LiftLog is a personal workout logging application developed and self-hosted by Noah Marshall.
By creating an account, accepting an invite, logging in, or using the app, you acknowledge that you have read, understood, and agree to this User Agreement & Privacy Notice.
LiftLog is a Progressive Web App for logging and tracking strength training and cardio workouts. You can record exercises, sets, reps, weights, and other metrics; build reusable workout templates; and view your progress over time including estimated one-rep max trends. The app optionally syncs data from Strava or Apple Health. LiftLog is a personal project shared with trusted people — it is not a commercial product or public service.
The app is built to work whether you're online or offline. Core logging features (recording workouts, using templates, editing entries, and viewing history) work locally on your device, so the app remains usable even with no internet connection. When connected to the server, your data is backed up and synced across devices.
Invite-only access. LiftLog is not open for public registration. Access is explicitly granted by me (Noah). At this time, users must be personally allowed by me before they can create an account.
Signing in. Authentication is handled through Google's OAuth service. You sign in with your existing Google account — LiftLog never sees or stores your Google password. Google securely confirms your identity and shares your email address with me.
Sessions. After signing in, a secure session token is issued to your browser. Sessions expire after 7 days, at which point you'll need to sign in again. Signing in on a new device or session invalidates any previous active session for your account.
We collect and store only what's needed to deliver the app's features.
Workout & Progress Data. Every workout entry stores: date, name, and workout type; strength workout details (exercises, sets, reps, weight, effort rating, reps in reserve, per-exercise notes); cardio details (distance, duration, pace, heart rate, calories, RPE); general workout notes; calculated estimated one-rep max per exercise; and integration-sourced metrics from Strava or Apple Health.
Workout Templates. Template names and their exercise configurations are stored and associated with your account.
Account & Identity Data. Your email address (from Google), display name (optional), profile picture (optional), an internal account identifier, and a record of the invite used to create your account.
Strava (optional). If you connect Strava, credentials (OAuth tokens) are stored to sync your activities. Used only to fetch your own data.
Apple Health (optional). Workout data exported from your device is transmitted to LiftLog and written into your workout entries. A copy of the raw import data is temporarily stored on the server to support debugging.
Technical & Operational Data. An audit log records authentication events. An internal activity log records when workout entries are created, changed, or deleted. No third-party analytics, advertising, or error-tracking services are used.
Where your data lives. All server-side data is stored in a database on a self-hosted server that I operate. There is no cloud database provider. Your data does not leave this server except as described in Section 6.
Administrator Access. I built and operate the server, so I have full access to everything stored in the database. This includes workout entries, email addresses, and any integration credentials. My intent is to only use administrator access for maintenance, debugging, and helping users — not to look through your workout data without reason. That said, the access is real, and you should only use the app if you're comfortable with it.
Data Isolation. Your account data is associated with a unique identifier, and the server enforces that you can only access your own data.
Security Measures. All traffic is encrypted via HTTPS. All data-access actions require a valid session. Sessions have a fixed expiry and can be invalidated. Rate limiting is applied to authentication and API endpoints. Standard HTTP security headers including a Content Security Policy are applied. Database queries use parameterized statements to prevent injection attacks. The app is invite-only.
Backups & Retention. There is currently no automated backup system. Your data lives on a single server. If there is a hardware failure, data may be unrecoverable. You can export your own data at any time from within the app. Regularly exporting your data is your best protection against loss. Your data is retained indefinitely unless you request deletion.
Google (sign-in): Your sign-in is processed through Google's authentication service. Google's own privacy policy governs how Google handles your information during sign-in.
Strava (optional): If connected, LiftLog communicates with Strava's API to fetch your activity data. You can disconnect at any time.
Apple Health (optional): Data is transmitted from your device directly to the LiftLog server over an encrypted connection.
No advertising networks, analytics platforms, or data brokers receive your information.
You can view and edit all your workout entries, templates, and profile information within the app. You can download a complete export of your data at any time. You can request full deletion of your account and all associated data by contacting me. You can disconnect Strava from within the app.
LiftLog is a personal project provided "as is" without warranties of any kind. It is not a commercial product and does not come with guarantees of uptime, data integrity, or fitness for any particular purpose.
I am not liable for data loss, service outages, bugs, or security incidents. Given the absence of automated backups, you are strongly encouraged to export your data regularly using the in-app export feature.
LiftLog is a logging tool — it is not a medical or fitness professional service. Use of workout data for health or fitness decisions is entirely at your own risk.
This agreement may be updated as the app evolves. The version number and "Last Updated" date will reflect any changes. If you are an active user, you will be notified of significant changes through the app. Continued use after changes take effect constitutes acceptance of the updated terms.
Questions about this agreement or your data? Contact me at nvm113001@gmail.com.
Save a full copy of your workouts and templates.
Upload any file — LiftLog backups, CSV workout history, and Apple Health exports are all detected automatically.
— or paste CSV text directly —
Pull your recent Strava activities into LiftLog.
Connect your Strava account in the Account tab first.
LiftLog receives workout data automatically from the Health Auto Export iOS app.
Single use · expires in 48 hours
All exercises are done.