Privacy Policy

Obsidian ("we," "us," or "our") provides a workout tracking application. This Privacy Policy describes how we process information when you use our website and app.

Summary

• Guest mode keeps workout data on your device. We do not receive it unless you choose to create an account and sync.
• Account holders can back up workouts to our cloud infrastructure so data syncs across devices.
• You can export your data to CSV and delete your account from settings.
• We do not sell your personal information.
• We do not run third-party analytics or advertising trackers on the website or app.

Information we collect

Information you provide

If you create an account, we collect your email address and authentication credentials managed by our auth provider. You may also store workout logs, programs, workout templates, bodyweight entries, and profile preferences such as lbs vs kg, RIR vs RPE, and theme preference.

Information stored locally (guest mode)

In guest mode, workouts and settings are stored on-device in your browser. That data stays on your device and is not uploaded to our servers unless you register for an account.

Service providers and logs

We do not collect page views, click events, or other product usage telemetry in the app today. When you visit the website or use a signed-in account, our hosting, authentication, and database providers may process standard request data, such as IP address, browser type, and device type, to deliver the service, maintain security, and prevent abuse. We receive that information only through those providers, not to track how you use individual features.

If you contact us for support, any browser or device details you include in your message are used only to respond to that request.

How we use information

• Provide workout logging, programs, progress charts, and sync.
• Authenticate you and keep your account secure.
• Respond to support requests you send us.
• Operate, maintain, and improve the reliability and security of the service.
• Comply with law and enforce our Terms of Service.

How we share information

We do not sell your personal information. We share data only with service providers that help us run Obsidian, such as hosting, authentication, and database providers, under contracts that limit their use of your data. We may disclose information if required by law or to protect the rights, safety, and security of users and the service.

Data retention

We keep account and workout data while your account is active. When you delete your account, we delete your data immediately, both in the cloud and on your device.

Your choices and rights

• Export: Download your set history as CSV from Account settings. See CSV export.
• Delete: Remove your account and cloud data from Account settings.
• Guest mode: Use the app without an account. See guest mode.
• Access and correction: Contact us to request access to or correction of personal information we hold about you, where applicable law provides that right.

Training logs can be personal. We design Obsidian so you control where data lives, and we apply standard safeguards when you choose cloud backup.

Your responsibilities

• Use a strong, unique password for your account.
• Sign out on shared devices.
• Keep your browser and operating system updated.
• Export backups periodically if long-term retention matters to you.

Reporting issues

If you discover a security vulnerability or suspect unauthorized access to your account, contact us through the contact page. Please include enough detail for us to reproduce the issue. We ask that you do not publicly disclose vulnerabilities until we have had a reasonable chance to address them.

No online service can guarantee absolute security. We work to reduce risk, but you should maintain your own backups for data that matters to you.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Continued use after changes means you accept the updated policy.