Last updated: May 1, 2026
WTF ("the app," "we," "us," or "our") is a personal fitness app for iOS. The app and its backend are operated by the team behind jerhud.com. If you have questions about this policy or your data, you can reach us at jeremy@jerhud.com.
When you create an account, we collect your email address and a password (or, if you sign up with Apple or Google, the user identifier those services give us). If you use Apple's "Hide My Email" relay, we receive the relayed address rather than your real one — that's fine, the app works the same way. We use this to identify you, let you sign in, and send you essential emails like sign-in links, password resets, and account verification.
Inside the app you can answer questions about your fitness goals, experience level, equipment access, training schedule, age, and weight. All of this is optional except your goal and experience level, and you can skip the rest entirely. We use whatever you provide to generate a workout plan that fits you. If you skip everything, we give you a generic beginner plan instead — the app still works.
As you use WTF, you log workouts (which exercises, how many sets, reps, and weight), nutrition (foods, calories, macros), body stats (weight, measurements), and meal plans. We store this so the app can show you your history, calculate your streak, generate progress charts, and adjust future plans. This data belongs to you. You can view it, edit it, and delete it any time from inside the app.
If you take progress photos in the app, the photos themselves stay on your device. We do not upload your progress photos to our servers. We only store metadata — the date a photo was taken — so the app can list your photos in order.
When the app talks to our servers, we receive standard technical information: your IP address, the date and time of the request, and basic device details (iOS version, app version). We use this to make sure the app works, debug problems, and protect against abuse like spam sign-up attempts.
When the app crashes, we receive a technical report describing what went wrong (which screen, which line of code, the iOS version). These reports are processed through Firebase Crashlytics and are used only to fix bugs. They do not include your workouts, food, or body measurement data.
We use PostHog to track basic, anonymous usage patterns — things like which screens get used most, where people drop off in onboarding, and whether new features are being adopted. We deliberately exclude your health, food, and body measurement data from analytics. What you weigh, what you eat, and what you've measured stays out of these reports.
We use your data only for these purposes:
We do not use your data to build advertising profiles, train AI models, or for any purpose unrelated to running WTF.
We do not sell your personal information. Ever. We don't share it with advertisers or data brokers. We do, however, work with a small number of service providers who help us run the app:
These providers are bound by their own contracts and privacy policies, and they only receive the information they need to do their specific job. We may also share information if we are legally required to (subpoena, court order, etc.) or if we need to defend our rights or protect someone from harm — but those situations are rare and we resist overbroad requests.
Your data is stored on servers located in the United States, and we operate out of Arizona. If you use WTF from outside the US, your information will be transferred to and processed in the US, which may have different privacy laws than your country.
We keep your account and the data you've logged for as long as your account is active. If you delete your account, we delete your personal information from our active systems within 30 days. Some information may persist briefly in encrypted backups for an additional period before being overwritten on the normal backup rotation. Anonymous, aggregated information (such as "10,000 workouts were logged this month") may be retained indefinitely for our internal metrics.
If your account has been inactive for two years and we've made reasonable attempts to contact you, we may delete it.
California residents have additional rights, including the right to know what personal information we have about you, the right to request deletion, the right to correct inaccurate information, and the right not to be discriminated against for exercising these rights. To make a request, email jeremy@jerhud.com with the subject "California Privacy Request." We do not sell personal information, so the "do not sell" right is satisfied by default.
You have rights under the GDPR including access, correction, deletion, restriction, portability, and the right to object to processing. Our legal basis for processing your data is the contract you enter into when you create an account, plus your consent for optional things (like optional questionnaire answers). You can withdraw consent at any time by deleting the relevant data or your account. To make a GDPR request, email jeremy@jerhud.com. You also have the right to lodge a complaint with your local data protection authority.
We protect your account with industry-standard practices: passwords are hashed (never stored in plain text), connections to our backend are encrypted via HTTPS, sessions use signed tokens with expiration, and the database server is firewalled and access-controlled. We rate-limit login attempts and account-related actions to prevent abuse. No system is perfectly secure, and we can't promise against all attacks, but we treat your data with care.
If we ever discover a breach affecting your data, we'll notify affected users without unreasonable delay and provide details about what happened and what we're doing about it.
WTF is not intended for children under 13 (or under 16 in the EEA / UK). We do not knowingly collect information from children under these ages. If you are a parent and believe we have collected information from your child, contact us at jeremy@jerhud.com and we will delete it.
WTF is not a medical device, and the information you log (weight, body measurements, nutrition, workouts) is not protected health information under HIPAA. We do not have a covered relationship with you under that law. If you need medically-protected fitness or nutrition tracking, please use a HIPAA-compliant tool — WTF is not it.
We may update this policy from time to time. When we make material changes, we'll update the "last updated" date at the top of this page and notify you in the app (and by email if the change is significant). Continuing to use WTF after a change means you accept the updated policy. If you don't, you can delete your account.
Questions, requests, or concerns? Email jeremy@jerhud.com. We aim to respond within 5 business days.