Legal

Privacy Policy

Last updated: April 30, 2026

The short version: Forge stores everything on your phone. We never see your data, never collect it, and don't have servers to send it to. The only external call the app ever makes is an optional barcode lookup — and nothing about you goes along with it.

Who we are

Forge is a personal training app built by Tate Gillespie. You can reach me at tate.gillespie@gmail.com with any questions about this policy.

Forge is open-source software. The full source code is available on GitHub, so anyone can verify exactly what the app does and does not do.

What data Forge collects

Nothing. Forge does not collect, transmit, or store any personal information on external servers. There are no user accounts, no sign-ups, and no cloud sync. Every workout log, meal entry, body measurement, and setting you create lives only on your device.

Here is what the app stores locally and why:

All of this data is stored in your device's local file system using Expo's secure file storage APIs. It never leaves your phone unless you choose to export it.

The one network request Forge makes

When you scan a food barcode, Forge sends that barcode number to the Open Food Facts API — a free, open-source food database — to look up nutrition facts. That is the only external network call the app makes.

What is sent: a barcode number (e.g., 0012345678905).
What is not sent: your name, location, device ID, Apple ID, or any information that identifies you.

Open Food Facts is a non-profit project with its own privacy terms. They log API requests as any web server does, but those logs contain only the barcode, a timestamp, and a generic IP address — nothing that connects the request to you as a Forge user.

Barcode scanning is optional. You can log all food manually without ever triggering this request.

Apple Health (optional)

Forge can optionally read workout and health data from Apple Health — specifically workout duration, heart rate, and calories burned after a training session. This connection is read-only: Forge never writes anything to Apple Health.

Apple Health access requires your explicit permission through iOS's standard permissions dialog. You can grant or revoke this permission at any time in Settings → Health → Data Access & Devices → Forge.

Health data pulled from Apple Health stays on your device and is used only to display post-workout stats. It is not transmitted anywhere.

iCloud backup

iOS may include your Forge data in your iCloud backup if you have iCloud backup enabled on your device. This is standard iOS behavior for all apps. Forge does not initiate or control iCloud sync — it is entirely governed by your device settings.

If you do not want Forge data included in iCloud backups, you can exclude it in Settings → [Your Name] → iCloud → Manage Storage → Backups → [Your Device].

Third-party SDKs and analytics

Forge contains no analytics SDKs, no crash reporters, no ad networks, and no tracking libraries. There is no Firebase, no Mixpanel, no Amplitude, no Facebook SDK — nothing that phones home about how you use the app.

The libraries Forge uses are limited to rendering the UI, reading/writing local files, and accessing Apple Health. None of them collect or transmit user data.

Children's privacy

Forge does not collect personal information from anyone, including children under 13. Because no data is collected, Forge is consistent with COPPA requirements, though it is not specifically designed for children.

Changes to this policy

If we ever add a feature that changes how data is handled (for example, optional cloud backup), we will update this policy and note the date of the change at the top. We will not make changes that reduce your privacy without first surfacing them clearly in the app.

Your rights

Because Forge never receives your data, there is nothing for us to delete, export, or correct on our end. All your data is on your phone — you own it entirely. You can delete everything by uninstalling the app.

If you have questions or concerns about privacy, email tate.gillespie@gmail.com.