Legal

Privacy Notice

Last updated: 28 June 2026 · Rithim (rithim.app)

Summary: We collect only what we need to run Rithim. We don't sell your data. You can delete your account and all associated data at any time. For questions, email [email protected].

1. Who we are

Rithim is operated as an independent application. For the purposes of UK GDPR, the data controller is Rithim (contact: [email protected]). References to "Rithim", "we", "us", or "our" in this notice refer to the controller of the application.

2. What data we collect

We collect the following categories of personal data when you use Rithim:

Category	Examples	Why we collect it
Account information	Name, email address, username, profile picture, profile bio	To create and manage your account
Fitness & log data	Workout logs, exercises, sets, reps, weight lifted, routines, personal records	To provide the core tracking service
Social activity	Follows, kudos, comments, shared workouts	To power social features
Device & technical data	Push notification tokens, device type, OS version, crash logs	To send notifications and diagnose issues
Authentication data	Social sign-in tokens (Apple, Google), email verification status	To authenticate your identity securely

We do not collect health or biometric data beyond what you voluntarily enter as workout logs (e.g. bodyweight). We do not collect precise GPS location data.

3. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

Contract performance (Article 6(1)(b)): Processing necessary to provide the Rithim service you have signed up for — including account creation, workout storage, and social features.
Legitimate interests (Article 6(1)(f)): Processing for app security, fraud prevention, crash diagnostics, and improving app reliability, where those interests are not overridden by your rights.
Consent (Article 6(1)(a)): Sending push notifications (you can withdraw consent at any time via device settings).
Legal obligation (Article 6(1)(c)): Where we are required to retain or disclose information by law.

4. How we use your data

To create, operate, and personalise your Rithim account and training experience.
To store and display your workout logs, personal records, and routines.
To enable social features: following other users, leaving kudos, and sharing workouts according to your privacy settings.
To send push notifications about workout reminders, social interactions, and community updates (with your consent).
To diagnose crashes and technical issues via anonymised error reporting.
To comply with legal obligations if required.

5. Data sharing & third-party processors

We do not sell, rent, or trade your personal data. We share data only with the following service providers, under contractual data processing agreements, where necessary to run the app:

Processor	Purpose	Location
Supabase	Database, authentication, and cloud storage hosting	EU (AWS Frankfurt region)
Sentry	Anonymised crash and error reporting	USA (Standard Contractual Clauses apply)
Apple / Google	Push notification delivery; Sign in with Apple / Google	USA (SCCs apply)

All communications between the app and our servers are encrypted in transit via HTTPS (TLS).

6. International transfers

Some of our processors (listed above) are based outside the UK. Where we transfer personal data to countries not deemed adequate by the UK ICO, we rely on UK International Data Transfer Agreements (UK IDTAs) or Standard Contractual Clauses (SCCs) to ensure your data receives equivalent protection.

7. Data retention

We retain your personal data for as long as your account is active. If you delete your account, all associated personal data — including workout logs, profile information, social activity, and push notification tokens — is permanently deleted within 30 days.

Anonymised, aggregated analytics data (with no identifying information) may be retained indefinitely for service improvement purposes.

Crash logs and error reports are automatically purged by Sentry after 90 days.

8. Your rights under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): Request deletion of your data. You can do this directly in-app (Settings → Delete Account) or via our online form.
Right to restrict processing: Ask us to pause processing of your data in certain circumstances.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
Rights related to automated decision-making: We do not make any automated decisions that significantly affect you using your personal data.

To exercise any of these rights, email us at [email protected]. We will respond within one calendar month as required by UK GDPR.

9. Children's privacy

Rithim is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has provided us with personal data, please contact us at [email protected] and we will delete it promptly.

Users aged 13–17 must have parental or guardian consent to use Rithim.

10. Cookies & tracking

The Rithim mobile app does not use cookies. Our website (rithim.app) uses only essential technical cookies required for the site to function. No advertising or analytics tracking cookies are used on the website.

11. Security

We take appropriate technical and organisational measures to protect your personal data, including encrypted storage, access controls, and regular security review. However, no system is completely secure; please use a strong, unique password and enable two-factor authentication where available.

12. Changes to this notice

We may update this Privacy Notice from time to time. When we make material changes, we will notify you via in-app notification or email. The "last updated" date at the top of this page reflects the most recent revision. Continued use of Rithim after any changes constitutes acceptance of the updated notice.

13. Contact & complaints

For any questions about this Privacy Notice or how we handle your data, contact us at:

Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113