Privacy Policy
Last updated: March 26, 2026
This Privacy Policy explains how Joi & Laff Ltd ("Pact", "we", "us", "our") collects, uses, and protects your information when you use the Pact mobile application ("App"). By using the App, you agree to the practices described in this policy.
If you have questions, contact us at hello@joiandlaff.com.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name and username
- Email address
- Profile photo (optional)
- Authentication data (via email/password, Apple Sign-In, or Google Sign-In)
1.2 Fitness & Workout Data
When you use our fitness features, we collect:
- Workout logs: exercises performed, sets, reps, weights, duration, and calories burned
- Workout templates: custom and saved workout routines
- Scheduled workouts: planned workout dates and times
- Training plans: AI-generated multi-week plans, weekly progress, and performance history (weights, reps) used for progressive overload tracking
- Body measurements: weight, body fat, and other metrics you choose to log
- Goals: fitness goals and target settings
- Challenges: challenge participation and results
1.3 Health Data
- Sleep tracking: bedtime, wake time, and sleep quality ratings you log manually
- Apple HealthKit (iOS): with your permission, we read steps, heart rate, calories, and workout data from HealthKit. We may also write workout data back to HealthKit.
- Health Connect (Android): with your permission, we read and write similar health and activity data via Android Health Connect.
Health data is never sold, shared with advertisers, or used for purposes other than providing the App's core functionality. You can revoke health data access at any time through your device settings.
1.4 Nutrition & Diet Data
- Meal logs: food name, calories, protein, carbs, fat, meal type (breakfast/lunch/dinner/snack), and serving sizes
- Favourites: foods you save for quick access
- Food search queries: when you search for foods, your search terms are sent to the USDA FoodData Central API and, as a fallback, the Open Food Facts API (see Section 5). Search queries are not stored by Pact.
1.5 Social Data
- Friend connections and friend requests
- Squad (group) memberships, squad chat messages, and reactions
- Direct messages between users
- Activity feed posts, comments, and workout shares
- Stories (photos/videos shared with your squad)
- Blocked and muted user preferences
1.6 Device & Technical Data
- Device type, operating system, and app version
- Firebase Cloud Messaging (FCM) tokens for push notifications
- Crash reports and performance data (via Firebase)
We may request access to device features including the camera (for profile photos and stories), photo library, notifications, and Bluetooth (for connected fitness devices). Each permission is requested individually and can be revoked in your device settings.
1.7 Payment Data
Subscription payments are processed entirely by Apple (App Store) or Google (Google Play). We do not collect, store, or have access to your payment card details. Subscription status is managed through RevenueCat.
2. How We Use Your Information
We use your information to:
- Provide and operate the App's core features (workout tracking, training plans, social features, sleep and nutrition logging)
- Generate personalised AI training plans based on your goals and recent workout history
- Calculate progressive overload suggestions based on your performance data
- Display health and fitness insights, averages, and trends
- Send push notifications (workout reminders, streak nudges, training plan updates, squad messages)
- Enable social features (friend activity, squad chat, direct messages)
- Manage your subscription and premium feature access
- Improve the App through anonymised usage analytics
3. How We Store & Protect Your Data
Your data is stored in Google Firebase (Cloud Firestore and Firebase Authentication), hosted on Google Cloud infrastructure. Data is encrypted in transit (TLS) and at rest. Access to your data is restricted by Firestore security rules — each user can only read and write their own data.
While we take reasonable measures to protect your information, no system is completely secure. We encourage you to use a strong, unique password for your account.
4. How We Share Your Information
We do not sell your personal data.
We share information only in these limited circumstances:
- With other users: your profile name, username, profile photo, workout activity, and social posts are visible to friends and squad members based on your privacy settings.
- Service providers: we use third-party services to operate the App (see Section 5). These providers process data on our behalf and are bound by their own privacy policies.
- Legal requirements: we may disclose information if required by law, legal process, or to protect the rights, safety, or property of Pact or others.
- Business transfers: if Pact is acquired or merged, your data may be transferred to the new entity. We will notify you of any such change.
5. Third-Party Services
| Service |
Provider |
Purpose |
Data Shared |
| Firebase |
Google LLC |
Authentication, database, push notifications, analytics, crash reporting |
Account data, app usage, FCM tokens |
| RevenueCat |
RevenueCat Inc. |
Subscription management |
User ID, subscription status |
| Google Gemini |
Google LLC |
AI training plan generation |
Anonymised workout history, fitness goals (no personally identifiable information) |
| USDA FoodData Central |
U.S. Department of Agriculture |
Food and nutrition search (primary) |
Search queries only (not stored by Pact) |
| Open Food Facts |
Open Food Facts (non-profit) |
Food and nutrition search (fallback for UK/EU products) |
Search queries only (not stored by Pact) |
| ExerciseDB |
ExerciseDB |
Exercise demonstration images |
None (images loaded by URL) |
| Apple HealthKit |
Apple Inc. |
Health and activity data sync (iOS) |
Read/write with user permission only |
| Health Connect |
Google LLC |
Health and activity data sync (Android) |
Read/write with user permission only |
USDA FoodData Central data is public domain. Open Food Facts data is licensed under the Open Database License (ODbL). Nutritional data is queried in real-time and is not stored or redistributed by Pact.
6. Your Rights
You have the right to:
- Access your data — most data is visible directly in the App
- Correct your data — edit your profile, workouts, and logs at any time
- Delete your data — delete your account through the App's settings, or request deletion at hello@joiandlaff.com. Account deletion removes all associated data from our systems.
- Export your data — contact us to request an export of your personal data
- Withdraw consent — revoke permissions (health data, notifications, camera) at any time through your device settings
If you are in the EU/UK, you also have rights under GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.
7. Data Retention
- Active accounts: your data is retained for as long as your account is active.
- Deleted accounts: when you delete your account, all associated data is permanently removed from our systems within 30 days.
- Analytics data: anonymised, aggregated analytics may be retained indefinitely as they cannot be linked back to individual users.
8. Children's Privacy
Pact is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.
9. Push Notifications
With your permission, we send push notifications for:
- Workout reminders and streak nudges
- Training plan weekly updates and milestones
- Squad chat messages and friend activity
- Direct messages
You can disable notifications at any time in your device settings.
10. Cookies & Tracking
The Pact mobile app does not use cookies. We use Firebase Analytics for anonymised usage statistics. We do not use third-party advertising trackers or share data with ad networks.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Continued use of the App after changes constitutes acceptance of the updated policy. The "Last updated" date at the top reflects the most recent revision.
12. Contact Us
If you have questions about this Privacy Policy or your data, contact us: