Smeltr
← Back
Privacy Policy
Last updated May 28, 2026
What this means in plain English
We collect only what we need: your email, the plan data you enter, and anonymous crash logs.
We never sell your data, never show you ads, and don’t track you across other apps or sites.
Optional opt-in to share anonymised macro/weight logs for product improvement — off by default.
You can access, correct, export, or delete your data any time.
Deleting your account immediately hard-deletes every row tied to you.
This policy explains what personal data Smeltr ("Smeltr", "we", "us") collects when you use the Smeltr app or website, why we collect it, and the rights you have over that data. Smeltr is operated by an individual sole developer based in the Netherlands, who is the data controller for GDPR purposes. For any question, email privacy@smeltr.app.
What we collect
Account info — email, plus the name / profile picture your identity provider returns if you sign in with Apple or Google. Used to authenticate you.
Plan data you enter — body metrics (weight, body-fat %, height, age, sex), goal targets, training phases, supplements, daily check-ins, day plans, meal logs, notes. Stored only to show it back to you, run calculations you asked for, and sync across your devices.
Diagnostic data — on crash, a stack trace + component path go to a crash-reporting provider so we can fix bugs. Never includes the plan data above.
On-device storage — auth tokens stay in OS secure storage (iOS Keychain / Android Keystore). They never leave your device.
Legal basis (GDPR)
Contract (Art. 6(1)(b)) — account + plan data; needed to run the service you signed up for.
Legitimate interest (Art. 6(1)(f)) — diagnostic data, balanced against your interest in not being profiled. Never used for marketing.
Explicit consent (Art. 6(1)(a)) — only if you tick the optional "Help improve Smeltr with my anonymised logs" toggle (off by default, withdraw any time in Settings → Privacy & data sharing).
Optional: product-improvement opt-in
We use your macro and weight logs for product improvement only if you tick the opt-in (sign-up or Settings → Privacy & data sharing). Off by default. When it's on, we use pseudonymised records (name, email, and Clerk user ID stripped) for internal training and evaluation only — never sold, never shared with advertisers, never for marketing. Toggle it off any time. On account deletion, every row is hard-deleted regardless of this setting.
What we don't do
Don't sell or rent your personal data.
Don't share it with advertisers.
No third-party advertising or attribution SDKs, and no cross-app or cross-site tracking. The website (smeltr.app) uses cookieless, privacy-friendly product analytics — no cookies, no profiling, never sold (see "Who we share data with").
No access to your camera, photos, location, microphone, contacts, calendar, or device health — we never ask for those permissions.
Who we share data with
We use a small number of processors, each contractually bound to use your data only for the purpose we engaged them for:
An authentication provider (sign-in).
A cloud database provider (plan data storage).
A crash-reporting provider (diagnostics).
A web-hosting provider (smeltr.app).
A product-analytics provider — anonymous, cookieless website analytics.
A payment processor — Founders Pass purchases on the web.
We may also disclose data where required by law or to protect the rights, property, or safety of Smeltr or its users. Some processors are based outside the EEA (including the US); we rely on GDPR Chapter V safeguards — Standard Contractual Clauses or, where applicable, the EU–US Data Privacy Framework. For the named processor list, email privacy@smeltr.app.
How long we keep your data
Kept as long as your account exists. Delete your account from Setup → Account — every row of plan data is hard-deleted immediately, regardless of the opt-in setting. Diagnostic data is kept up to 90 days and can't be linked back to your plan data.
One narrow exception: payments to Smeltr (e.g. a one-time founder purchase) — EU tax / accounting law requires us to retain the transaction record. On deletion we pseudonymise it (replace your user ID with a random surrogate) so the financial row survives for accounting but isn't linked to you anymore. GDPR Art. 17(3)(b) carve-out.
Your rights
Under GDPR (and CCPA / CPRA for California residents) you can:
Access the data we hold about you.
Have inaccurate data corrected.
Have your data erased (right to be forgotten).
Restrict or object to certain processing.
Get a portable copy of your data.
Withdraw consent any time, where processing is consent-based.
Email privacy@smeltr.app from the address on your account to exercise any of these. You can also lodge a complaint with the Dutch DPA (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or your local EU/EEA supervisory authority. We haven't sold or shared personal info under CCPA definitions in the past 12 months.
Children, transfers, changes
Smeltr is not directed to children under 16 and we don't knowingly collect data from anyone under 16. If Smeltr is acquired, merged, or transferred, your data may move with it — we'll notify you before it becomes subject to a different policy. We'll bump the "Last updated" date above when this policy changes and surface material changes inside the app on the next launch.
Contact
Smeltr · the Netherlands · privacy@smeltr.app