries or limitations you report. Programs are produced by a deterministic algorithm — not by profiling you for any other purpose.
  • Progress & strength grading: Workout logs power your progress views and your strength grade (Beginner to Elite), computed against published strength standards using your logged lifts and bodyweight.
  • Nutrition tracking: Manually logged meals power your daily totals, averages, and goal-based calorie estimates.
  • Account management: Email and subscription status are used to identify you, deliver premium features, and communicate important service updates.
  • Notifications: If enabled, we send push notifications related to your training and app activity.

We do not use your data for advertising, profiling for marketing purposes, or behavioural tracking across other apps or websites.

Legal bases for processing (EEA/UK users)

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:

  • Performance of a contract — to create and manage your account, generate your training programs, and deliver the features you sign up for.
  • Consent — for push notifications, and for any health-related inputs you choose to provide (such as injuries or limitations). You can withdraw consent at any time in the app.
  • Legitimate interests — to keep the Service secure, prevent abuse, and maintain and improve core functionality, balanced against your rights.
  • Legal obligation — where we must retain or process data to comply with applicable law.

4. How We Store and Process Data

Your data is stored in a managed PostgreSQL database (Neon). All data is transmitted over HTTPS, and backend services run on Google Cloud Run.

NorLevel is available to users worldwide. Regardless of where you live, your data is processed in data centers operated by our hosting vendors (Neon and Google Cloud) within the European Union or the United States. By using NorLevel from outside these regions, you consent to your data being transferred to and processed in them. Where transfers outside your region occur, we rely on standard contractual clauses and the security controls provided by our hosting vendors.

5. Third-Party Service Providers

We share your data only with the following service providers strictly to operate NorLevel. We do not sell your data, and we do not share it with advertisers, data brokers, or analytics vendors that profile users.

ProviderPurposeData handled
Firebase Authentication (Google)Sign-in and identityEmail, auth identifier
Firebase Cloud Messaging (Google)Push notificationsDevice token
Neon (PostgreSQL)Primary database for account and fitness dataAll application data
Google Cloud RunHosting the backend APIProcesses requests in transit
RevenueCatSubscription managementPurchase identifier, subscription status
Apple & Google (App Stores)In-app purchases and billingPurchase and billing data handled by the store

6. Data Retention

We keep your data for as long as your account is active. If you delete your account, your profile, workout logs, questionnaire answers, and meal entries are deleted from our database within 30 days. Backups may retain the data for up to 90 days before being overwritten.

Anonymous aggregate statistics (for example, counts of workouts logged) may be retained indefinitely as they cannot be used to identify you.

7. Your Rights

You can exercise the following rights at any time by using the in-app settings or by contacting us at hayk.grigoryan27@gmail.com:

  • Access: request a copy of the data we hold about you.
  • Correction: update your profile and questionnaire answers directly in the app.
  • Deletion: delete your account and all associated data from within the app's settings, directly on the web by signing in at our account deletion page, or by emailing us. Deletion is permanent and removes your profile, workout logs, questionnaire answers, and meal entries as described in Section 6.
  • Objection / restriction: ask us to stop processing certain data or to restrict how it is used.
  • Portability: receive your data in a machine-readable format.

If you are in the European Economic Area, the United Kingdom, or California, you also have the right to lodge a complaint with your local data protection authority.

8. Security

We use HTTPS for all data in transit, encrypted storage provided by our cloud vendors, and access controls on our backend services. No system is perfectly secure; please keep your account credentials private and report any suspected misuse to us.

9. Health Disclaimer

NorLevel provides general fitness and nutrition information for educational purposes only. It is not medical advice and is not a substitute for professional guidance. Consult a qualified healthcare or fitness professional before starting a new program or making significant changes to your diet or training.

10. Children

NorLevel is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

11. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights regarding your personal information:

  • Know / access: request the categories and specific pieces of personal information we have collected about you.
  • Delete: request deletion of your personal information.
  • Correct: request correction of inaccurate personal information.
  • Opt out of sale or sharing: we do not sell or share your personal information for cross-context behavioural advertising, so there is nothing to opt out of.
  • Limit use of sensitive personal information: the fitness and health-related inputs you provide may be considered sensitive personal information. We use them only to provide the Service you requested and never for advertising or profiling, which is within the permitted uses that do not require a separate limit option.
  • Non-discrimination: we will not discriminate against you for exercising any of these rights.

This section, together with Section 2 (the categories we collect) and Section 3 (the purposes for which we use them), serves as our notice at collection. You can exercise any of these rights using the in-app settings or by emailing hayk.grigoryan27@gmail.com; we will not require you to create an account solely to make a request and will verify your request against the account you already hold.

12. Changes to This Policy

We may update this Privacy Policy as the app evolves. When we make material changes we will update the "Last updated" date and, where appropriate, notify you in the app. Continued use after the update means you accept the revised policy.

13. Contact

Questions, requests, or complaints about this policy can be sent to hayk.grigoryan27@gmail.com.