Beat Your LastBack to app

Privacy Policy

Last updated: May 17, 2026

Beat Your Last (“BYL,” “we,” “us”) is a workout-tracking application. This Privacy Policy describes what personal information we collect when you use the service, how we use it, who we share it with, and the rights you have over it. By creating an account or using BYL you agree to this policy.

1. Information we collect

Account information. When you create an account, we collect your email address, a password (stored as a salted hash, never in cleartext), and an optional display name. You may also choose to record your body weight, training intensity preference, and similar profile settings.

Workout data. We store the workouts you log: exercises, sets, reps, weights, duration, distance, rest times, notes, personal-record (PR) history, challenges, and similar training metadata.

Subscription and billing. If you subscribe to Pro we process payment through Stripe. We do not see or store your card details; Stripe returns to us only the subscription status, plan, billing period, and a customer/subscription identifier. Stripe’s privacy notice governs the payment data they hold.

AI usage telemetry. When you generate a workout with our AI features we log the model used, input/output token counts, and computed cost. We do not store the full prompt or response content beyond what is needed to display the generated workout to you.

Error monitoring. If the app crashes or errors, Sentry captures a stack trace and environment metadata (browser, OS, page URL). We use this to diagnose and fix bugs. Sentry can be configured to attach a user ID to errors so we can correlate reports; we do not include workout data in error reports.

Analytics. We use Vercel Web Analytics, a privacy-respecting service that records aggregate page views and traffic sources without tracking individual users across sites and without setting third-party cookies.

Cookies and local storage. We use first-party cookies for authentication (keeping you signed in) and a small number of local-storage keys for client-side preferences (theme, last-used filters, the cookie-notice dismissal). See Section 6 for details and your choices.

2. How we use your information

We use the information described above to:

  • Provide the BYL service — authenticate you, store and display your workouts, generate AI workouts, deliver subscription features.
  • Bill you (only if you subscribe), via Stripe, and manage renewals and cancellations.
  • Diagnose errors, monitor performance, and detect abuse or fraud.
  • Communicate with you about the service: account verification, billing notices, security alerts, and (if you have not opted out) significant product updates.
  • Improve the product, including testing new features against aggregated, de-identified data.

3. Legal bases (EU / UK users)

Where GDPR applies, we rely on the following legal bases: contract (to provide the service you signed up for), legitimate interests (to keep the service secure, prevent abuse, and improve our product), consent (where required for optional cookies or marketing emails), and legal obligation (to respond to lawful requests).

4. Who we share your information with

We do not sell your personal information. We share it only with the sub-processors we rely on to run the service:

  • Supabase (database and authentication, hosted in the United States) — stores account, workout, and subscription-cache data.
  • Stripe (payment processing, US) — receives email and billing details when you subscribe.
  • Anthropic (AI model provider, US) — receives the prompt content needed to generate workouts. We do not send your account identifier to Anthropic.
  • Sentry (error monitoring, US) — receives error reports when the app crashes.
  • Vercel (hosting and aggregate web analytics, US) — serves the app and collects traffic-level metrics.

We may also disclose information if we are legally required to, to enforce our Terms, to protect the rights, property, or safety of users or the public, or in connection with a merger, acquisition, or sale of assets — in which case we will notify affected users.

5. International data transfers

BYL is operated from the United States and our sub-processors store data in the United States. If you access the service from the EU, UK, or another jurisdiction with stricter data-protection rules, your information is transferred to the US under standard contractual clauses or comparable safeguards.

6. Cookies and local storage

We use a small number of first-party cookies and local-storage keys:

  • Strictly necessary — Supabase auth-session cookies that keep you signed in. The service does not function without these.
  • Functional — local-storage keys for theme, UI preferences, and the cookie-notice dismissal flag.
  • Analytics — Vercel Web Analytics uses cookieless tracking for aggregate metrics.
  • Service worker / offline cache — BYL is a progressive web app and stores assets and pending writes locally so you can log workouts without a connection.

You can clear cookies and local storage through your browser settings at any time; doing so will sign you out and clear local preferences but will not delete your account.

7. Data retention

We keep your account and workout data for as long as your account is active. Database backups are retained for up to 30 days. When you delete your account, your personal data is removed from production systems immediately and from backups within the backup retention window. We may retain a minimal record of billing transactions for tax and accounting compliance, as required by law.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your workout data in a portable format.
  • Object to certain processing, or restrict how we process your data.
  • Withdraw consent where we rely on consent (without affecting past processing).
  • Lodge a complaint with your local data-protection authority (e.g. the ICO in the UK, your supervisory authority in the EU).

To exercise these rights, email help@beatyourlast.com from the address on your account. We respond within 30 days.

9. California residents (CCPA)

California residents have the right to know what personal information we collect, the categories of sources and third parties involved, and the purposes of collection; to request deletion; and to opt out of any “sale” of personal information. We do not sell personal information. To exercise these rights, contact us at the email above.

10. Security

We use industry-standard measures to protect your data: TLS in transit, encrypted-at-rest storage with our sub-processors, password hashing (bcrypt), row-level security in the database so each user can only access their own data, and least-privilege access for admins. No system is perfectly secure; we encourage you to use a strong unique password and to report any concerns to help@beatyourlast.com.

11. Children

BYL is not intended for users under 16 (or, in the United States, under 13). We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.

12. Changes to this policy

We may update this policy as the service evolves. When we make material changes we will update the “Last updated” date at the top and, where required by law, notify you by email or in-app. Continued use of BYL after a change constitutes acceptance of the revised policy.

13. Contact

Questions about this policy or your data? Email help@beatyourlast.com.