Privacy Policy

1. Who we are

Data controller: Florian Bellotti (auto-entrepreneur), operating the Forto brand.

Contact: support@joinforto.com

2. What we collect

• Sign in with Apple: email (relay or real) and display name when you create an account.
• Account data: your training routines, sessions, sets, body weight, body measurements. All stored on-device first.
• Analytics: anonymous app usage events (which screens you visit, feature engagement) via PostHog. No personal training data is sent to analytics.
• Crash data: anonymized crash reports via Sentry to diagnose bugs.
• Subscription status: Apple StoreKit notifies us only of your subscription status (active / expired). No payment info ever reaches our servers.

3. How we use it

• Provide the tracking and AI coaching service you signed up for.
• Generate personalized training programs through our AI Coach (the LLM call is made server-side; only the prompt and minimal context are sent, no PII).
• Improve the app through aggregated, anonymous analytics.
• Detect and fix crashes.

4. Where it's stored

• On your iPhone: SwiftData local store (default). This is the primary location of all your training data.
• iCloud (optional): Apple-managed, EU GDPR-compliant. Only enabled if you turn on iCloud sync.
• Our backend (Hetzner, Germany, EU region): an encrypted Postgres snapshot of the minimum context needed by the AI Coach (recent sessions summary, active program). Used only to generate AI Coach responses. We do NOT store conversation history.

5. Who has access

• You, at all times.
• Apple. Sign in with Apple and StoreKit are subject to Apple's own privacy policy.
• Our LLM provider (currently Anthropic). It receives only the prompt and minimal context for each AI Coach request. No raw training data is ever exposed beyond what's needed for a single response.
• No third-party advertisers, no data sales, no cross-app tracking.

6. Your rights (GDPR / RGPD)

You have the right to access, rectify, delete, or export your data. Contact us at support@joinforto.com to exercise any of these rights. We will respond within 30 days.

7. Cookies & tracking

• This marketing site (joinforto.com): no tracking cookies, no third-party scripts.
• The Forto iOS app: no IDFA, no App Tracking Transparency prompt. We do not track you across other apps or websites.

8. Age restriction

Forto is rated 17+ on the App Store. Not intended for minors. Health-related content applies.

9. Medical disclaimer

Forto provides training information and AI-generated programs grounded in published exercise-science research. It is not medical advice. Consult a healthcare professional before starting any training program, especially if you have a pre-existing condition or injury.

10. Changes & contact

We notify users in-app on material changes to this policy. Effective date is updated above. Data Protection Officer: Florian Bellotti, support@joinforto.com.