Privacy Policy
Last updated: 19 July 2026
Overlood is a workout tracking app operated by Ruben Eppink, based in the Netherlands ("Overlood", "we", "us"). This policy explains what personal data we collect through the Overlood mobile app and this website (overlood.com), and what we do with it.
We are the data controller for the data described here. You can reach us at support@overlood.com.
The short version
- We collect what the app needs to work: your account and your training data.
- We run no advertising, no ad trackers, and no third-party analytics. This website sets no cookies.
- We never sell your data.
- Your data is stored in the European Union (Microsoft Azure, West/North Europe).
- Your training data is yours alone — nobody else on Overlood can see it.
Data we collect
Account and profile
- Email address and display name — needed to create and identify your account. Sign-in is handled by Auth0, our authentication provider.
- Optional profile details — date of birth, height, and biological sex. All optional; the app works without them. We store your date of birth rather than your age so it stays accurate.
- Profile photo — optional. The camera and photo-library permissions on your phone are used for this and nothing else; the microphone is never used.
- Preferences — units, language, rest timer, and similar app settings.
Training data
- Workouts — exercises, sets, weights, reps, effort ratings (RPE/RIR), timestamps, duration, and any notes you write.
- Routines and programs you create or follow.
- Body metrics — bodyweight, body measurements, and body-fat entries, if you log them.
- Imported history — if you import workout history from another app (such as Hevy or Strong), we store the parsed workout data. The uploaded file itself is discarded once the import finishes. The import also records your device's timezone to date your workouts correctly.
Collected automatically
- Request logs — our servers log the request method, path, response status, and duration of API calls. These logs are kept for 30 days.
- IP address — used transiently for rate limiting (protecting the service from abuse).
- Crash reports (mobile app only) — if the app crashes, a crash report is sent to Sentry so we can fix the bug. This is active only in release builds, and we have configured it not to include personally identifying information.
Data we do not collect
- No advertising identifiers, ad networks, or marketing trackers.
- No third-party analytics (no Google Analytics, no Amplitude, or similar).
- No location data, no contacts, no health-platform data (Apple Health / Google Fit).
- No payment data — Overlood is currently free.
How we use your data
- To provide the service — storing and syncing your training data and powering your progress charts and personal records. Legal basis: performance of our contract with you.
- To keep the service secure and working — rate limiting, request logs, and crash reports. Legal basis: our legitimate interest in running a secure, reliable service.
- Anonymous benchmarks (opt-in only) — the app has a setting, off by default, to contribute your demographics anonymously to future strength benchmarks. Nothing is used for this unless you switch it on. Legal basis: consent, which you can withdraw at any time in the app.
We do not sell your data or use it for advertising.
Sharing
Your training data is private to your account. Other Overlood users cannot see your workouts, body metrics, or profile. If we ever add social or coaching features that share data between users, they will be described here before they launch.
Service providers
We use a small number of processors to run Overlood. They process data on our behalf and are bound by data-processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Microsoft Azure | Hosting, database, and file storage | European Union (West/North Europe) |
| Auth0 (Okta) | Sign-in and account authentication | United States |
| Sentry | Crash reporting (mobile app) | United States |
| Expo (EAS) | Delivering app updates | United States |
| Apple App Store / Google Play | App distribution | United States / European Union |
Where a provider processes data outside the European Economic Area, transfers rely on recognised safeguards such as the EU–US Data Privacy Framework or Standard Contractual Clauses.
Cookies
This website (overlood.com) sets no cookies and runs no trackers — that is why there is no cookie banner. The mobile app does not use cookies; it stores its sign-in tokens in your device's secure storage.
Retention and deletion
- Your account and training data are kept for as long as your account exists.
- Server request logs are deleted after 30 days.
- Abandoned photo uploads are cleaned up after 24 hours.
- You can delete individual records — workouts, body metrics, routines, programs, your profile photo — directly in the app at any time.
- To delete your entire account and all associated data, email support@overlood.com from your account's email address and we will erase it. An in-app deletion flow is on its way; this policy will be updated when it ships.
Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- have your data erased;
- restrict or object to processing;
- receive your data in a portable format — the app includes an export of your full workout history as CSV or JSON;
- withdraw consent (for the opt-in benchmark setting) at any time;
- lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens.
To exercise any of these rights, email support@overlood.com. We respond within one month.
Age
Overlood is not intended for children under 16. We do not knowingly collect data from anyone under 16; if you believe we have, contact us and we will delete it.
Security
All traffic is encrypted in transit (HTTPS). Data is stored on Microsoft Azure with access limited to what the service needs. Sign-in credentials are handled by Auth0 — we never see or store your password. On mobile, tokens live in your device's secure storage.
Changes to this policy
When we change this policy, we update the date at the top. For material changes — new data collected, a new provider, or new sharing — we will notify you in the app or by email before the change takes effect.
Contact
Ruben Eppink (Overlood), the Netherlands — support@overlood.com