TopSet is operated by 2build LLC, a North Carolina limited liability company (“2build,” “we,” “us”). This Privacy Policy explains what information we collect when you use TopSet, how we use it, and the choices you have. It applies to the TopSet mobile app for iOS and Android, the watchOS and Wear OS companions, and this website.
Account information. When you create an account we collect an email address through our authentication provider, Supabase. If you sign in with Apple or Google, we receive an opaque user identifier and the email address those providers expose. We do not collect or store passwords; sign-in is handled by magic link, Apple Sign-In, or Google OAuth.
Training data. The sets you log, including lift type, weight, reps, AMRAP counts, training maxes, training-week and cycle progress, optional body-weight entries, optional training notes, and your equipment and program preferences. This is the data the app exists to manage.
Subscription state. If you purchase a TopSet Premium subscription, our subscription infrastructure provider RevenueCat shares the active entitlement, plan tier, purchase platform, and renewal or expiry timestamps with us. We never receive your payment instrument or credit-card details — those stay with Apple or Google.
Diagnostic and usage information. We may collect minimal device information (platform, OS version, app version) and anonymized analytics events about feature usage in count-only form (for example, the number of sets logged in a week). We do not collect raw body-weight values, raw heart-rate values, or other sensitive personal information for analytics purposes.
Information you provide to support. If you contact us, we receive whatever you choose to send, such as your email address and the contents of your message.
We use the information described above to:
We do not sell your personal information. We do not use your data for advertising and we do not share it with advertisers, data brokers, or third-party marketing services. We do not use your training data, body-weight entries, or AI Coach conversations to train AI models.
Local-first by default. TopSet is local-first. Your training history is stored in an encrypted SQLite database on your device, with AES-256 page encryption (SQLCipher) and a key held in the iOS Keychain or the Android Keystore. The app works fully offline. Cloud sync is opt-in and disabled until you sign in and enable it.
Optional cloud sync. When you enable sync, your training data is mirrored to our backend hosted on Supabase, in the United States. Strict per-row access controls (Postgres Row-Level Security) make sure only you can read or write your data; the controls are enforced at the database itself, not just in application code. All network calls use TLS 1.3.
Optional Apple Health / Health Connect. If you choose to enable Health integrations in Settings — each toggle is opt-in and off by default — TopSet may:
In line with Apple’s HealthKit policy, raw Health samples never leave your device through TopSet. We process them locally and store only the values you have chosen to record in TopSet. You can revoke Health permissions at any time from your platform’s privacy settings, independent of TopSet.
Apple Watch / Wear OS companion. If you use the TopSet companion watch app, sets you log on the watch are transferred to the phone over the Apple Watch Connectivity framework or the Wear OS Data Layer. They are encrypted at rest on the device using the same encryption posture as the phone database.
AI Coach (when available). If you use the in-app AI Coach, the contents of your chat (the messages you send, plus the lift data needed to answer the question) are sent through our backend to Anthropic for processing. We do not send your email address, body weight, or any other user’s data. Conversations are stored on your device; we retain only a redacted server-side log for abuse prevention and billing reconciliation.
We use a small, intentional set of service providers to operate TopSet. Each has its own privacy policy:
We do not embed third-party advertising, marketing, or tracking SDKs in TopSet.
For active accounts, we retain your data for as long as your account exists.
If you delete your account from Settings → Delete Account, we perform a hard deletion: your row and every record that references it are removed from our backend in a single transaction, and the app wipes the corresponding local data on the device you initiated deletion from. There is no grace period and no soft-delete recovery. Routine backups of the production database are retained for up to 30 days for disaster recovery and are then automatically purged.
If you uninstall the app without deleting your account, your synced data on our backend remains, so that a re-installation can restore it. You can sign in and delete the account at any time.
Access and export. Premium subscribers can export the full set of TopSet training data at any time from Settings → Export, in CSV or JSON format. If you would prefer to receive your data through us, contact us at the address in section 09.
Correction. You can edit any data you have entered directly inside the app.
Deletion. You can delete your account, and with it all data we hold about you, from Settings → Delete Account. The deletion is immediate and irreversible.
Subscriptions. Subscriptions are managed in your Apple ID or Google Account settings. Cancellation requests go through Apple or Google; we cannot cancel a subscription on your behalf, but you can restore an active entitlement from Settings → Restore Purchases.
Health permissions. You can revoke Apple Health / Health Connect access at any time from your platform’s privacy settings, independent of TopSet.
State-specific rights (California, Virginia, Colorado, Connecticut, Utah, and other US states with comprehensive privacy laws). Where applicable, you have the right to know what personal information we have collected, to request deletion, to opt out of any “sale” or “sharing” of personal information (we do neither), and to receive a copy of your data in a portable format. To exercise these rights, contact us at the address in section 09. We do not discriminate against users who exercise their privacy rights.
GDPR / UK GDPR. If you are in the European Economic Area, the United Kingdom, or another jurisdiction whose data-protection law applies, you have the right to access, rectify, erase, restrict processing, and port your personal data, and to object to processing. The legal bases for our processing are: contract (operating the core service you have signed up for), consent (Health integrations and AI Coach), and legitimate interests (security, abuse prevention, product improvement). The data controller is 2build LLC; data may be transferred to and processed in the United States, with appropriate safeguards. You have the right to lodge a complaint with your local supervisory authority.
TopSet is not directed to children under 13, and we do not knowingly collect personal information from children under 13 (or under the applicable higher minimum age in your jurisdiction, such as 16 in much of the European Economic Area). If you believe a child has provided us personal information, contact us and we will delete it.
If we make material changes to this Privacy Policy, we will notify you in the app or by email before the changes take effect. The Effective date at the top of this document reflects the most recent revision. Continued use of TopSet after the effective date of an updated policy constitutes acceptance of the changes.
TopSet is operated by 2build LLC, a North Carolina limited liability company. For privacy questions or to exercise any of the rights described in section 06, contact:
2build LLC
Attn: TopSet Privacy
ben@2build.me
We aim to respond to verifiable requests within 30 days.