PRIVACY POLICY
This Privacy Policy explains how TORQ ("we", "us", "our") collects, uses, and protects your information when you use our iOS application and our website at torqapp.co.uk.
We're a small UK-based business and we keep things deliberately simple: the app stores everything on your device, the website tracks page views for ads only, and Stripe handles all payment data. We don't run servers, we don't sell data, and we don't profile our users.
TORQ is operated by Oliver, a sole trader based in the United Kingdom. This policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and references the California Consumer Privacy Act (CCPA) for visitors from California.
1. The TORQ iOS App
The app collects nothing.
TORQ is a local-first iOS application. This means:
- No user accounts. You don't sign up, you don't log in.
- No servers. The app does not communicate with any backend.
- No analytics. We do not track app usage, screen views, button taps, or crash data.
- No third-party SDKs that collect data. The app uses Apple's standard frameworks only.
- All workout, nutrition, bodyweight, and tier data is stored locally on your device using iOS AsyncStorage. It does not leave your phone.
If you have iCloud Backup enabled on your iPhone, your TORQ data is included in the standard iCloud device backup, encrypted by Apple and governed by Apple's Privacy Policy. We have no access to this backup.
2. The TORQ Website (torqapp.co.uk)
Our website is hosted on Netlify and uses one tracking technology: Meta Pixel.
2.1 Meta Pixel
The website uses Meta Pixel (Pixel ID: 1256081949398477) provided by Meta Platforms Inc. This is a piece of JavaScript that records:
- When you visit the site (page view events)
- When you click checkout buttons or other key calls-to-action
- Your approximate location (country-level, derived from IP address)
- Your browser type and operating system
- Whether you converted (purchased lifetime access through Stripe)
We use this data for one purpose: to show TORQ adverts on Instagram and Facebook to people who have visited the site, and to measure whether those adverts result in purchases. It is not used to build a profile of you, sold to third parties, or shared with anyone other than Meta.
Meta is the joint data controller for the Pixel data. Meta's use of this data is governed by Meta's Privacy Policy.
How to opt out of Meta Pixel: You can opt out of Meta tracking via Meta's Ad Preferences page, by enabling Limit Ad Tracking in your device settings, by using a browser with Do Not Track enabled, or by installing an ad blocker.
By continuing to use this website, you consent to the use of Meta Pixel as described above. If you do not consent, please leave the site or use the opt-out methods listed.
2.2 Hosting and Server Logs
Our website is hosted by Netlify Inc. Netlify automatically records standard server log information for every visit, including:
- IP address
- Browser type and version
- Pages visited and timestamps
- Referring website
These logs are used by Netlify for security, abuse prevention, and infrastructure operation. They are retained according to Netlify's Privacy Policy. We do not access these logs except in the case of investigating suspected abuse.
2.3 Email Capture Form
The homepage contains an email capture form ("Get notified when Tier 1 sells out"). If you submit your email address through this form, it is stored by Netlify Forms.
We do not currently send any marketing emails. At present we have no email-sending infrastructure in place. If and when we begin sending emails (for product announcements, launch updates, or similar), every email will include:
- A clear and accurate subject line — no clickbait or deceptive headers
- An unsubscribe link in the footer of every message
- Our identity and contact details
You can request deletion of your email address at any time by messaging @TorqApp on Instagram.
3. Payments
When you purchase lifetime access through our website, payment is processed by Stripe, an independent payment processor. Stripe collects your card details, billing address, and payment metadata directly. We never see, store, or have access to your card information.
We receive only the following from Stripe when a purchase completes:
- The email address you provided at checkout (to send your TestFlight invite)
- The amount paid and the transaction ID
- Country of payment (for VAT/tax purposes only)
Stripe's handling of your payment data is governed by Stripe's Privacy Policy.
For subscription purchases made through the iOS App Store (monthly or annual TORQ subscriptions), Apple handles all payment processing. We receive no payment data from Apple — only confirmation that a subscription is active for a given Apple ID. See Apple's Privacy Policy.
4. Third-Party Services Summary
To be fully transparent, here is every third party that has access to any data related to your use of TORQ:
- Apple — iOS app distribution, in-app subscription processing, TestFlight delivery
- Netlify — Website hosting, form submissions storage
- Meta (Facebook/Instagram) — Website analytics via Meta Pixel, ad delivery
- Stripe — Lifetime access payment processing
- Google Fonts — The website loads typefaces from Google Fonts, which may log your IP address. See Google's Privacy Policy.
That's the complete list. We use no other analytics tools, no CRM, no marketing automation, no chat support tool (the on-site chatbot is a local-only keyword matcher that does not transmit your messages anywhere).
5. Your Rights Under UK GDPR
If you are a UK or EU resident, you have the following rights regarding your personal data:
- Right of access — you can request a copy of any personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure ("right to be forgotten") — you can ask us to delete your data
- Right to restrict processing — you can ask us to stop using your data in certain ways
- Right to data portability — you can ask for your data in a portable format
- Right to object — you can object to our processing of your data, including for marketing
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time
- Right to lodge a complaint — you can complain to the UK Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data
To exercise any of these rights, contact us at @TorqApp on Instagram. We respond within 30 days.
Our legal basis for processing your data:
- Performance of a contract — for processing payments and delivering access to TORQ after purchase
- Legitimate interests — for website hosting logs, security, and basic operational data
- Consent — for Meta Pixel tracking (signified by continued use of the site) and any future email marketing
6. Notice for California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:
- The right to know what categories of personal information we collect about you
- The right to request deletion of your personal information
- The right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioural advertising
- The right not to be discriminated against for exercising any of these rights
We do not sell personal information for money. However, our use of Meta Pixel for retargeting advertising may be considered "sharing" of personal information under California law. To opt out, use the methods described in Section 2.1 above (Meta Ad Preferences, Limit Ad Tracking, browser settings).
To exercise your CCPA rights, contact @TorqApp on Instagram. We respond within 45 days as required by California law.
7. Data Retention
- App data — stored on your device until you delete the app. We have no copy.
- Email addresses (from waitlist form) — retained until you request deletion or until we close the waitlist, whichever is sooner.
- Stripe payment records — retained by Stripe according to their policy and applicable financial regulations (typically 7 years for tax purposes in the UK).
- Server logs — retained by Netlify per their policy (typically 30 days).
8. Children's Privacy
TORQ is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently received data from a minor, please contact us and we will delete it.
9. International Transfers
Some of our service providers (Meta, Stripe, Netlify, Google) are based in the United States. When your data is transferred outside the UK or EU, those providers rely on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms approved by the UK Information Commissioner's Office to ensure your data is protected to UK GDPR standards.
10. Security
The app holds no data we can leak — everything is on your device. For the website, we use HTTPS encryption for all traffic. Stripe handles all payment data with PCI-DSS Level 1 compliance. We do not store any sensitive data ourselves.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be noted at the top of this page (the "Last Updated" date). For significant changes, we will post a notice on the homepage.
12. Contact Us
For any privacy questions, requests to exercise your rights, or to report a concern:
- Instagram DM: @TorqApp
We aim to respond within one business day for general questions and within 30 days for formal data rights requests (45 days for CCPA requests, as required by California law).
The short version, again: The app collects nothing. The website uses Meta Pixel for Instagram retargeting only. Stripe handles payment. You have full GDPR rights and we'll honour them. DM @TorqApp for anything.