Privacy Policy

Effective Date: March 3, 2026

Crucible ("we", "our", "the app") is a fitness and training analytics application. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Crucible.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Display name and username
• Profile photo (if provided)

Health and Fitness Data

With your explicit permission, Crucible reads health and fitness data from connected devices and platforms, including:

• Apple HealthKit: Heart rate, resting heart rate, heart rate variability (HRV), VO2 max, blood oxygen (SpO2), step count, active energy burned, workouts, sleep analysis, body measurements, and respiratory rate.
• Garmin Connect: Heart rate, activities, training load, body battery, stress, sleep, steps, and fitness metrics via the Garmin Connect API.
• WHOOP: Heart rate, strain, recovery, sleep, and HRV via the WHOOP API.
• Oura Ring: Sleep stages, readiness scores, heart rate, HRV, body temperature, and activity via the Oura API.
• Polar: Heart rate, training data, sleep, and recovery via the Polar AccessLink API.

We only access the health data types you explicitly authorize. You can revoke access to any data source at any time through your device settings or the app.

Workout and Activity Data

Data generated through Crucible's features, including:

• Live workout sessions (duration, heart rate samples, zones, calories)
• Training metrics (TRIMP, Training Effect, ACWR)
• Activity history and logs

Social and Community Data

• Posts, comments, and interactions you create within the app
• Contacts (only when you choose to find friends, with your permission)
• Squad/group memberships and challenge participation

2. How We Use Your Information

We use your data to:

• Provide personalized training insights, recovery recommendations, and fitness analytics
• Display your health metrics and trends on your dashboard
• Sync workouts and activities across connected devices
• Enable social features (posts, squads, challenges)
• Compute training load metrics (TRIMP, ACWR, Training Effect)
• Improve app functionality and user experience

3. Data Storage and Security

Your data is stored securely using Supabase, which provides:

• Encryption in transit (TLS/SSL) and at rest
• Row-level security policies ensuring you can only access your own data
• Hosted on secure cloud infrastructure

Health data from connected devices is processed on your device and only transmitted to our servers in aggregate or summary form as needed for app features. Raw health data from Apple HealthKit remains on your device and is queried locally.

4. Third-Party Services

We integrate with the following third-party services:

• Apple HealthKit: Data is read locally on your device per Apple's HealthKit guidelines. We do not store raw HealthKit data on external servers.
• Garmin Connect API: Accessed via OAuth 1.0a with your authorization. We store only the access tokens and synced fitness summaries.
• WHOOP API: Accessed via OAuth 2.0 with your authorization.
• Oura API: Accessed via OAuth 2.0 with your authorization.
• Polar AccessLink API: Accessed via OAuth 2.0 with your authorization.
• Supabase: Backend database and authentication provider.

We do not sell, rent, or share your personal health data with third parties for advertising or marketing purposes.

5. Data Sharing

Your data is shared only in the following circumstances:

• Social features: Posts, comments, and profile information you choose to share with other users
• Squad/group features: Activity and challenge data shared within groups you join
• Service providers: Infrastructure providers (Supabase) that process data on our behalf under strict data protection agreements
• Legal requirements: When required by law, regulation, or legal process

6. Your Rights and Choices

You have the right to:

• Access: View all data we have collected about you
• Revoke device permissions: Disconnect any device integration at any time through Settings
• Delete your account: Request deletion of your account and all associated data
• Withdraw consent: Revoke HealthKit or device API permissions through your device settings at any time
• Data portability: Request an export of your data

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated personal data within 30 days, except where retention is required by law.

8. Children's Privacy

Crucible is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Your continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: contact@thecrucibleapp.com

---