← Back to DUEL
Privacy Policy
Last updated: February 28, 2026
DO U EVEN LIFT LLC ("Company," "we," "us," "our"), an Ohio limited liability company, operates the DUEL platform. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our website, web application, and related services (collectively, the "Service").
By using the Service, you consent to the data practices described in this policy.
1. Information We Collect
1.1 Information You Provide
- Account information: email address, display name, username, password (hashed)
- Profile data: bodyweight, height, date of birth, gender, weight class, profile photo, gym affiliation
- Workout data: exercises performed, sets, reps, weights, dates, RPE ratings, and derived metrics (strength scores, personal records)
- Duel data: challenge history, opponents, outcomes, scores
- Communications: support emails, feedback, and messages sent through the Service
1.2 Information Collected Automatically
- Device information: device type, operating system, browser type, app version
- Usage data: pages viewed, features used, timestamps, session duration
- Push notification tokens: device identifiers for delivering push notifications (with your permission)
- Log data: IP addresses, error logs, performance metrics
1.3 Information We Do NOT Collect
- We do not collect precise geolocation data from your device
- We do not collect financial information (payments are processed by third-party providers)
- We do not use cookies or third-party tracking scripts on our marketing site
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis |
|---|
| Provide and operate the Service (score calculation, leaderboards, duels) | Contract performance |
| Send push notifications about duel challenges and results | Consent |
| Improve the Service through internal analytics | Legitimate interest |
| Communicate service updates and respond to support requests | Legitimate interest / Contract |
| Detect and prevent fraud, abuse, and Terms violations | Legitimate interest |
| Create anonymized, aggregated datasets for research and commercial use | Legitimate interest |
| Comply with legal obligations | Legal obligation |
3. Data Visibility & Public Information
The following information is visible to other DUEL users by default as part of the competitive nature of the platform:
- Display name and username
- Gym affiliation
- Strength score and leaderboard rank
- Duel history and outcomes
- Profile photo (if uploaded)
You can control certain visibility settings in your profile settings within the app.
4. Anonymized & Aggregated Data
This is important — please read carefully.
We may create anonymized, aggregated, and/or de-identified datasets from the information collected through the Service. These datasets:
- Do not contain names, email addresses, usernames, or any information that could reasonably identify an individual user
- Are stripped of all direct and indirect personal identifiers using industry-standard de-identification techniques
- Cannot be re-identified — we implement technical safeguards and contractual obligations to prevent re-identification by any party
Examples of anonymized data include: aggregate strength trends by age group, average workout frequency across gym types, anonymized exercise volume patterns, and population-level fitness benchmarks.
We may use, share, license, or sell these anonymized and aggregated datasets to third parties for purposes including but not limited to:
- Fitness and health research
- Industry benchmarking and market analysis
- Academic and scientific studies
- Product development by fitness equipment or supplement companies
Your rights regarding anonymized data:
- Because anonymized data cannot be linked back to you, it is not considered "personal information" under applicable law
- You may opt out of having your data included in future anonymized datasets by emailing support@douevenlift.com with the subject line "Opt Out of Data Aggregation"
- Data that has already been anonymized and distributed prior to your opt-out request cannot be recalled
5. How We Share Your Personal Information
We do not sell your personal information. We do not share your name, email, workout details, or other personally identifiable information with third parties for their marketing purposes.
We may share your personal information only in the following limited circumstances:
- Service providers: Third-party vendors who help us operate the Service (hosting, authentication, push notifications — see Section 7)
- Legal compliance: When required by law, regulation, legal process, or governmental request
- Safety: To protect the rights, safety, or property of DO U EVEN LIFT LLC, our users, or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice to users)
- With your consent: When you explicitly authorize sharing
6. Data Storage & Security
Your data is stored on servers operated by Supabase (hosted on Amazon Web Services) in the United States. We implement the following security measures:
- Encryption in transit (TLS/HTTPS) and at rest (AES-256)
- Row-Level Security (RLS) policies on all database tables
- Secure authentication via Supabase Auth with bcrypt password hashing
- Regular security audits and monitoring
- Principle of least privilege for all system access
While we implement commercially reasonable security measures, no system is 100% secure. We cannot guarantee the absolute security of your data.
7. Third-Party Services
The Service uses the following third-party providers:
| Provider | Purpose | Data Shared |
|---|
| Supabase (AWS) | Database, authentication, edge functions | All user data (encrypted) |
| Expo (Expo.dev) | Push notification delivery | Device push tokens |
| Vercel | Web application hosting | IP addresses, access logs |
| Google Fonts | Typography (marketing site only) | IP address (per Google's policy) |
Each provider is bound by their own privacy policies and data processing agreements.
8. Your Rights
Regardless of your state of residence, we provide the following rights to all users:
- Access: You may request a copy of all personal information we hold about you
- Correction: You may update or correct inaccurate personal information through your profile settings or by contacting us
- Deletion: You may request deletion of your account and personal information. Upon deletion:
- Your personal identifying information (name, email, profile) will be permanently deleted or anonymized within 30 days
- Anonymized and aggregated data that has already been de-identified will persist (it cannot be linked to you)
- Leaderboard entries associated with your account will be anonymized (e.g., replaced with "Deleted User")
- Data portability: You may request an export of your workout data in a machine-readable format (JSON)
- Opt-out of data aggregation: You may opt out of having your data included in anonymized datasets (see Section 4)
- Withdraw consent: You may disable push notifications at any time through your device settings
To exercise any of these rights, email support@douevenlift.com. We will respond within 30 days.
9. Data Retention
- Active accounts: We retain your data for as long as your account is active
- Deleted accounts: Personal information is deleted or anonymized within 30 days of account deletion request
- Anonymized data: Retained indefinitely (it is no longer personal information)
- Legal holds: We may retain data longer if required by law or to resolve disputes
10. Children's Privacy
The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us immediately.
11. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know what personal information is collected, used, and shared
- Right to delete personal information
- Right to opt out of the "sale" of personal information — we do not sell personal information as defined by the CCPA
- Right to non-discrimination for exercising your privacy rights
Note: Anonymized, de-identified, and aggregated data is not considered "personal information" under the CCPA and is therefore not subject to these rights.
12. Other State Privacy Laws
We are committed to complying with applicable state privacy laws, including but not limited to those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and any future Ohio comprehensive privacy legislation. If you are a resident of a state with specific privacy rights, you may exercise those rights by contacting us at the email below.
13. International Users
The Service is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
14. Do Not Track
The Service does not currently respond to "Do Not Track" browser signals. We do not use third-party tracking cookies or advertising scripts.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by:
- Posting the updated policy on the Service
- Updating the "Last updated" date
- Sending an email notification to active users for significant changes (e.g., changes to data sharing practices)
Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
16. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
DO U EVEN LIFT LLC
Norwalk, OH
support@douevenlift.com
This policy is designed to comply with applicable federal law (FTC Act, COPPA, CAN-SPAM) and state privacy laws. DO U EVEN LIFT LLC is registered in the State of Ohio.