← Back

Privacy Policy

Privacy Policy

Effective Date: May 2, 2026

1. Introduction

SinewFit LLC ("SinewFit," "we," "our," or "us"), a New Jersey Limited Liability Company, operates the website sinewfit.ai, the SinewFit iOS application, and the companion SinewFit Apple Watch application (collectively, "the Service"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Service. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

We collect the following types of personal information when you create an account and use the Service:

Account Information

  • Email address
  • Name
  • Password (stored securely via our authentication provider)

Physical and Health Information

  • Date of birth
  • Height and weight
  • Strength benchmarks (e.g., bench press, squat, deadlift, overhead press maxes)
  • Bodyweight fitness benchmarks (e.g., push-up and pull-up maxes)
  • Cardio benchmarks (e.g., mile time, longest run)
  • Injury information and physical limitations

Fitness Preferences

  • Fitness goals
  • Experience level
  • Equipment access and gym type
  • Preferred workout days and session length
  • Cardio activities and sport-specific interests
  • Exercise preferences and swap history

Usage Data

  • Workout logs (exercises completed, sets, reps, weights used, rest times)
  • Workout plan history and previously generated plans
  • Weekly feedback responses, day-tag selections, and exercise-level feedback (loved / liked / too heavy / too light / wrong for me / hated)
  • Progression and personal records data, including derived 1-rep-max estimates
  • Free-text activity descriptions you enter when scheduling reserved activities (e.g., "spin class," "5K trail run")

Health and Wearable Data (HealthKit)

When you use the SinewFit iOS app and grant permission, we read and write a limited set of data via Apple HealthKit:

  • Heart rate samples captured by your paired Apple Watch during a workout (start, end, average, max, time-in-zone summaries)
  • Workout summaries that we write back to Apple Health when you complete a session, so the workout appears in the Apple Fitness and Health apps alongside your other activity

HealthKit data is end-to-end encrypted by Apple and is shared only with your explicit permission via the iOS Health permission prompts. You may revoke either or both permissions at any time in Settings → Health → Data Access & Devices → SinewFit. Heart-rate summaries we display in the app and store with your workout logs are derived only from sessions that originated while the SinewFit watch app was active. SinewFit does not collect or transmit HealthKit data for any purpose other than operating the Service, and never sells, shares, or uses HealthKit data for advertising or marketing. This is a requirement of Apple's HealthKit terms, and one we honor.

AI Coach Conversations

If you use the in-app AI Coach chat feature, the messages you send and the responses generated are stored in our database so the conversation can persist across sessions. Coach messages are sent to Anthropic's Claude API to generate replies — see "Third-Party Services" below for how Anthropic handles this data.

AI Plan-Generation Telemetry

When the Service generates a workout plan, redesigns a day, or runs a validator pass, we store internal telemetry — the prompt sent to the AI, the raw response, validator outcomes, and timing — in a private operations table associated with your user account. This telemetry exists so we can debug bad plan generations and improve quality. It is not shared with third parties beyond the AI provider that generated the response, and is never used for advertising.

Error and Crash Reports

We use Sentry to capture application errors, exceptions, and performance issues. Error reports may include your user ID, the page or feature where the error occurred, the error stack trace, device model, operating system version, and app version. Sentry reports never include workout weights, body measurements, injury details, or AI Coach conversation content.

Analytics and Engagement Data

We collect anonymized usage data to improve the app experience. This includes which features you use (e.g., workout logging, plan generation, exercise swap), how often you use the app, page views, and general engagement metrics. We also store usage events (such as "workout completed" or "plan generated") linked to your user account to understand how the app is being used. These events contain minimal metadata (such as the type of workout completed) and never include sensitive data like exercise weights, injury information, or health details.

We use Vercel Analytics to collect anonymous page view and web performance data. This data does not include personal information and cannot be used to identify individual users.

3. How We Use Your Data

We use your personal information for the following purposes:

  • Personalized workout plans: Your profile data (physical stats, goals, experience level, equipment, injuries) is used to generate AI-powered workout plans tailored to your needs
  • Progress tracking: Your workout logs and benchmarks are used to track your progress over time and adjust future plans accordingly
  • Heart-rate and recovery context: Heart-rate summaries from Apple Watch are stored alongside the originating workout to display effort metrics and inform recovery and progression suggestions
  • AI Coach replies: Coach chat messages are sent to Anthropic's Claude API to generate fitness-related replies, then stored in our database so the conversation persists for you
  • Reliability: Error and crash reports are used to diagnose bugs and improve app stability
  • Service improvement: Aggregated, de-identified usage data may be used to improve our AI prompts, our exercise catalog, and overall service quality
  • Account management: Your email is used for authentication, password resets, and essential service communications
  • Analytics: To analyze app usage patterns, understand which features are most valuable, and identify and fix technical issues

HealthKit-specific use restriction: Per Apple's HealthKit terms, data we read from HealthKit (heart rate, workout history) is used only to operate the Service. We do not use HealthKit data for advertising, marketing, or other use-based data mining, and we do not disclose HealthKit data to third parties for those purposes.

4. Data Storage and Security

Your data is stored using Supabase, a secure database platform hosted on Amazon Web Services (AWS) infrastructure. All data is encrypted in transit using TLS/SSL encryption. Supabase implements industry-standard security measures including row-level security policies to ensure that users can only access their own data.

While we take reasonable measures to protect your personal information, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Apple HealthKit Disclosure

SinewFit integrates with Apple HealthKit on iOS. We disclose the following in plain language because Apple requires it, and because you should know exactly what we do with your health data:

  • We read heart-rate samples that your Apple Watch records during a workout you start in SinewFit, so we can show effort and time-in-zone summaries and inform recovery suggestions.
  • We write a workout summary to Apple Health when you complete a session, so the workout shows up in the Apple Fitness and Health apps.
  • We do not use HealthKit data for advertising, marketing, or any other use-based data mining.
  • We do not sell or share HealthKit data with third parties for any purpose other than providing the Service to you.
  • We do not disclose HealthKit data to data brokers, insurance companies, or employers.
  • You can revoke either or both HealthKit permissions at any time in Settings → Health → Data Access & Devices → SinewFit. Revoking permission stops new data flow but does not retroactively delete heart-rate summaries already saved with prior workout logs; you can request deletion of those under Section 10 (Your Rights).

6. Third-Party Services

We use the following third-party services to operate SinewFit:

Anthropic API (Claude)

We use Anthropic's Claude API for three purposes: (a) generating personalized workout plans and day redesigns, (b) classifying short free-text activity descriptions you enter, and (c) replying to messages you send via the in-app AI Coach. The data sent to Anthropic varies by feature:

  • Plan generation: profile data (physical stats, goals, experience level, equipment access, injuries, workout history, recent feedback)
  • Activity classification: the short free-text label you typed (e.g., "spin class")
  • AI Coach: the chat messages you send and a brief snapshot of recent training context, so replies are relevant to your training

Under Anthropic's commercial API terms, data submitted through the API is not used to train Anthropic's models, is processed in real time, and is not retained by Anthropic after the response is generated. We send only the minimum data necessary for each feature. Anthropic's handling of API data is governed by their commercial data-usage policy.

Supabase

Supabase provides our database, authentication, and backend infrastructure. Your data is stored in Supabase's managed PostgreSQL databases hosted on AWS, with row-level security policies that restrict access to your own data. Supabase also handles password hashing for accounts created via email and password.

Apple (HealthKit, Sign in with Apple, App Store)

Apple HealthKit data flows are described in Section 2 above. If you choose Sign in with Apple, Apple provides us an identity token and a stable user identifier; we do not receive your Apple ID password. If you create an account via Sign in with Apple with the "Hide My Email" option, we receive a relay email address and never see your real email. If the app is installed via the App Store or TestFlight, Apple may collect basic install and crash telemetry per Apple's own privacy policy, which is independent of SinewFit.

Google (Sign in with Google)

If you choose Continue with Google, Google authenticates you and shares your name, email address, and a stable Google account identifier with SinewFit via OAuth. We do not receive your Google password. Google's handling of authentication data is governed by Google's privacy policy.

Sentry (Error Monitoring)

We use Sentry to capture application errors and crashes so we can diagnose and fix bugs. Sentry receives error reports that may include your user ID, app version, device model, OS version, and the error stack trace. We configure Sentry to scrub potentially sensitive fields. Sentry processes this data on our behalf as a data sub-processor.

Vercel (Hosting & Analytics)

Our application is hosted on Vercel's platform. Vercel may collect standard server logs including IP addresses and request metadata as part of their hosting service. We also use Vercel Analytics for anonymous page-view and web-performance tracking — no personal data is shared with Vercel Analytics.

7. Data Minimization

We follow data minimization principles. Our analytics tracking intentionally excludes sensitive health and fitness data such as exercise weights, body measurements, injury details, and specific workout performance metrics. We collect only the minimum usage data necessary to improve the app.

8. What We Do NOT Do

  • We do not sell your personal data to third parties
  • We do not serve advertisements or share data with advertising networks
  • We do not use your data for purposes unrelated to the Service
  • We do not share your individual data with other users

9. Data Retention

Your personal data is retained for as long as your account remains active. If you wish to delete your account and all associated data, you may request deletion by contacting us at the email address listed below. Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where we are required by law to retain certain information.

10. Your Rights

You have the following rights regarding your personal data:

  • Right to access: You may request a copy of the personal data we hold about you
  • Right to correction: You may update or correct your personal data at any time through the profile settings in the app
  • Right to deletion: You may request deletion of your account and all associated personal data
  • Right to data portability: You may request your data in a structured, machine-readable format

To exercise any of these rights, please contact us at the email address listed below.

11. Cookies

SinewFit uses minimal cookies strictly necessary for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. The cookies we use are essential for the Service to function and cannot be opted out of while using the Service.

12. Data Breach Notification

In the event of a data breach that affects your personal information, SinewFit will notify affected users within 72 hours of becoming aware of the breach. Notification will be sent to the email address associated with your account and will include a description of the nature of the breach, the types of data affected, and the steps we are taking in response. Where required by applicable law, we will also notify relevant supervisory authorities.

13. Children's Privacy

SinewFit is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that a person under 18 has provided us with personal information, we will take steps to delete such information and terminate the associated account promptly. If you believe that someone under 18 has created an account, please contact us at support@sinewfit.ai.

14. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. These include:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of your personal information (we do not sell your data)
  • The right to non-discrimination for exercising your CCPA rights

To make a request under the CCPA, please contact SinewFit LLC at the email address listed below.

15. European Residents (GDPR)

If you are a resident of the European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with additional rights. SinewFit LLC acts as the data controller for your personal data. Our legal basis for processing your personal data includes:

  • Consent: You consent to data processing when you create an account and agree to our Terms of Use
  • Contract performance: Processing is necessary to provide you with the Service
  • Legitimate interests: Processing is necessary for our legitimate interests in improving the Service

Under the GDPR, you have the right to access, rectify, erase, restrict processing, object to processing, and port your data. You also have the right to lodge a complaint with a supervisory authority. To exercise any of these rights, please contact us at the email address listed below.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the effective date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

17. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

support@sinewfit.ai