← BACK TO HOME

PRIVACY POLICY

LAST UPDATED · 27 JUNE 2026

This Privacy Policy explains how TORQ ("we", "us", "our") collects, uses, and protects your information when you use our iOS application and our website at torqapp.co.uk.

We're a small UK-based business and we keep things deliberately simple: your training data stays on your device, the app collects anonymised usage data (no personal identifiers) so we can see what's working and fix what's broken, the website tracks page views for ads, and Stripe handles all payment data. We don't run accounts, we don't sell data, and we don't tie any of it to your name.

TORQ is operated by Oliver, a sole trader based in the United Kingdom. This policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and references the California Consumer Privacy Act (CCPA) for visitors from California.

1. The TORQ iOS App

The app has no accounts and no login, and your training data stays on your device. Up to version 1.3 the app sent nothing off your phone at all. From version 1.3.1 it also collects anonymised usage data — no personal identifiers — so we can see which features people actually use and fix what's broken faster. This is on by default and you can turn it off in one tap. We previously collected nothing in the app, so we want to be straight about exactly what changed. Here's the full breakdown.

1.1 What stays on your device

Your actual training data never leaves your phone. None of the following is sent to us or anyone else:

All of this is stored locally on your device using iOS AsyncStorage. We hold no copy and have no way to read it. If you have iCloud Backup enabled, this data is included in Apple's standard encrypted device backup, governed by Apple's Privacy Policy. We have no access to that backup.

1.2 Anonymised usage data (PostHog)

To understand what's working and what isn't, the app records anonymised usage events using PostHog, provided by PostHog Inc. The point is simple: the more we know about which features matter to people, the faster we can improve the app. These events are not tied to your name, email, or any account, because there is no account.

What we collect:

What we never collect:

Because the device identifier is randomly generated and never linked to anything you've given us, we call this data anonymised rather than fully anonymous — technically it's pseudonymous, and we'd rather be precise than overclaim. Either way, we can't turn it back into a name and we can't contact you through it.

Where it's stored: We use PostHog's EU Cloud, hosted in the European Union (Frankfurt, Germany) for GDPR compliance. Your data is not transferred outside the EU. PostHog's handling of it is governed by PostHog's Privacy Policy.

How long we keep it: 90 days, then it's automatically deleted.

Legal basis: We rely on legitimate interest (UK GDPR Article 6(1)(f)) for this processing. The data is minimal, never identifies you personally, and the opt-out is one tap inside the app — which is why we don't ask for consent upfront. If you'd like a copy of our Legitimate Interests Assessment, email support@torqapp.co.uk.

Your control:

2. The TORQ Website (torqapp.co.uk)

Our website is hosted on Netlify and uses one tracking technology: Meta Pixel.

2.1 Meta Pixel

The website uses Meta Pixel (Pixel ID: 1256081949398477) provided by Meta Platforms Inc. This is a piece of JavaScript that sets cookies (including _fbp, and _fbc if you arrived from a Facebook or Instagram link) and records:

The honest version of what this tracks: the Pixel can see what you do on this website, including the moment you tap through to the App Store. It cannot follow you into the App Store or into the app — Apple does not share that with us or with Meta — so it does not know whether you actually downloaded TORQ, and it cannot see anything you do inside the app.

We use this data to show TORQ adverts on Instagram and Facebook to people who have visited the site, and to measure how those adverts perform. Meta is a joint data controller for the Pixel data, and Meta combines what it receives with its own records to power that ad targeting. We do not sell this data or share it with anyone other than Meta. Meta's use of the data is governed by Meta's Privacy Policy.

How to opt out of Meta Pixel: You can opt out of Meta tracking via Meta's Ad Preferences page, by enabling Limit Ad Tracking in your device settings, by using a browser with Do Not Track enabled, or by installing an ad blocker.

By continuing to use this website, you consent to the use of Meta Pixel as described above. If you do not consent, please leave the site or use the opt-out methods listed.

2.2 Hosting and Server Logs

Our website is hosted by Netlify Inc. Netlify automatically records standard server log information for every visit, including:

These logs are used by Netlify for security, abuse prevention, and infrastructure operation. They are retained according to Netlify's Privacy Policy. We do not access these logs except in the case of investigating suspected abuse.

2.3 Email Capture Form

The homepage contains an email capture form ("Get notified when Tier 1 sells out"). If you submit your email address through this form, it is stored by Netlify Forms.

We do not currently send any marketing emails. At present we have no email-sending infrastructure in place. If and when we begin sending emails (for product announcements, launch updates, or similar), every email will include:

You can request deletion of your email address at any time by messaging @TorqApp on Instagram.

3. Payments

When you purchase lifetime access through our website, payment is processed by Stripe, an independent payment processor. Stripe collects your card details, billing address, and payment metadata directly. We never see, store, or have access to your card information.

We receive only the following from Stripe when a purchase completes:

Stripe's handling of your payment data is governed by Stripe's Privacy Policy.

For subscription purchases made through the iOS App Store (monthly or annual TORQ subscriptions), Apple handles all payment processing. We receive no payment data from Apple — only confirmation that a subscription is active for a given Apple ID. See Apple's Privacy Policy.

4. Third-Party Services Summary

To be fully transparent, here is every third party that has access to any data related to your use of TORQ:

That's the complete list. We use no other analytics tools, no CRM, no marketing automation, no chat support tool (the on-site chatbot is a local-only keyword matcher that does not transmit your messages anywhere).

5. Your Rights Under UK GDPR

If you are a UK or EU resident, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at @TorqApp on Instagram. We respond within 30 days.

Our legal basis for processing your data:

6. Notice for California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:

We do not sell personal information for money. However, our use of Meta Pixel for retargeting advertising may be considered "sharing" of personal information under California law. To opt out, use the methods described in Section 2.1 above (Meta Ad Preferences, Limit Ad Tracking, browser settings).

To exercise your CCPA rights, contact @TorqApp on Instagram. We respond within 45 days as required by California law.

7. Data Retention

8. Children's Privacy

TORQ is intended for users aged 17 and over. We do not knowingly collect personal data from anyone under 17. If you believe we have inadvertently received data from a minor, please contact us and we will delete it.

9. International Transfers

Your in-app analytics data is stored in the European Union (PostHog EU Cloud, Frankfurt) and is not transferred outside the EU/UK.

Some of our other service providers (Meta, Stripe, Netlify, Google) are based in the United States. When your data is transferred outside the UK or EU, those providers rely on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms approved by the UK Information Commissioner's Office to ensure your data is protected to UK GDPR standards.

10. Security

Your training data stays on your device, so there's nothing on a server for us to leak. The only app data that leaves your phone is anonymised usage data, which holds no name, email, or account and is stored by PostHog in the EU. For the website, we use HTTPS encryption for all traffic. Stripe handles all payment data with PCI-DSS Level 1 compliance. We do not store any sensitive data ourselves.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be noted at the top of this page (the "Last Updated" date). For significant changes, we will post a notice on the homepage.

12. Contact Us

For any privacy questions, requests to exercise your rights, or to report a concern:

We aim to respond within one business day for general questions and within 30 days for formal data rights requests (45 days for CCPA requests, as required by California law).

The short version, again: Your lifts, bodyweight, and nutrition stay on your phone. The app sends anonymised usage data to PostHog (EU, 90-day retention, no name or account) so we know what to fix — toggle it off any time in Settings → Data Controls. The website uses Meta Pixel for Instagram retargeting. Stripe handles payment. You have full GDPR rights and we'll honour them. Email support@torqapp.co.uk or DM @TorqApp for anything.