Tillen
Privacy Members

PRIVACY POLICY

Privacy

Last updated 2026-04-25

Tillen is built offline-first. Your training data lives in a local SQLite database on your phone and is not sent anywhere unless you explicitly turn on a sync or backup destination.

Local data

The Tillen app stores workouts, exercises, templates, body measurements, and your settings on your device. None of this is transmitted to Tillen servers by default. Uninstalling the app deletes the local database.

Backup destinations

If you turn on auto-backup, Tillen writes encrypted .tillen files to the destination you pick: a folder on your device, your Google Drive (App Folder, scope drive.file), iCloud (iOS), or Tillen Sync (closed beta). The files are encrypted client-side with Argon2id + AES-GCM-256 using your passphrase. We never see the passphrase or the plaintext data.

Tillen Sync

Tillen Sync stores the same encrypted .tillen blobs in Cloudflare R2 (object storage). The server has no key and cannot read the contents. The members portal at members.tillen.app downloads the blob, asks you for the passphrase, and decrypts in your browser. If you forget your passphrase, your data is unrecoverable — there is no reset.

Account data

If you sign up for Tillen Sync, we store your email address and a session token, both in Cloudflare D1 (a managed SQLite database). Sessions live for 30 days and can be revoked from the members portal Settings page. You can delete your account and all uploaded blobs at any time from the same page; the deletion runs server-side and cascades to R2.

Health Connect (Android)

If you grant Health Connect permission, Tillen writes completed-workout records (exercise session + active calories) to the Health Connect store on your device. We never read from Health Connect, and the records are managed by the system Health Connect app. You can revoke permission at any time in Health Connect.

Analytics

Tillen does not embed third-party analytics, tracking pixels, advertising SDKs, or fingerprinting libraries. The website you are reading is statically hosted on Cloudflare Pages, which records aggregate request metadata for security and uptime.

Children

Tillen is not directed at children under 13. If you believe a child has provided personal information to us, please contact us so we can remove it.

Contact

Questions or data requests: [email protected].

This page is a starting structure. Final legal text is pending review before launch.