Privacy Policy

Effective date: 4 April 2026

WodStrat ("we", "our", "us") is a functional fitness workout strategy platform. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

When you use WodStrat, we collect:

• Google account information — email address, display name, and profile photo (provided by Google when you sign in)
• Athlete profile — name, date of birth, gender, height, weight, experience level, and training goals (entered by you)
• Workout data — workout descriptions you enter for AI analysis
• Workout results — scores, post-workout feedback answers, and AI-generated performance reports
• Workout images — photos you upload for AI-powered text extraction (OCR). Images are processed in-memory and are not permanently stored on our servers
• Benchmark results — personal fitness performance records you log, including historical entries
• Skill progression data — unlocked skills, progression levels, and step completions across skill categories (Pulling, Pushing, Gymnastics, Olympic Lifting, Cardio)
• AI skill plan data — self-reported assessments (reps, weights, notes), time commitments, and AI-generated training plans
• Gamification data — earned badges, workout streaks, and experience points
• My Hub coaching data — AI-generated fitness analysis, daily programmes, objectives, and recovery insights
• Subscription data — your subscription tier and status (managed by RevenueCat; we do not store payment card details)
• Usage counters — daily AI request counts for rate limiting
• Health and wearable data (optional, only if you connect a wearable device or health platform) — resting heart rate, heart rate variability (HRV), sleep duration and quality, workout heart rate, and active calories burned. This data is read from Apple HealthKit (iOS), Google Health Connect (Android), or WHOOP API, depending on your device and connection preferences. You must explicitly opt in by connecting a health source in Settings

2. How We Use Your Data

• App functionality — to display your profile, track benchmarks, manage skill progressions, and record workout results
• AI strategy generation — your workout text and athlete profile context (experience level, gender, weight — no name or email) are sent to Google Gemini to generate personalised workout strategies
• AI coaching (My Hub) — your benchmarks, workout history, skill progress, and profile context are sent to Google Gemini to generate daily fitness analysis and training programmes
• AI skill plans — your self-reported assessment and skill progression data are sent to Google Gemini to generate personalised training plans
• Post-workout reports — your workout scores and feedback are sent to Google Gemini to generate performance reports
• Image processing (OCR) — uploaded workout images are sent to Google Gemini for text extraction. Images are processed ephemerally and not retained
• Community percentile rankings — your benchmark results are compared against other WodStrat users' results to calculate percentile rankings. Rankings are segmented by gender when sufficient data exists (minimum 5 athletes), otherwise a combined pool is used. Individual users cannot see other users' data — only their own percentile position
• Subscription management — to enforce tier-based feature limits
• Rate limiting — to manage daily AI request quotas
• Recovery-aware AI coaching — if you connect a wearable or health platform, your health data (heart rate, HRV, sleep, calories) is used to assess recovery status and adjust AI-generated workout recommendations, training intensity, and coaching advice. Health data is sent to Google Gemini as part of your coaching context (no personal identifiers included). WodStrat does not provide clinical, diagnostic, or medical advice — health data is used solely for fitness coaching purposes

3. Third-Party Services

We use the following third-party services:

• Google Sign-In (OAuth 2.0) — for authentication. Google's privacy policy: policies.google.com/privacy
• Google Gemini API — for AI-powered workout strategy generation, coaching insights, skill plan generation, post-workout reports, and image text extraction. Athlete profile context (experience level, gender, weight) is included to personalise responses; no personal identifiers (name, email) are sent
• RevenueCat — for subscription and in-app purchase management. Device identifiers are shared with RevenueCat for subscription tracking. RevenueCat's privacy policy: revenuecat.com/privacy
• Apple App Store / Google Play Store — for processing subscription payments
• Apple HealthKit (iOS) — for reading health and fitness data from your device. Data is read locally on your device and transmitted securely to our servers. Apple's privacy policy: apple.com/privacy
• Google Health Connect (Android) — for reading health and fitness data from your device. Data is read locally on your device and transmitted securely to our servers. Google's privacy policy: policies.google.com/privacy
• WHOOP — for reading recovery, strain, sleep, and heart rate data via the WHOOP API (if you connect your WHOOP account). WHOOP's privacy policy: whoop.com/privacy

4. Data Storage and Security

• Your data is stored in a PostgreSQL database hosted on Railway (cloud infrastructure)
• All communication between the app and our servers uses HTTPS encryption
• Authentication tokens are stored in your device's encrypted keychain (iOS Keychain / Android Keystore)
• We do not store payment card details — these are handled entirely by Apple/Google through RevenueCat
• Uploaded workout images are processed in-memory for text extraction and are not permanently stored
• Health and wearable data is stored for up to 90 days and is automatically deleted after this period. Data is encrypted in transit (HTTPS) and stored in our database alongside your other account data

5. Data Sharing

We do not sell your data. Your data is only shared with the third-party services listed above, solely for the purposes described. We do not use advertising SDKs or analytics tracking.

Your benchmark results are used in aggregate to calculate community percentile rankings. Other users cannot see your individual data — only their own ranking position within the community.

Health and wearable data is never shared with other users, used for advertising, or sold to third parties. It is used exclusively for personalising your AI coaching recommendations.

6. Data Retention and Deletion

• Your data is retained for as long as your account is active
• You can delete your account at any time from Settings in the app. This permanently deletes all your data (profile, workouts, workout results, benchmarks, skill progress, skill plans, badges, streaks, AI insights cache, hub content, health snapshots, wearable connections, subscription records) immediately
• Health and wearable data is automatically deleted after 90 days, or immediately upon account deletion
• You can disconnect a health source at any time from Settings, which stops further data collection. Previously collected health data remains subject to the 90-day retention period or can be removed via account deletion
• See our Account Deletion page for more details

7. Your Rights

You have the right to:

• Access your data (visible within the app)
• Correct your data (editable within the app)
• Delete your data (via Settings > Delete Account)
• Contact us with questions about your data

8. Children's Privacy

WodStrat is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, please contact us.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app or by updating the effective date above.

10. Contact Us

If you have questions about this privacy policy or your data, contact us at: wodstratinfo@gmail.com