This Privacy Policy explains what information Rize ("Rize," "we," "us") collects when you use the Rize mobile app, how we use it, who we share it with, and the choices you have. If you have any questions, email chananelben@gmail.com.
1. Who we are
Rize is a workout app that reads your live heart rate and automatically plays music from your Apple Music library to match your current intensity. The app is operated by an independent developer based on the contact details above.
2. What we collect
We try to collect only what we need to make the app work. Specifically:
2.1 Account information
- Email address — used to sign you in and recover your account.
- Authentication identifiers — anonymous user IDs created by our auth provider (Supabase) and, if you use Sign in with Apple, an Apple-provided private relay identifier.
2.2 Profile information
- Age and biological sex — used only to calculate your maximum heart rate and the five heart-rate zones the app uses. Standard formula: 220 minus age.
2.3 Workout and health data
- Heart-rate samples — read from your paired BLE device, Apple Watch, or chest strap during a workout. Saved as a downsampled curve (about 50 points per session) so the app can show your HR sparkline in history.
- Workout metadata — start/end time, duration, sport type, average and max HR, zone breakdown.
- Songs played — track title, artist, BPM, the zone the song was assigned to, the HR at the time it played, and whether you skipped it.
- Manual corrections — if you remap a song to a different zone, we log that correction (with the HR context at the time) so the app's tempo classifier can improve.
2.4 Location (outdoor workouts only)
- Precise GPS coordinates — recorded only when you start an outdoor workout (Running, Cycling, Walking/Hiking). Used to calculate distance, pace, and speed. Coordinates are saved as part of the workout session if you finish; they are never streamed live to anyone.
2.5 Apple Music
- Read-only access to your Apple Music library, playlists, and playback state. We use this access to (a) list your playlists during setup and (b) queue and control the songs we choose during workouts.
- We do not copy your Apple Music library to our servers. Track titles and artist names are read on your device and sent to BPM-lookup providers (see Section 4) only when a song's tempo is not already in our shared cache.
2.6 Apple Health (HealthKit)
- Rize and its Apple Watch companion app integrate with Apple Health (HealthKit). We request read access to your heart-rate data to drive zone-matched music playback during a workout, and write access to save your completed workouts (as workout sessions) to Apple Health, so they appear alongside your other activity in the Health and Fitness apps. HealthKit data is used only for these fitness features. We never sell HealthKit data or use it for advertising.
2.7 Diagnostics
- Crash reports and basic operational metrics from Expo and Supabase, used to diagnose bugs. These may include device model, OS version, and an anonymous user ID. No HR samples or location data are sent to crash analytics.
3. How we use your data
We use the data above to:
- Sign you in and keep your session active.
- Calculate your heart-rate zones.
- Match music tempo to your live intensity during a workout.
- Show you your workout history and summary cards.
- Improve our song-to-zone classifier (using anonymized BPM corrections).
- Diagnose crashes and bugs.
We do not:
- Sell your data.
- Use your data for advertising or behavioral profiling.
- Track you across apps or websites.
4. Who we share data with
We share the minimum data necessary with the following third parties.
| Provider | What is shared | Why |
|---|---|---|
| Supabase (data storage, authentication) | Email, user ID, age, sex, workout sessions, song plays, HR samples, GPS coordinates | Stores your account and workout history in Supabase's managed Postgres database. |
| Apple Music / MusicKit | Apple Music authorization token, playback commands, track IDs | Plays music. Governed by Apple's own privacy policy and your Apple ID. |
| Strava (optional, only if you connect it) | Workout summary: duration, distance, pace, sport type, GPS track | Uploads finished workouts to your Strava feed. Only happens when you explicitly link your Strava account. |
| Deezer, MusicBrainz, GetSongBPM (BPM lookup) | Track title, artist name, ISRC code | Looks up song tempo so we can sort the song into a heart-rate zone. No user identity, account info, HR, or location is sent. |
| Expo / EAS | Anonymous crash and runtime diagnostics | Helps us fix bugs. |
We do not share data with advertisers, data brokers, or analytics platforms beyond the operational providers listed above.
5. Apple's App Privacy categories
For Apple's App Privacy summary, the data types we collect are:
- Contact info: Email address (linked to you, not used for tracking).
- Health & Fitness: Heart rate, workout sessions (linked, not used for tracking).
- Identifiers: User ID (linked, not used for tracking).
- Location: Precise location, outdoor workouts only (linked, not used for tracking).
- Usage data: Product interaction — songs played, zone transitions (linked, not used for tracking).
- Diagnostics: Crash data, performance data (linked, not used for tracking).
We do not use any of this data for tracking as Apple defines it.
6. Data retention
- Account data (email, profile) is kept for as long as your account exists.
- Workout data (HR samples, songs played, GPS) is kept for as long as your account exists, so you can view your history. You can delete individual workouts at any time.
- Shared BPM cache entries (track ID → tempo) are kept indefinitely and are not linked to you.
- When you delete your account (see Section 8), all personally linked data is deleted within 30 days.
7. Security
Data in transit is encrypted using TLS. Data at rest in Supabase is encrypted at the storage layer. Row-level security policies restrict access to your own records.
No system is perfectly secure. If you discover a vulnerability, please email chananelben@gmail.com.
8. Your rights
Wherever you live, you can:
- Access the data we hold about you.
- Export your workout history and account data.
- Correct your profile information from inside the app.
- Delete your account and all associated data.
To exercise any of these rights, email chananelben@gmail.com from the address tied to your account. We will respond within 30 days. There is no charge.
If you are in the European Economic Area, the UK, or California, you also have rights under the GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with your local data protection authority.
9. Children
Rize is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, email chananelben@gmail.com and we will delete it.
10. Cookies and tracking
Rize is a native mobile app. It does not use browser cookies. It does not use third-party SDKs that fingerprint your device or track you across other apps or websites.
11. International transfers
Supabase, Apple, Strava, and our BPM-lookup providers may process your data in the United States and the European Union. By using Rize, you consent to these transfers under the safeguards each provider has in place (Standard Contractual Clauses where applicable).
12. Changes to this policy
If we make material changes, we'll update the "Last updated" date and notify you in-app before the change takes effect. Continued use of Rize after a change means you accept the updated policy.
13. Contact
Questions, requests, or complaints:
Email: chananelben@gmail.com