Skip to main content

Privacy Policy

Last Updated: January 2026

1. Introduction

Welcome to RoyalFit ("App", "we", "us", or "our"), developed by RoyalFit. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our data practices when you use our iOS mobile application. By using RoyalFit, you agree to the collection and use of information as described in this policy.

Contact: privacy@royalfitapp.com

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address - For account creation, authentication, and communication
  • Password - Encrypted using industry-standard hashing (never stored in plain text)
  • Display name - Optional profile identifier
  • Profile photo - Optional, stored securely

2.2 Fitness and Health Data

To provide our core workout tracking functionality, we collect:

  • Workout sessions - Exercises performed, sets, reps, weight, rest times, RPE (Rate of Perceived Exertion), duration
  • Body metrics - Height, weight (if provided)
  • Check-in data - Energy levels, sleep quality, muscle soreness, recovery status
  • Progress tracking - Personal records, achievements, workout history
  • Exercise preferences - Favorite exercises, excluded exercises

2.3 Apple HealthKit Data

We integrate with Apple HealthKit to enhance your fitness tracking experience:

Data we READ from HealthKit:

  • Body measurements (height, weight)

Data we WRITE to HealthKit:

  • Completed workout sessions (exercise type, duration, calories if calculated)

Your Control:

  • You can enable or disable HealthKit integration at any time
  • Manage permissions via iOS Settings > Health > Data Access & Devices > RoyalFit
  • Your HealthKit data on your device is protected by Apple's privacy controls
  • We never store HealthKit data on our servers beyond what you explicitly sync

2.4 Apple Watch Data

If you use RoyalFit with Apple Watch, we collect and sync:

  • Workout sessions - Exercises synced to/from your Apple Watch
  • Exercise completion status - Which exercises you've completed during a session
  • Workout timer state - Active, paused, resumed status
  • User preferences - Display settings for Watch complications

Technical Details:

  • All Watch data is transmitted via Apple's WatchConnectivity framework
  • Data syncs directly between your iPhone and Watch
  • Watch data follows the same privacy protections as iPhone data

2.5 Device Information

We automatically collect:

  • Device type and model - To optimize app performance
  • Operating system version - For compatibility and debugging
  • App version - To provide appropriate support
  • Push notification device tokens - Only if you enable workout reminders

2.6 Usage and Diagnostic Data

To improve the app, we collect:

  • App interaction patterns - Which features you use (anonymized)
  • Error logs and crash reports - Via Sentry (see Section 6)
  • Performance metrics - App load times, response times

3. How We Use Your Information

3.1 Legal Basis for Processing (GDPR)

Purpose Legal Basis Details
Account creation and management Contract performance Required to provide our service
Workout tracking and progress Contract performance Core app functionality you requested
Syncing with Apple HealthKit Your explicit consent You control this via iOS permissions
Syncing with Apple Watch Your explicit consent You control this via Watch app pairing
Push notifications Your explicit consent You can disable in Settings
Error tracking and debugging Legitimate interest Necessary to maintain service quality
Responding to support requests Contract performance To fulfill our service obligations
Security and fraud prevention Legitimate interest To protect you and our service

3.2 Specific Uses

We use your information to:

  • Generate personalized workout plans based on your goals and preferences
  • Track your fitness progress and calculate personal records
  • Sync your data between devices and with Apple Health/Watch
  • Send workout reminders (only if you enable push notifications)
  • Improve app performance and fix bugs
  • Respond to your support inquiries
  • Comply with legal obligations

4. Data Sharing

We Do NOT Sell Your Data

We do NOT sell, rent, or trade your personal information to third parties for their commercial purposes. Period.

4.1 Service Providers (Data Processors)

We share data only with trusted service providers who help us operate the App:

Provider Purpose Location Data Shared Privacy Policy
Supabase Database, Authentication US (AWS) Account data, workout data supabase.com/privacy
Sentry Error tracking, Performance monitoring US Device info, error logs (see Section 6) sentry.io/privacy
Apple Sign-In, HealthKit, Push Notifications, Watch Various Auth tokens, health data (with consent), device tokens apple.com/privacy
Cloudflare Video content delivery (CDN) Global IP address, video requests cloudflare.com/privacy

These providers:

  • Only access data necessary to perform their services
  • Are contractually obligated to protect your information
  • Cannot use your data for their own purposes

4.2 Aggregated Data

We may share aggregated, anonymized data that cannot identify you (e.g., "70% of users work out 3+ times per week") for research or statistical purposes.

4.3 Anonymized Research Data Collection (Opt-in)

You can optionally contribute anonymized workout patterns to help improve our algorithms. This feature is disabled by default and requires explicit opt-in via Settings > Contribute to Research.

What We Collect When You Opt In:

We collect statistical patterns only - never individual workouts or personal data:

  • Progression rates - How quickly users gain strength (by training experience level)
  • Recovery patterns - Optimal rest periods and deload timing
  • RPE accuracy - How well users estimate their effort levels
  • Volume patterns - Sets per muscle group and their effectiveness

Privacy Protections:

Protection How It Works
No user IDs Aggregated data cannot be traced back to you
Bucketed demographics Training experience grouped (e.g., "1-2 years") - never exact dates
Minimum samples Data only stored when 5+ users contribute to prevent re-identification
Statistical aggregates only We store averages, medians, percentiles - never individual data points

Your Control:

  • Default OFF: You must explicitly enable this feature
  • Disable anytime: Turn off in Settings - stops all future data contribution
  • Previously aggregated data: Cannot be removed as it's anonymous and combined with other users
  • No impact on service: Your experience is the same whether enabled or disabled

How This Helps:

Your contribution helps us:

  • Better predict optimal weight progressions for different experience levels
  • Improve deload timing recommendations
  • Enhance exercise substitution suggestions
  • Make recovery recommendations more accurate

This feature complies with Apple's App Store Guidelines:

  • Explicit opt-in required (default is OFF)
  • Clear disclosure of what's collected
  • No sale of data to third parties
  • Full user control over participation

4.4 Legal Requirements

We may disclose your information if required by law:

  • To comply with a valid legal obligation, court order, or government request
  • To protect our rights, privacy, safety, or property
  • To prevent fraud or illegal activity
  • To protect the safety of users or the public

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring party. We will notify you via email at least 30 days before any transfer (when legally permissible) and you will have the option to delete your account before the transfer.

5. Apple Sign-In

When you use Sign in with Apple:

  • What Apple provides us: Your email address (or a private relay address if you choose "Hide My Email")
  • What we do NOT receive: Your Apple ID password
  • Your control: You can revoke access at any time via iOS Settings > [Your Name] > Password & Security > Apps Using Apple ID

6. Error Tracking and Session Replay (Sentry)

We use Sentry to monitor app performance and fix bugs. Here's exactly what Sentry collects:

What Sentry Collects:

  • Performance monitoring: 10% of app sessions are sampled for performance metrics
  • Error sessions: 100% of sessions with errors are captured for debugging
  • Device information: Device type, OS version, app version
  • App state at time of error: Which screen was active, recent navigation
  • Error details: Error messages, stack traces, timestamps

What Sentry Does NOT Collect:

  • Your passwords or authentication tokens
  • Your workout data content (exercises, weights, reps)
  • Your health metrics (weight, body measurements)
  • Your personal records or achievements
  • Financial information
  • Your email address or profile information

Data Masking:

Sensitive fields are automatically filtered before transmission to Sentry. We configure Sentry to exclude personally identifiable information.

7. Data Storage and Security

Where Your Data is Stored

  • Primary database: Supabase (hosted on AWS in the United States)
  • Local device: Some data cached locally for offline functionality

Security Measures

  • Encryption in transit: All data transmitted via HTTPS/TLS 1.3
  • Encryption at rest: AES-256 encryption for stored data
  • Password security: Passwords hashed using bcrypt (never stored in plain text)
  • Row-level security: Database policies ensure you can only access your own data
  • Access controls: Strict internal access limitations to personal data
  • Regular backups: Automated daily backups for data protection
  • Security monitoring: Continuous monitoring for unauthorized access

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

8. Data Retention

Active Accounts

  • Workout data: Retained while your account is active
  • Profile information: Retained until you update or delete it
  • Check-in history: Retained while your account is active

Deleted Accounts

When you delete your account:

  • Personal data deletion: Your profile, email, name, gyms, photos, and other personally identifiable information are permanently deleted within 30 days
  • Backup purge: Data removed from backups within 90 days
  • Legal retention: Some data may be retained if required by law

Anonymized Workout Data Retention

When you delete your account, we retain certain workout data in a fully anonymized form for research and service improvement purposes:

Data Retained (Anonymized) Data Deleted (PII)
Workout logs (exercises, sets, reps, weights) Your name and email
Exercise performance metrics Your profile and gym names
Daily check-in patterns Progress photos
Personal records achieved Device tokens
Progress metrics Subscription details

How We Anonymize:

  • Your user ID is replaced with a random, non-identifiable UUID
  • No connection exists between the anonymized data and your identity
  • The data cannot be traced back to you or re-identified

Why We Retain This:

  • To improve our workout recommendation algorithms
  • To better understand fitness progression patterns
  • To enhance recovery and deload recommendations

Your Rights:

  • This anonymization occurs automatically upon account deletion
  • Since the data is truly anonymous, it cannot be retrieved or deleted after anonymization
  • The anonymized data is never sold to third parties

Aggregated Analytics

Anonymized, aggregated analytics may be retained indefinitely as they cannot identify you.

9. Your Privacy Rights

For All Users

You have the right to:

  • Access: View all your personal information in the app
  • Export: Download your data in a portable format
  • Correct: Update your profile and fitness data
  • Delete: Remove specific workouts, check-ins, or your entire account

GDPR Rights (EU/EEA Users)

Under the General Data Protection Regulation, you also have:

  • Right to access: Request confirmation of what data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request limitation on how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to certain types of processing
  • Right to withdraw consent: Withdraw consent at any time (without affecting prior processing)
  • Right to lodge a complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

Under the California Consumer Privacy Act, you have:

  • Right to know: What personal information we collect and how we use it
  • Right to delete: Request deletion of your personal information
  • Right to non-discrimination: Exercise your rights without discrimination in service
  • Right to opt-out of sale: We do NOT sell personal information, so there is nothing to opt out of

How to Exercise Your Rights

Email: privacy@royalfitapp.com
Response time: Within 30 days (may extend to 60 days for complex requests with notice)

We may verify your identity before processing certain requests.

10. Children's Privacy

RoyalFit is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@royalfitapp.com. We will delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and service providers are located.

For EU/EEA users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure GDPR-compliant data transfers to the United States.

By using the App, you acknowledge and consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.

12. Do Not Track

We do not currently respond to "Do Not Track" (DNT) browser signals. The App does not track you across third-party websites or apps.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for legal, regulatory, or operational reasons.

How We Notify You

  • Material changes: Email notification and in-app notice at least 30 days before changes take effect
  • Minor changes: Updated policy posted in the app with new version number

Your Options

Your continued use of the App after changes constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account at any time.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: privacy@royalfitapp.com
Response time: Within 7 business days

For GDPR inquiries:
Data Protection Contact: privacy@royalfitapp.com

15. Legal Compliance

This Privacy Policy is designed to comply with:

  • GDPR (General Data Protection Regulation) - EU/EEA privacy law
  • CCPA (California Consumer Privacy Act) - California privacy law
  • COPPA (Children's Online Privacy Protection Act) - U.S. children's privacy law
  • Apple App Store Guidelines - iOS app privacy requirements

Version 2.3 - Last Updated February 4, 2026

Changes in 2.3: Added Cloudflare as service provider for video content delivery

Changes in 2.2: Updated Section 8 - Added disclosure about anonymized workout data retention upon account deletion

Changes in 2.1: Added Section 4.3 - Anonymized Research Data Collection (opt-in feature)