Privacy policy

Last updated: 5 May 2026

BuckForge is operated by Sebastian Hjort, a sole developer based in Sweden. This policy explains what data the BuckForge app collects, why, and what choices you have. The data controller under the EU GDPR is Sebastian Hjort (Sweden). Contact: sebastianhjort.developer@gmail.com.

1. What we collect, why, and the legal basis

To use BuckForge you must create an account — providing this data is required to use the service.

• Account information — your email and a hashed password.
  Purpose: identifying you and securing your account. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Training data — the plans, sessions, goals, and benchmarks you create.
  Purpose: providing the app’s features and syncing across your devices. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Authentication and security signals — authentication tokens issued when you log in and counters used to detect abuse (e.g. failed login attempts).
  Purpose: keeping your account secure. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) — protecting accounts from unauthorised access.

We do not use third-party analytics, tracking, or advertising. We do not sell your data. We do not make automated decisions that produce legal or similarly significant effects on you.

2. On-device image text recognition

The app can read workouts from a photo. Text recognition runs on your device using the operating system’s vision framework (Apple Vision on iOS, Google ML Kit on Android). The image is never uploaded.

3. Where your data is stored

Your data is stored on infrastructure located in the EU:

• Render (EU region) — backend hosting.
• TiDB Cloud (EU region) — database.
• Resend — sending transactional emails such as account verification and password reset.

These providers act as data processors on our instructions.

4. Retention

We keep your account and training data for as long as your account is active. If you request deletion, we delete it within 30 days.

5. Your rights

Under the GDPR you have the right to access, correct, export, restrict, or delete your personal data, and to object to processing. To exercise these rights, see the account deletion page or email sebastianhjort.developer@gmail.com. We aim to respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The Swedish authority is Integritetsskyddsmyndigheten (IMY).

6. Security

Traffic between the app and our backend uses HTTPS. Passwords are hashed before storage. Access to production infrastructure is restricted to the developer. No system is perfectly secure — please use a strong, unique password.

7. Children

BuckForge is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

8. Changes to this policy

If we make material changes, we will update the "Last updated" date above and notify you in the app or by email.

9. Contact

Sebastian Hjort, Sweden — sebastianhjort.developer@gmail.com