Operator:
Moritz Kirchner (Sole Proprietor)
Zinkenwehr 33
96450 Coburg
Germany
Imprint:
Our Imprint can be found at https://liftistic.com/imprint.
Contact:
Email: support@liftistic.com
Web: https://liftistic.com/contact
Supervisory Authority:
Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach: https://www.lda.bayern.de
Under Art. 37 GDPR, our company is currently not required to appoint a Data Protection Officer. This assessment is reviewed at least annually or whenever significant changes occur. For any privacy inquiries, please use the contact details above.
This Privacy Policy applies to the use of the website Liftistic.com and the mobile application Liftistic (hereinafter "App" or "Service"). We process personal data strictly in compliance with the EU General Data Protection Regulation (GDPR), the German Telecommunications-Telemedia Data Protection Act (TTDSG), and applicable US laws (CCPA/CalOPPA).
• Contract performance (Art. 6(1)(b)): Account registration and login, use of the free trial, workout tracking features, payment processing for paid plans, transactional emails.
• Legal obligation (Art. 6(1)(c)): Tax and commercial record-keeping.
• Legitimate interest (Art. 6(1)(f)): Maintaining IT and data security, preventing abuse and fraud, and ensuring smooth, cost-effective service operations.
• Consent (Art. 6(1)(a)): Optional analytics and marketing via Cloudflare Web Analytics (cookie-free) and Google Tag (e.g., performance/conversion tracking, personalized ads).
• Explicit Consent (Art. 9(2)(a)): Processing of biometric/health data (Body Progress Photos) strictly for the user's tracking purposes.
• Provision requirement: Mandatory fields are required to create an account or use paid services. Without them, registration or booking is not possible. All other details are voluntary.
To use all features, you need to create a personal account. We store:
• Your email address
• Your password (securely encrypted and not visible to us)
We log the date and time when you accept our Terms of Service and Privacy Policy (Art. 6(1)(b)).
Age verification: During registration, you confirm via checkbox that you are at least 16 years old. Users under 16 may not create an account.
You have the option to upload photos of your body to track your fitness progress.
• Data: User-uploaded images.
• Purpose: Visual tracking of training progress. These photos are strictly private, visible only to you, and are not used for public display or AI analysis.
• Legal Basis: Art. 9(2)(a) GDPR (Explicit Consent).
Note: As these photos reveal information about your physical health, they are considered "special categories of personal data." We process them solely based on your explicit consent given when you upload the photos or enable the feature. You may revoke this consent at any time by deleting the photos from the App.
For "In-App Purchases" (Subscriptions/One-time purchases), payment processing is handled directly by the App Store provider.
• Apple App Store: Apple Distribution International Ltd. (Ireland) / Apple Inc. (USA).
• Google Play Store: Google Ireland Ltd. (Ireland) / Google LLC (USA).
We do not collect or store your credit card data. We only receive a confirmation (token) regarding the status of the payment to unlock the purchased features.
When you contact us by form or email (support@liftistic.com), we process your name, email address, and message solely to respond (Art. 6(1)(b) GDPR). Messages are deleted no later than 6 years after resolution unless longer retention is legally required.
Each visit logs your IP address, time/date, requested resource, HTTP status, and browser/system info.
• Bubble server logs: up to 14 days
• Cloudflare Workers/HTTP logs: up to 7 days
• Amazon Web Services (SES): up to 90 days
Legal basis: Art. 6(1)(f) GDPR. Bubble Group Inc., Cloudflare Inc., Amazon Web Services, and others act as processors under Art. 28 GDPR.
Essential cookies (§ 25(2) TTDSG)
• b_session (Bubble) – manages login session | Session end
• b_session_sig (Bubble) – session ID integrity | Session end
• b_uid (Bubble) – links front & back end | 7 days
• bubble_client_u2 (Bubble) – CSRF protection | 7 days
• __cf_bm (Cloudflare) – bot/DDoS protection | 30 min
Analytics & marketing (only with consent, Art. 6(1)(a) GDPR + § 25(1) TTDSG)
We only use analytics/advertising cookies after you opt in via the cookie banner:
• Conversion tracking (registrations/purchases after ads)
• Ad optimization & personalization (e.g., remarketing via Google Ads)
Google Tag for Google Ads — tracks conversions, builds audiences (90 days for [gcl_au]; 13 months for [IDE])
Cloudflare Web Analytics — privacy-friendly reach measurement (no cookies; requires consent in EU/EEA)
Regional settings:
• EU/EEA: Google Ads, Cloudflare Analytics only load with consent.
• U.S. & others: May load automatically if no opt-in law applies.
Change settings anytime via “Cookie Settings” in the footer.
We use GDPR-compliant service providers:
• Bubble Group Inc. (hosting on AWS, USA/EU)
• Cloudflare Inc. (DNS/CDN, analytics, USA)
• Google Ireland Ltd. / Google LLC (Google Tag, USA/EU)
• Amazon Web Services, Inc. (Simple Email Service)
U.S. transfers rely on the EU–U.S. Data Privacy Framework or 2021 Standard Contractual Clauses with Transfer Impact Assessments. If the DPF ceases to apply, SCCs remain valid. Copies available on request.
We delete or anonymize data when no longer needed and no legal retention applies. We process and store personal data only for the period necessary to achieve the purpose of storage.
• Server logs: 14 days
• Cloudflare logs: 3–7 days
• Account & Workout Data: Stored until you delete your account or request deletion.
• Commercial/Tax Data: If you make a purchase, we are legally required (German Fiscal Code § 147 AO) to retain payment proofs for 10 years.
Under Art. 32 GDPR we use:
• Encryption in transit & at rest
• Role-based access control & MFA for admins
• ISO 27001-certified hosting
• Geo-redundant backups & tested restores
• Internal audits & logging of security events (90+ days)
All staff work under documented instructions and confidentiality obligations.
You can request access (Art. 15), correction (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), or object to processing under Art. 6(1)(f) (Art. 21 GDPR). Withdraw consent anytime (Art. 7(3)).
Contact: support@liftistic.com. We respond within one month.
You may also file a complaint with your local data protection authority (Art. 77 GDPR).
Use is allowed from age 16. Users under 16 need verifiable parental consent (see Section 3). Unauthorized accounts will be deleted promptly.
We may update this Privacy Policy due to technical or legal changes. The latest version is always available in the app; significant updates will be emailed to registered users.
Version: January 2, 2026