Privacy Policy

Last updated: 17 March 2026

1. Introduction

Sweatty ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit our website at sweatty.app or interact with our services.

By using our website, you agree to the practices described in this policy. If you do not agree, please do not use our website or submit any personal data.

2. Data We Collect

We collect the following types of personal data:

2.1 Information You Provide

  • Name: Your first name, provided when joining the waitlist.
  • Email address: Provided when joining the waitlist or contacting us.
  • Activity preferences: Your primary fitness activity interest (e.g., running, gym, yoga).

2.2 Information Collected Automatically

  • IP address: Collected for rate limiting, fraud prevention, and security purposes.
  • Cookies: We use essential cookies for site functionality (e.g., cookie consent preferences). See Section 6 below.
  • Browser and device data: Basic technical information such as browser type, operating system, and screen resolution may be collected through standard server logs.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Waitlist management: To register your interest, send confirmation emails, and notify you when Sweatty launches.
  • Marketing communications: To send you updates about Sweatty, launch information, and product news. You can unsubscribe at any time via the link in every email.
  • Security and fraud prevention: To detect and prevent bot submissions, enforce rate limits, and protect the integrity of our services.
  • Service improvement: To understand how visitors interact with our website and improve the user experience.

4. Data Storage and Security

We take the security of your data seriously. Measures we implement include:

  • All data is transmitted over HTTPS (TLS encryption in transit).
  • Passwords and sensitive tokens are hashed using industry-standard algorithms (HMAC-SHA256).
  • Database access is restricted and uses prepared statements to prevent SQL injection.
  • We enforce rate limiting and honeypot spam protection to prevent abuse.
  • Access to personal data is restricted to authorised personnel only.

Your data is stored on secure servers. While no method of electronic storage is 100% secure, we strive to use commercially acceptable means to protect your personal data.

5. Third-Party Services

We share your data with the following third-party service providers, solely for the purposes described in this policy:

  • Mailgun (Sinch Email): We use Mailgun to send transactional and marketing emails (e.g., waitlist confirmations, launch notifications). Mailgun processes your name and email address. Their privacy policy is available at mailgun.com/legal/privacy-policy.
  • Cloudflare: Our website is served through Cloudflare, which provides CDN, DDoS protection, and DNS services. Cloudflare may process your IP address and basic request data. Their privacy policy is available at cloudflare.com/privacypolicy.

We do not sell, rent, or trade your personal data to any third parties for marketing purposes.

6. Cookies

We use only essential cookies required for the basic functionality of our website:

  • cookie_consent: Records your acceptance of our cookie notice. Expires after 1 year.
  • Session cookies: Used for CSRF protection and form security. These are temporary and deleted when you close your browser.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You can request that we delete your personal data ("right to be forgotten").
  • Right to data portability: You can request a machine-readable copy of your data to transfer to another service.
  • Right to restrict processing: You can request that we limit how we use your data.
  • Right to object: You can object to our processing of your data for marketing purposes at any time.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time by unsubscribing or contacting us.

To exercise any of these rights, please contact us at privacy@sweatty.app. We will respond within 30 days.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy. Specifically:

  • Waitlist data is retained until the Sweatty app launches and you either create an account or request deletion.
  • If you unsubscribe from the waitlist, your data will be deleted within 30 days.
  • Server logs containing IP addresses are retained for up to 90 days for security purposes.

9. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: