Privacy Policy
Last updated: March 2026
Protecting your personal data is a priority for Loaded. This policy explains what data we collect, why we collect it, and how we protect it.
1. Data Controller
Hugo Lafaye
Email: contact@loaded.fit
2. Data Collected
Loaded collects the following data when you use the application:
| Category | Data | Purpose |
|---|---|---|
| Account | Name, email, password (hashed), profile picture | Account creation and management |
| Sport profile | Discipline, goals, body measurements, weight | Personalization of the experience |
| Training | Sessions, exercises, sets, weights, RPE | Performance tracking and analysis |
| Nutrition | Foods consumed, recipes, macro targets | Nutritional tracking |
| Health | Apple Health data (sleep, heart rate, steps) | Cross analysis and readiness score |
| Social | Posts, comments, follows | Community features |
| Technical | Device, OS, error logs | Application improvement |
3. Health Data
Loaded processes data considered sensitive under the GDPR (data relating to health and physical condition). This data is collected only with your explicit consent and is processed with reinforced security measures.
Apple Health data is read only with your explicit authorization via the iOS permissions system. It is never shared with third parties.
4. Legal Basis for Processing
- Consent — Health data, Apple Health data, analytics cookies
- Contract performance — Data necessary for the operation of the service (account, training, nutrition)
- Legitimate interest — Technical data for service improvement and abuse prevention
5. Retention Period
- Account data — Retained for the duration of use of the service, then 3 years after account deletion
- Training and nutrition data — Retained during use, deleted at the user's request
- Technical data — 12 months maximum
- Billing data (Coach) — 10 years (legal obligation)
6. Data Sharing
Your data is never sold. It may be shared with:
- Your coach — If you are followed by a coach on the platform, they have access to the training and nutrition data you choose to share
- The community — The data you voluntarily publish on the social feed
- Technical subprocessors — Hosting (Hetzner, Cloudflare), payments (Stripe), analytics (anonymized)
7. Security
We implement appropriate technical and organizational measures: encryption of data in transit (TLS) and at rest, password hashing (bcrypt), secure authentication (JWT), restricted access to production data, regular backups.
8. Your Rights
In accordance with the GDPR, you have the following rights:
- Access — Obtain a copy of your personal data
- Rectification — Correct inaccurate data
- Erasure — Request the deletion of your data
- Portability — Receive your data in a structured, readable format
- Objection — Object to the processing of your data
- Restriction — Request restriction of processing
- Withdrawal of consent — Withdraw your consent at any time
To exercise these rights, contact us at contact@loaded.fit. We will respond within 30 days.
9. Cookies
The loaded.fit website uses only technical cookies necessary for the operation of the site. No advertising or third-party tracking cookies are used. Anonymized analytics cookies may be used with your consent.
10. Hosting and Transfers
Your data is hosted in Europe: the application infrastructure is located in Germany (Hetzner Online GmbH) and the website is distributed via Cloudflare (Western Europe). Some subprocessors (Stripe for payments) may process data outside the European Union. These transfers are governed by standard contractual clauses approved by the European Commission or by adequacy decisions.
11. Complaint
If you believe that the processing of your data does not comply with regulations, you may lodge a complaint with the relevant data protection authority — for French residents, the CNIL (cnil.fr); for UK residents, the ICO (Information Commissioner's Office, ico.org.uk); or the data protection authority of your country of residence within the EU.
12. Changes
This policy may be updated. In the event of a substantial change, users will be informed through the application or by email. The date of last update is shown at the top of this page.