PRIVACY POLICY
This Privacy Policy explains how TORQ ("we", "us", "our") collects, uses, and protects your information when you use our iOS application and our website at torqapp.co.uk.
We're a small UK-based business and we keep things deliberately simple: your training data stays on your device, the app collects anonymised usage data (no personal identifiers) so we can see what's working and fix what's broken, the website tracks page views for ads, and Stripe handles all payment data. We don't run accounts, we don't sell data, and we don't tie any of it to your name.
TORQ is operated by Oliver, a sole trader based in the United Kingdom. This policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and references the California Consumer Privacy Act (CCPA) for visitors from California.
1. The TORQ iOS App
The app has no accounts and no login, and your training data stays on your device. Up to version 1.3 the app sent nothing off your phone at all. From version 1.3.1 it also collects anonymised usage data — no personal identifiers — so we can see which features people actually use and fix what's broken faster. This is on by default and you can turn it off in one tap. We previously collected nothing in the app, so we want to be straight about exactly what changed. Here's the full breakdown.
1.1 What stays on your device
Your actual training data never leaves your phone. None of the following is sent to us or anyone else:
- Lift logs — the weights, reps, and sets you record
- Bodyweight and weight logs
- Nutrition and calorie entries
- Tier scores and strength history
- Routines and schedules
All of this is stored locally on your device using iOS AsyncStorage. We hold no copy and have no way to read it. If you have iCloud Backup enabled, this data is included in Apple's standard encrypted device backup, governed by Apple's Privacy Policy. We have no access to that backup.
1.2 Anonymised usage data (PostHog)
To understand what's working and what isn't, the app records anonymised usage events using PostHog, provided by PostHog Inc. The point is simple: the more we know about which features matter to people, the faster we can improve the app. These events are not tied to your name, email, or any account, because there is no account.
What we collect:
- Screen names you visit — e.g. "Home", "Sessions", "Strength Breakdown"
- Buttons and features you tap — e.g.
lift_entry_added, opening the radar, generating a session - The app version you're running and your iPhone model — so we can fix bugs faster
- A randomly generated device identifier — not your name, email, Apple ID, or anything else you've given us
- The country your phone reports
What we never collect:
- Your weights, lifts, reps, sets, or any training data
- Your name, age, height, or bodyweight
- Your notes or anything else you've typed into the app
- Your contacts, photos, or precise location
Because the device identifier is randomly generated and never linked to anything you've given us, we call this data anonymised rather than fully anonymous — technically it's pseudonymous, and we'd rather be precise than overclaim. Either way, we can't turn it back into a name and we can't contact you through it.
Where it's stored: We use PostHog's EU Cloud, hosted in the European Union (Frankfurt, Germany) for GDPR compliance. Your data is not transferred outside the EU. PostHog's handling of it is governed by PostHog's Privacy Policy.
How long we keep it: 90 days, then it's automatically deleted.
Legal basis: We rely on legitimate interest (UK GDPR Article 6(1)(f)) for this processing. The data is minimal, never identifies you personally, and the opt-out is one tap inside the app — which is why we don't ask for consent upfront. If you'd like a copy of our Legitimate Interests Assessment, email support@torqapp.co.uk.
Your control:
- Opt out anytime — open the app → Settings → Data Controls → toggle "Anonymous analytics" off. Events stop flowing immediately.
- Delete what's already there — email support@torqapp.co.uk with the words "delete my analytics data" and we'll remove it within 30 days.
- Export your local data — Settings → Data Controls → Export. This is everything TORQ holds about you, and it's all on your device.
- Delete your local data — Settings → Data Controls → Delete. This wipes everything off your phone.
2. The TORQ Website (torqapp.co.uk)
Our website is hosted on Netlify and uses one tracking technology: Meta Pixel.
2.1 Meta Pixel
The website uses Meta Pixel (Pixel ID: 1256081949398477) provided by Meta Platforms Inc. This is a piece of JavaScript that sets cookies (including _fbp, and _fbc if you arrived from a Facebook or Instagram link) and records:
- When you visit the site (page view events)
- When you tap a Download or Get the App button to go through to the App Store
- Your approximate location (country-level, derived from IP address)
- Your browser type and operating system
The honest version of what this tracks: the Pixel can see what you do on this website, including the moment you tap through to the App Store. It cannot follow you into the App Store or into the app — Apple does not share that with us or with Meta — so it does not know whether you actually downloaded TORQ, and it cannot see anything you do inside the app.
We use this data to show TORQ adverts on Instagram and Facebook to people who have visited the site, and to measure how those adverts perform. Meta is a joint data controller for the Pixel data, and Meta combines what it receives with its own records to power that ad targeting. We do not sell this data or share it with anyone other than Meta. Meta's use of the data is governed by Meta's Privacy Policy.
How to opt out of Meta Pixel: You can opt out of Meta tracking via Meta's Ad Preferences page, by enabling Limit Ad Tracking in your device settings, by using a browser with Do Not Track enabled, or by installing an ad blocker.
By continuing to use this website, you consent to the use of Meta Pixel as described above. If you do not consent, please leave the site or use the opt-out methods listed.
2.2 Hosting and Server Logs
Our website is hosted by Netlify Inc. Netlify automatically records standard server log information for every visit, including:
- IP address
- Browser type and version
- Pages visited and timestamps
- Referring website
These logs are used by Netlify for security, abuse prevention, and infrastructure operation. They are retained according to Netlify's Privacy Policy. We do not access these logs except in the case of investigating suspected abuse.
2.3 Email Capture Form
The homepage contains an email capture form ("Get notified when Tier 1 sells out"). If you submit your email address through this form, it is stored by Netlify Forms.
We do not currently send any marketing emails. At present we have no email-sending infrastructure in place. If and when we begin sending emails (for product announcements, launch updates, or similar), every email will include:
- A clear and accurate subject line — no clickbait or deceptive headers
- An unsubscribe link in the footer of every message
- Our identity and contact details
You can request deletion of your email address at any time by messaging @TorqApp on Instagram.
3. Payments
When you purchase lifetime access through our website, payment is processed by Stripe, an independent payment processor. Stripe collects your card details, billing address, and payment metadata directly. We never see, store, or have access to your card information.
We receive only the following from Stripe when a purchase completes:
- The email address you provided at checkout (to send your TestFlight invite)
- The amount paid and the transaction ID
- Country of payment (for VAT/tax purposes only)
Stripe's handling of your payment data is governed by Stripe's Privacy Policy.
For subscription purchases made through the iOS App Store (monthly or annual TORQ subscriptions), Apple handles all payment processing. We receive no payment data from Apple — only confirmation that a subscription is active for a given Apple ID. See Apple's Privacy Policy.
4. Third-Party Services Summary
To be fully transparent, here is every third party that has access to any data related to your use of TORQ:
- Apple — iOS app distribution, in-app subscription processing, TestFlight delivery
- PostHog — Anonymised in-app usage data, stored in the EU (Frankfurt)
- Netlify — Website hosting, form submissions storage
- Meta (Facebook/Instagram) — Website analytics via Meta Pixel, ad delivery
- Stripe — Lifetime access payment processing
- Google Fonts — The website loads typefaces from Google Fonts, which may log your IP address. See Google's Privacy Policy.
That's the complete list. We use no other analytics tools, no CRM, no marketing automation, no chat support tool (the on-site chatbot is a local-only keyword matcher that does not transmit your messages anywhere).
5. Your Rights Under UK GDPR
If you are a UK or EU resident, you have the following rights regarding your personal data:
- Right of access — you can request a copy of any personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure ("right to be forgotten") — you can ask us to delete your data
- Right to restrict processing — you can ask us to stop using your data in certain ways
- Right to data portability — you can ask for your data in a portable format
- Right to object — you can object to our processing of your data, including for marketing
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time
- Right to lodge a complaint — you can complain to the UK Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data
To exercise any of these rights, contact us at @TorqApp on Instagram. We respond within 30 days.
Our legal basis for processing your data:
- Performance of a contract — for processing payments and delivering access to TORQ after purchase
- Legitimate interests — for website hosting logs, security, basic operational data, and anonymised in-app usage data (UK GDPR Art. 6(1)(f); opt out any time in Settings → Data Controls)
- Consent — for Meta Pixel tracking (signified by continued use of the site) and any future email marketing
6. Notice for California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:
- The right to know what categories of personal information we collect about you
- The right to request deletion of your personal information
- The right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioural advertising
- The right not to be discriminated against for exercising any of these rights
We do not sell personal information for money. However, our use of Meta Pixel for retargeting advertising may be considered "sharing" of personal information under California law. To opt out, use the methods described in Section 2.1 above (Meta Ad Preferences, Limit Ad Tracking, browser settings).
To exercise your CCPA rights, contact @TorqApp on Instagram. We respond within 45 days as required by California law.
7. Data Retention
- App training data — stored on your device until you delete the app. We have no copy.
- In-app usage data (PostHog) — automatically deleted after 90 days. You can opt out at any time in Settings → Data Controls.
- Email addresses (from waitlist form) — retained until you request deletion or until we close the waitlist, whichever is sooner.
- Stripe payment records — retained by Stripe according to their policy and applicable financial regulations (typically 7 years for tax purposes in the UK).
- Server logs — retained by Netlify per their policy (typically 30 days).
8. Children's Privacy
TORQ is intended for users aged 17 and over. We do not knowingly collect personal data from anyone under 17. If you believe we have inadvertently received data from a minor, please contact us and we will delete it.
9. International Transfers
Your in-app analytics data is stored in the European Union (PostHog EU Cloud, Frankfurt) and is not transferred outside the EU/UK.
Some of our other service providers (Meta, Stripe, Netlify, Google) are based in the United States. When your data is transferred outside the UK or EU, those providers rely on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms approved by the UK Information Commissioner's Office to ensure your data is protected to UK GDPR standards.
10. Security
Your training data stays on your device, so there's nothing on a server for us to leak. The only app data that leaves your phone is anonymised usage data, which holds no name, email, or account and is stored by PostHog in the EU. For the website, we use HTTPS encryption for all traffic. Stripe handles all payment data with PCI-DSS Level 1 compliance. We do not store any sensitive data ourselves.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be noted at the top of this page (the "Last Updated" date). For significant changes, we will post a notice on the homepage.
12. Contact Us
For any privacy questions, requests to exercise your rights, or to report a concern:
- Email: support@torqapp.co.uk
- Instagram DM: @TorqApp
We aim to respond within one business day for general questions and within 30 days for formal data rights requests (45 days for CCPA requests, as required by California law).
The short version, again: Your lifts, bodyweight, and nutrition stay on your phone. The app sends anonymised usage data to PostHog (EU, 90-day retention, no name or account) so we know what to fix — toggle it off any time in Settings → Data Controls. The website uses Meta Pixel for Instagram retargeting. Stripe handles payment. You have full GDPR rights and we'll honour them. Email support@torqapp.co.uk or DM @TorqApp for anything.