Legal Document
Privacy Policy
1. Overview
Lythe ("we," "our," or "us") is a flexibility and mobility training application. This Privacy Policy explains what personal data we collect when you use the Lythe mobile application (the "App"), how we use it, who we share it with, and the rights you have over your information.
By downloading or using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.
2. Who We Are
Lythe Pvt Ltd
Australia
Contact: hello@lythe.app
For EEA users, Lythe Pvt Ltd acts as the data controller for personal data processed under this policy.
3. Data We Collect
We collect the following categories of data:
3.1 Data You Provide During Onboarding
| Data | Why We Collect It | Required? |
|---|---|---|
| Date of birth | Age-appropriate exercise personalisation and to verify you are 13 or older | Yes |
| Biological sex | Calibrating flexibility baselines and programming guidance | Yes |
| Primary flexibility goal | Personalising your exercise program | Yes |
| Current muscle tightness regions | Identifying priority areas for your program | Yes |
| Physical activity level | Calibrating program intensity | Yes |
3.2 Data You Optionally Add Inside the App
| Data | Why We Collect It | Required? |
|---|---|---|
| Height | Optional program refinement | No |
| Weight | Optional program refinement | No |
3.3 Account & Authentication Data
When you create an account, we collect your email address and a securely hashed password. If you purchase a subscription, payment is processed by our payment provider (see Section 6); we do not store your full payment card details.
3.4 Exercise & Pose Data
During exercise sessions, Lythe uses your device camera to measure joint angles and body-position landmarks. This analysis happens entirely on your device — no camera images or video are ever transmitted to our servers.
We save numerical pose landmark coordinates and derived joint-angle measurements to your account to track your flexibility progress over time. These are numerical (x, y, z) coordinate values representing body-point positions — they are not images, video, or biometric identifiers such as fingerprints or facial geometry.
We store the results of your exercise sessions, including: joint angles measured, flexibility score, form score, hold duration, and session timestamps.
3.5 Device & Diagnostic Data
We automatically collect limited technical data to operate and improve the App:
- Device type, operating system version, and App version
- Crash reports and error logs
- App performance metrics (e.g., load times)
- Session frequency and feature usage (aggregated)
This data is collected via Firebase (see Section 6) and is not used to build advertising profiles.
3.6 Data We Do Not Collect
- Camera images or video recordings
- Precise or approximate GPS location
- Contacts, calendar, or microphone data
- Health data from Apple HealthKit or Google Health Connect (we do not read from or write to these platforms)
- Data from users under the age of 13 (we do not knowingly collect such data)
4. How We Use Your Data
We use the data we collect for the following purposes only:
- Providing the App: Delivering your personalised flexibility program, tracking your progress, and generating coaching feedback.
- Account management: Creating and maintaining your account, authenticating you, and sending transactional emails (e.g., password reset, account confirmation).
- Improving the App: Analysing aggregated, de-identified usage patterns to fix bugs and improve features.
- Processing payments: Enabling subscription purchases via our payment provider.
- Legal compliance: Meeting our obligations under applicable laws.
5. On-Device Processing & Camera Use
The App requests access to your device camera solely to analyse your body position during flexibility exercises. All pose detection is performed locally on your device using Google ML Kit Pose Detection — a machine learning framework that runs entirely on-device.
No images or video ever leave your device. Camera access is used in real time during a session only. The App does not record, store, or transmit any visual data.
Google ML Kit may contact Google's servers for software updates and to send anonymised performance metrics. You should be aware that Google processes this metrics data in accordance with Google's Privacy Policy. We have no control over that data and do not receive it.
You may revoke camera permission at any time in your device Settings. Revoking camera access will prevent the exercise-measurement features of the App from functioning.
6. Third-Party Services
Lythe uses the following third-party services. Each processes data only as necessary to provide their service and is bound by contractual data-processing obligations.
| Service | Provider | Purpose | Data Processed |
|---|---|---|---|
| Authentication & database | Google Firebase (Firestore, Auth) | Account creation, data storage, Cloud Functions | Email, user ID, exercise results, profile data |
| On-device AI / pose detection | Google ML Kit | Real-time pose analysis (on-device only) | Anonymised performance metrics sent to Google |
| Payment processing | RevenueCat | Subscription and in-app purchase management | Purchase tokens, subscription status (no card details) |
| Transactional email | SendGrid (Twilio) | Password reset, account notifications | Email address |
| Analytics | Google Analytics (GA4) | Website and app usage analytics | Anonymised device and usage data |
| App hosting | Google Firebase Hosting | Website delivery | IP address (standard server logs) |
We do not use advertising SDKs, tracking SDKs, or any analytics tools that build cross-app user profiles.
7. Data Sharing
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
- Service providers: The third-party services listed in Section 6, acting as data processors under our instructions.
- Legal requirements: When we are required to disclose data by law, court order, or governmental authority.
- Safety: When we believe disclosure is necessary to prevent harm or illegal activity.
- Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before any transfer occurs and before your data becomes subject to a different privacy policy.
8. Data Retention & Deletion
We retain your personal data for as long as your account is active or as needed to provide the App. Specifically:
- Account data (email, profile): Retained until you delete your account.
- Exercise & session data: Retained until you delete your account or request deletion of specific records.
- Diagnostic logs: Retained for up to 90 days, then automatically deleted.
- Payment records: Retained as required by applicable financial regulations (typically 7 years), held by our payment processors.
To delete your account and all associated data, go to Settings → Account → Delete Account within the App, or email us at hello@lythe.app. We will process your request within 30 days.
9. Security
We implement industry-standard security measures to protect your data:
- All data is transmitted over encrypted connections (HTTPS / TLS).
- Data stored in Firebase Firestore is encrypted at rest.
- Passwords are never stored in plain text.
- Access to production systems is restricted to authorised personnel only.
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
10. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. We collect date of birth during onboarding to verify minimum age eligibility.
If you believe a child under 13 has provided us with personal data, please contact us at hello@lythe.app and we will delete that data promptly.
Users aged 13–17 must have parental or guardian consent to use the App where required by local law.
11. Your Rights
Regardless of where you live, you may:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data via the App's profile settings.
- Delete your data by deleting your account (see Section 8).
- Export your exercise history data by emailing us.
- Withdraw consent at any time where processing is based on consent, without affecting prior processing.
To exercise any of these rights, contact us at hello@lythe.app. We will respond within 30 days.
12. California Residents — CCPA / CPRA
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know what personal information we collect, use, disclose, and sell.
- Right to delete your personal information (subject to exceptions).
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of your personal information.
- Right to non-discrimination for exercising your privacy rights.
We do not sell or share your personal information with third parties for cross-context behavioural advertising. We have not done so in the preceding 12 months.
To submit a verifiable consumer request, email hello@lythe.app with "CCPA Request" in the subject line.
13. International Data Transfers
Lythe is operated from Australia. Your data is stored on Google Firebase servers, which may be located outside your country of residence, including in the United States. Google participates in and complies with applicable data transfer frameworks.
For transfers from the EEA to the United States, we rely on Standard Contractual Clauses (SCCs) with Google and other service providers, as permitted under GDPR Article 46.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you via in-app notification and/or email at least 14 days before changes take effect.
Your continued use of the App after changes take effect constitutes your acceptance of the revised policy. If you do not agree to the revised policy, you may delete your account before the changes take effect.
15. Contact Us
For any privacy-related questions, requests, or concerns:
Email: hello@lythe.app
Website: lythe.app
We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you have the right to complain to your local data protection authority.
This privacy policy was last updated on 1 May 2026. It applies to the Lythe iOS application and the website at lythe.app. The App is available in English, German, Italian, French, Spanish, and Portuguese. This policy is provided in English; localised translations are provided for convenience — the English version governs in the event of any conflict.