Together We Lose

Privacy Policy

Who we are

Suggested text: Our website address is: http://togetherwelose.com.

Effective date: [15 September 2025]

Together We Lose (“we”, “us”, “our”) provides a privacy-first weight-tracking and insights website located at togetherwelose.com (the “Service”). This Policy explains what we collect, why we collect it, how we use and share it, and the choices you have.

Plain-English promise: We don’t require your real name. We never sell your personal data. Public charts use anonymized aggregates and are suppressed when sample sizes are small.

1) How to reach us

2) What we collect

Account & profile (you provide)

  • Email address, authentication provider (e.g., Google/Apple/Microsoft).
  • Optional profile fields: age band (range), sex, country, starting BMI band, Profile Name (display name). We do not require your real name.

App data (you provide)

  • Daily weight logs; optional measurements; optional medication info (e.g., name/dose, start/stop dates); lightweight behavior tags (e.g., “walk”, “late dinner”, “alcohol”); notes you write.

Technical data (automatic)

  • IP address, device/browser info, pages viewed, approximate location (country), cookies or similar identifiers to keep you signed in and secure.

Communications

  • Emails you send to us, contact-form submissions, optional newsletter preferences.

3) Why we use your data (lawful bases)

  • Provide the Service (create/login to your account, save your logs) — contract necessity.
  • Generate insights (your personal trends; cohort aggregates) — legitimate interests &/or consent.
  • Safety & integrity (prevent abuse, secure the Service) — legitimate interests.
  • Communicate with you (service emails, updates you opt into) — contract/consent.
  • Legal compliance (respond to lawful requests).

4) How we use data

  • Show your trendlines, streaks, and forecasts.
  • Build anonymized cohort statistics (e.g., median % weight change by week).
  • Improve features (privacy-preserving analytics, A/B tests on UX—not on health outcomes).
  • Send operational emails (sign-in links, passwordless login, receipts) and optional newsletters you can unsubscribe from anytime.

5) What we share (and what we don’t)

We do not sell your personal data. We share only with:

  • Service providers (hosting, authentication, databases, email delivery, error/uptime monitoring) under contracts that restrict use to our instructions.
  • Legal/ safety recipients if required by law or to protect rights, safety, or security.
  • Anonymized aggregates publicly (e.g., “median % loss at week 12”) — never individual logs.

6) Cookies & similar tech

We use strictly necessary cookies for login/session, and privacy-respecting analytics to understand usage. You can control cookies in your browser; some features may break if you block essential cookies.

7) Data retention

  • Account data & logs: kept while your account is active. If you delete your account, we delete or de-identify personal data; aggregate statistics already produced may be retained (they cannot identify you).
  • Support emails: kept as needed for records and troubleshooting.

8) Your choices & rights

  • Profile visibility: Your Profile Name is shown only if you opt in; you can remain completely private.
  • Export / deletion: Download or delete your data in Settings → Data.
  • Email preferences: Unsubscribe anytime.
  • GDPR (EEA/UK) rights: access, rectification, erasure, portability, restriction, objection, and withdrawal of consent.
  • CCPA/CPRA (California) rights: know, delete, correct, opt-out of “sale/sharing” (we don’t sell), and limit sensitive data use. Contact us to exercise rights.

9) Children

The Service is not intended for children under 16 (or the age of digital consent in your country). Do not use the Service if you are under that age.

10) Security

We use industry-standard protections: TLS in transit, encryption at rest, least-privilege access, and monitoring. No system is perfectly secure; please use a unique email account and keep your device secure.

11) International transfers

We may process data in countries other than yours. Where required, we use appropriate safeguards (e.g., SCCs) with our service providers.

12) Changes to this Policy

We’ll post updates here and adjust the “Effective date.” Material changes will be highlighted in-app or via email.