PerfLog is a strength-training app built around a simple requirement: your data belongs to you. This policy explains what that means in practice, and lists your rights under the GDPR.
In accordance with Article 13.1.a of the GDPR, the controller of the data processed by PerfLog is:
Vincent BERHOUET
Natural person — personal, non-commercial project
Email: contact@perflog.app
Vincent BERHOUET also acts as the data protection point of contact (functional DPO equivalent for personal processing — Art. 37 is not mandatory here but is formalised to make your GDPR requests easier).
By default, all your data — programs, sessions, sets, annotations, per-exercise personal notes, body measurements, personal records, the optional information entered for the calorie-estimation calculator (year of birth, height, biological sex, activity level), regularity badges and first-launch date, preferences — is stored only on your device, inside the app's isolated sandbox (inaccessible to other apps). Encryption at rest is provided by the operating system: Data Protection AES-256 on iOS (key tied to the device passcode, decryption handled by the Secure Enclave) and File-Based Encryption (FBE) on Android 7+. No data leaves your device without an explicit action on your part.
Optionally, you can enable Cloud Backup in Settings → Cloud to sync your data across several devices or to protect it against phone loss. This feature is disabled by default and requires your explicit opt-in. Once enabled, the backup runs automatically and silently (at the end of each completed session and when the app moves to the background); no notification or action is requested during use, and you can disable it at any time.
When you enable Cloud Backup:
PerfLog embeds no tracking or behavioural-analytics tool: no Firebase, no Crashlytics, no Sentry, no Mixpanel, no Amplitude, no Google Analytics, no Meta Pixel. This absence is verified by a dedicated CI gate (FR49) that inspects dependencies and source code on every commit. The full audit report is in the public repo: docs/privacy/no-tracking-audit.md.
This rule also applies to the Cloud module: no telemetry, no remote crash reporting, no fingerprinting.
The app does not request, capture or store any location data. No geolocation, camera, microphone, photos, contacts, or advertising-identifier (IDFA / Advertising ID) permission is ever requested.
Your body measurements (weight, arm, thigh and chest circumference), your per-exercise personal notes (a free-text field where you can jot a reminder such as "increase the weight next time" or "watch the lower back"), as well as the optional information entered for the calorie-estimation calculator (year of birth, height, biological sex, activity level) may qualify as health data under Article 9 of the GDPR. PerfLog processes it:
The processing remains compliant with Art. 9 GDPR because (a) it is limited to your personal use, (b) E2E encryption guarantees the data never leaves your sphere of control in a readable form, and (c) the data-minimisation principle (Art. 5.1.c) is strictly applied: for example, the calorie calculator asks for the year of birth (4 digits), not the full date.
Important note on the calorie calculator: it provides an indicative estimate (the scientific Mifflin-St Jeor formula, 1990) of your daily energy expenditure. This information does not constitute nutritional advice or a medical act. No calorie-intake prescription (weight loss/gain) is ever made. The raw result is left to your own interpretation and does not replace professional advice.
Important note on per-exercise personal notes: this free-text field is strictly local by default and E2E-encrypted if Cloud Backup is enabled. Avoid recording sensitive medical information (diagnoses, prescriptions) that you would not want associated with your device. Content is capped at 2,000 characters per exercise.
Local use of PerfLog requires no account, no login. No IDFA (iOS), no Advertising ID (Android), no sign-in via Google / Apple / Facebook.
If and only if you enable Cloud Backup, you will create an account based on your email address (authentication via magic link or 6-digit code — no password to remember). This email is the sole identifying datum, retained by our host Supabase to manage authentication.
Each processing of data by PerfLog rests on a specific legal basis:
| Processing | Legal basis | Reference |
|---|---|---|
| Local storage (sessions, measurements, programs) | Household exemption — strictly personal use | Art. 2.2.c |
| Enabling Cloud Backup | Explicit consent via dedicated opt-in | Art. 6.1.a + Art. 9.2.a (health) |
| Email authentication for the Cloud | Performance of a pre-contractual measure (creating the cloud account at your request) | Art. 6.1.b |
| Retaining the encrypted blob while you use the app | Performance of the Cloud service contract | Art. 6.1.b |
| Automatic deletion after 24 months of inactivity | Legal storage-limitation obligation | Art. 5.1.e |
| Breach-notification procedure | Legal obligation | Art. 33 |
You can withdraw your consent to Cloud Backup at any time from Cloud → "Disable cloud backup" — withdrawal is immediate and purges the server-side data without affecting your local device.
In accordance with the General Data Protection Regulation (EU 2016/679), you have the following rights. For local data, they are exercisable directly from the app. For cloud data (if enabled), they are also exercisable from the app, without needing to contact us:
No automated decision with legal effect (Art. 22) is made by the app: the coach's suggestions are indicative and non-binding.
PerfLog is intended for adult or supervised-teen use. In accordance with French law:
If you detect that a minor under 15 is using PerfLog without parental authorisation via Cloud Backup, contact contact@perflog.app — we will delete the account without delay in accordance with Art. 17.
No marketing targeting, advertising tracker or behavioural profiling is applied, including where the user is a minor (see Section 2).
The app itself has no processor when you only use local mode.
When you install PerfLog via Apple TestFlight or the App Store, Apple acts as an independent controller for the data it collects on its side (anonymised crash reports, beta-test telemetry). This processing is governed by Apple's policy and is not under our control.
If you enable Cloud Backup, we use the following processors to store your encrypted blob:
| Processor | Role | Region | DPA commitment |
|---|---|---|---|
| Supabase Inc. | Auth hosting, encrypted Storage, database | eu-central-1 (Frankfurt, Germany) | DPA incorporated via their Terms of Service (supabase.com/legal/dpa) |
| Amazon Web Services Inc. | Supabase's underlying cloud infrastructure | EU Central (Frankfurt) | Supabase sub-processor, AWS DPA auto-incorporated |
| Resend Inc. | SMTP relay to send the authentication magic link (email only) | eu-west-1 (Ireland) | Standard Resend DPA |
| GitHub Inc. (Microsoft) | Hosting of the Universal Links / App Links verification file on perflog.app | EU edge | Standard GitHub DPA |
All application data (sessions, measurements, programs) is E2E-encrypted before being sent to Supabase. None of these processors can read your content. They only see:
All application processing takes place within the European Union (Germany for Supabase + AWS, Ireland for Resend). However, some of these processors have a US parent company (Supabase Inc., Amazon Web Services Inc., Resend Inc.).
In accordance with the Schrems II ruling (CJEU, 16 July 2020) and the Data Privacy Framework (DPF, July 2023):
The detailed processing register and the applicable SCCs are available on request (contact@perflog.app).
Your local data stays on your device for as long as you wish. Uninstalling PerfLog also deletes the local database.
Your encrypted data is retained on Supabase for as long as you use the app. If you perform no sync for 24 consecutive months, your cloud account is automatically deleted (storage limitation, Art. 5(1)(e) GDPR). You receive 3 notification emails 60, 30 and 7 days before deletion. You can also manually enable the "Extended retention" option in Cloud → Settings, with a re-confirmation every 24 months.
Explicit account deletion: 30-day soft-delete (cancellable) then full purge including your blob, your email and the authentication history.
PerfLog applies reinforced technical and organisational measures:
_bmad-output/planning-artifacts/architecture.mddocs/security/threat-model.mddocs/legal/breach-response.mdAccepted limitation: PerfLog assumes a non-compromised device (non-jailbroken iOS, non-rooted Android). If your device is compromised at root level, confidentiality cannot be guaranteed (limitation L-MEM-1 of the threat model).
For any question about this policy, contact the data controller:
You also have the right to lodge a complaint with the CNIL (the French data-protection authority) if you believe the processing of your data infringes the GDPR:
docs/legal/retention-policy.mddocs/security/threat-model.mddocs/legal/breach-response.mdThis policy may evolve if the app changes. Any major change (in particular the addition of a processor or a change of purpose) will be flagged on the app's next launch and will require your renewed consent if you use Cloud Backup.
The last-revision date is shown below and accessible in the app via Profile → Privacy.