Privacy policy

• Account info: email, display name, hashed password (bcrypt). Email is used to send password reset and verification links.
• Training data: workouts, sets, weights, body measurements, body weight logs. This is the core of what the app does. It belongs to you and is exportable as JSON or CSV from Settings.
• Progress photos (Pro): if you upload progress photos, the image files are stored on our server. Only you can view them. They are never used for training or shared.
• Subscription state: if you pay for Pro, Stripe stores your billing data. We store only your Stripe customer ID, subscription ID, and renewal date - no card details touch our servers.
• Page views: we log which pages you visit (path + timestamp + your user ID if signed in) so we can see what parts of the app are used. We do not store IP addresses or device fingerprints.

• IP addresses or geolocation
• Device fingerprints, advertising IDs, or analytics SDKs
• Contacts, calendars, photos beyond what you upload
• Anything from your phone outside this app

• Stripe- for payment processing. They see your email and card; we don't.
• Resend - for transactional emails (password reset, email verification). They see your email and the email body.
• Anthropic - if you use Pro features that generate written advice (Plateau Doctor, monthly recaps, auto-program builder), we send your relevant training numbers (no name, no email) to their API to generate the response. Anthropic does not train on this data.
• Cloudflare - serves the website and routes traffic. They see request headers as part of normal operation.

We do not sell or rent your data. We have never run an advertisement and don't intend to.

• Export: Pro users can download a full JSON or CSV dump from Settings at any time.
• Delete:the Settings page has a "Delete account" button. Confirming deletes your user row, which cascades to every workout, photo, measurement, and recap. We also cancel any active Stripe subscription. We do not keep backups of your data.
• Photo deletion: you can delete individual progress photos from the Photos tab. The image file is removed from disk.

We set one cookie - hoyst_session- which is a signed, HTTP-only token that keeps you logged in. We do not use third-party cookies. We do not use cookie consent banners because we don't track you cross-site.

Passwords are stored hashed (bcrypt). Sessions are signed and HTTP-only. The site is served over HTTPS. Photos are stored on a server only the developer has access to. No system is unbreakable; we recommend a unique password.

Hoyst is not designed for users under 13. If you believe a child has signed up, contact us and we will delete the account.

Questions, deletion requests, or concerns: [email protected]

If we change this policy materially, we'll email signed-in users. Smaller copy edits are reflected by the "Last updated" date at the top.