PowerliftingAI Ltd Back to Home

Privacy Policy

Last updated: 28 December 2025

PowerliftingAI Ltd (“we”, “our”, “us”) is committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and AI chatbot (the “Service”).

1. Information We Collect

  • Authentication Data: When you sign in with Google or another OAuth provider via Supabase, we collect your name, email, and profile picture to create and manage your account.
  • Chat and Interaction Data: We store encrypted messages and AI responses to provide chat continuity, improve model accuracy, and ensure service quality. Non-sensitive metadata such as chat titles and summaries may be stored in plain text.
  • Billing Information: Payments and subscriptions are handled securely by Stripe. We never store your full payment details on our servers.
  • Usage Data: We may collect non-identifiable analytics such as session duration, feature usage, or performance metrics to enhance the Service.

2. How We Use Your Information

  • To authenticate and manage your account.
  • To deliver and personalize chatbot interactions.
  • To process payments and manage subscriptions.
  • To secure our platform and detect misuse or abuse.
  • To improve our AI models and overall service performance.
  • We may analyze anonymized and aggregated chat queries internally to identify gaps in our knowledge base and improve informational coverage, without identifying individual users.

3. Data Storage and Encryption

User messages and AI responses are encrypted before storage in our Supabase database. Other non-sensitive information, such as chat names, summaries, and subscription data, may be stored unencrypted for functionality purposes. Access to all data is strictly controlled and logged.

4. Legal Basis for Processing

We process your personal data under the UK GDPR based on one or more of the following legal bases:

  • To perform a contract with you (e.g. providing the chatbot service).
  • With your consent (e.g. when authenticating with Google).
  • To comply with legal obligations.
  • For legitimate business interests, such as improving platform performance and security.

5. Data Retention

We retain personal data only as long as necessary to provide the Service or meet legal obligations. When you delete your account, all associated data — including messages, chat history, and subscriptions — is permanently deleted through a cascade process in our database.

6. Sharing Your Data

We never sell, rent, or trade your personal information. However, we may share limited data with trusted third-party processors who help us operate our Service:

  • Supabase: Authentication, database storage, and hosting.
  • Stripe: Secure payment processing and subscription management.
  • OpenAI / LLM Providers: To generate chatbot responses based on your queries. Chat data may be temporarily processed by these models but is not used to train third-party systems.

All third-party providers comply with strict data protection agreements and only process information as necessary to support our Service.

7. Your Rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Withdraw consent to data processing (where applicable).
  • Request a copy of your data (“data portability”) in a structured, commonly used format.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your rights have been violated.

You can submit any data access, deletion, or correction request by contacting us at powerlifting.ai.01@gmail.com. You can also delete your account directly from within the Service.

8. Security

We use encryption, access controls, and other technical safeguards to protect your information from unauthorized access, alteration, or disclosure. While we take strong precautions, no online service can guarantee absolute security.

9. International Data Transfers

Some of our service providers (e.g., Supabase or OpenAI) may process data outside the United Kingdom. In such cases, we ensure that adequate safeguards (such as Standard Contractual Clauses) are in place to protect your personal data.

10. Cookies & Local Storage

PowerliftingAI uses only strictly necessary cookies and local storage technologies required for authentication, security, and core platform functionality. These include Supabase session tokens and Stripe checkout state. We do not use analytics, tracking, or advertising cookies.

Because these cookies are essential to the operation of the Service, they cannot be disabled through individual consent. By continuing to use the Service, you acknowledge the use of these essential technologies.

11. Children’s Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we become aware that a minor’s information has been collected, we will delete it immediately.

12. Business Transfers

If PowerliftingAI Ltd is involved in a merger, acquisition, asset sale, or financing, user information may be transferred as part of that transaction in accordance with applicable data protection laws.

13. Global Privacy Control (GPC)

PowerliftingAI does not currently recognize or respond to Global Privacy Control (GPC) browser signals, as we do not sell or share personal information for advertising purposes.

14. Data Protection Officer

We are not required to appoint a formal Data Protection Officer (DPO) under UK GDPR at this time. However, all privacy-related matters are handled directly by management.

15. Updates to This Policy

We may update this Privacy Policy periodically to reflect new legal or operational requirements. The revised version will be posted here with a new “Last updated” date.

16. Contact Us

For privacy inquiries or data access requests, please contact us at powerlifting.ai.01@gmail.com.