Privacy Policy

Last Updated: January 6, 2026

1. Introduction

Lafe ("we", "us", or "our") is operated by LOTUS APP LTD, a company registered in England and Wales (Company No: 16061353). This policy explains how we collect, use, and protect your data when you use the Lafe mobile application.

2. Information We Collect

We collect data to provide personalized coaching and accountability features. This includes:

  • Identity Data: Name, email address, and profile information.
  • Health & Fitness Data (Special Category): With your explicit consent, we import and process data from your connected wearables:
    • Garmin: Heart rate, activities, sleep, and training metrics.
    • WHOOP: Recovery, Strain, sleep performance, and heart rate variability (HRV).
    • Strava & Apple Health: Activity details, GPS routes, and workout summaries.
  • User Provided Data: Injuries, fitness goals, perceived exertion (RPE), and photo evidence for accountability.

3. Third-Party Integrations & Data Exchange

Lafe integrates with third-party platforms to synchronize your health data. By connecting these services, you explicitly consent to the exchange of information between Lafe and the respective partner.

Garmin Connect

When you connect your Garmin account, we receive activity and health data to analyze your performance. If enabled, we may also send generated workouts back to your Garmin calendar.

For more details, please review the Garmin Connect Privacy Policy.

WHOOP

Connecting your WHOOP account allows us to import Recovery, Strain, and Sleep metrics to tailor your daily training load.

For more details, please review the WHOOP Privacy Policy.

Withdrawal of Consent

You may disconnect these services and withdraw your consent at any time directly within the Lafe app settings ("Integrations" page) or by revoking access through the third-party platform's settings. Upon disconnection, we will stop collecting new data from that source.

4. AI Transparency & Automated Processing

Lafe is an AI-powered fitness coach. We use automated processing and artificial intelligence to:

  • Analyze your physiological data (e.g., WHOOP Recovery, Garmin Body Battery) to determine your daily readiness.
  • Generate personalized workout plans adapted to your current fitness level and goals.
  • Verify your accountability pillars (e.g., checking if you hit your Zone 2 heart rate targets).

Your health data is processed solely to provide these personalized services. We do not use your personal health data to train public foundation models without your separate, explicit consent.

5. Lawful Basis for Processing

Under UK GDPR, we rely on:

  1. Contractual Necessity: To provide the coaching service you paid for.
  2. Explicit Consent (Art. 9): Required for processing your health/biometric data. You can withdraw this at any time in the app settings.

6. Data Sharing & Third Parties

We never sell your data. Beyond the integrations listed above, we only share data with:

  • Service Providers: Cloud hosting (AWS/GCP) and database providers who assist in operating our secure infrastructure.

7. Data Security

We use industry-standard encryption to protect your data both in transit and at rest. Access to your health data is strictly limited to the services required to provide your personalized coaching.

8. Data Retention & Your Rights

We retain your data as long as your account is active. If you delete your account, we scrub your health data within 30 days. As a UK resident, you have the right to:

  • Access: Request a copy of your data.
  • Erasure: Ask us to delete your data ("Right to be Forgotten").

9. Contact Us

For any privacy concerns, contact our Data Protection Officer at:
Email: luv@lotushealth.app