# Privacy Policy for RowerTrain **Effective Date:** July 19, 2025 **Last Updated:** July 19, 2025 ## Introduction RowerTrain ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our RowerTrain mobile application (the "App"). This App is designed to connect to Bluetooth fitness equipment and track your workouts. ## Information We Collect ### Information You Provide Directly - **Workout Data**: Exercise metrics such as power, cadence, distance, time, heart rate, and calories burned from your fitness equipment - **Strava Account Information**: When you choose to connect your Strava account, we access your Strava profile information and activity data according to your Strava permissions. This is needed for uploading your workouts to Strava and it is not even accessed or stored by us. ### Information Collected Automatically - **Bluetooth Data**: Information from connected fitness equipment (rowing machines, bike trainers, heart rate monitors) ### Information from Third Parties - **Strava Integration**: If you connect your Strava account, we receive profile and activity data as permitted by your Strava authorization. This is needed for uploading your workouts to Strava and it is not even accessed or stored by us. ## How We Use Your Information We use the collected information for the following purposes: - **Fitness Tracking**: Display real-time workout metrics from your connected fitness equipment - **Data Storage**: Store your workout sessions locally on your device in FIT file format until upload to Strava. Once uploaded to Strava, the data is deleted from your device. - **Third-Party Integration**: Upload your workouts to Strava when you choose to do so - **App Functionality**: Maintain Bluetooth connections and ensure proper app operation ## Data Storage and Security ### Local Storage - **Workout Data**: Your fitness data is primarily stored locally on your device in industry-standard FIT file format. Once it is sent to Strava, it is stored on Strava's servers and deleted from your device. - **Secure Storage**: Authentication tokens and user preferences are stored using Android's secure storage mechanisms with encryption. - **Temporary Data**: Real-time workout data is processed in memory and may be temporarily cached for display purposes ### Data Security Measures - **Encryption**: Sensitive data is encrypted both in transit and at rest - **Secure Transmission**: All network communications use HTTPS/SSL encryption - **Access Controls**: App data is protected by device-level security measures - **No Cloud Storage**: We do not store your personal workout data on our servers. All data is stored locally on your device. ## Third-Party Services ### Strava Integration - **Purpose**: Upload your workout files to your Strava account (optional) - **Data Shared**: FIT files containing your workout data, when you explicitly choose to upload - **Control**: You can disconnect Strava integration at any time through the app settings - **Strava's Privacy Policy**: When using Strava integration, Strava's own privacy policy also applies ### Bluetooth Connectivity - **Fitness Equipment**: We connect to FTMS-compatible fitness equipment to receive workout data - **Heart Rate Monitors**: Optional connection to heart rate monitors for additional metrics - **Data Processing**: Bluetooth data is processed locally and not transmitted to external servers ## Permissions We Request Our app requests the following permissions: - **Bluetooth**: To connect to fitness equipment and heart rate monitors - **Location**: Required by Android for Bluetooth scanning (not used for location tracking) - **Internet**: To upload workouts to Strava and check for app updates - **Storage**: To save workout files locally on your device - **Network State**: To verify internet connectivity before Strava uploads ## Data Sharing and Disclosure We do not sell, trade, or otherwise transfer your personal information to third parties. ## Your Rights and Choices You have the following rights regarding your data: - **Data Access**: View all workout data stored in the app - **Data Deletion**: Delete individual workouts or all stored data - **Strava Disconnection**: Revoke Strava access at any time - **App Removal**: Uninstalling the app removes all locally stored data ## Data Retention - **Workout Data**: Stored locally until you choose to delete it - **Authentication Tokens**: Stored until you sign out or revoke access - **Temporary Data**: Cleared when the app is closed or device is restarted - **Deleted Data**: Permanently removed and cannot be recovered ## Children's Privacy Our App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. Actually we do not collect any personal information at all. ## International Data Transfers Your data is primarily stored locally on your device. When you use Strava integration, data may be transferred to Strava's servers, which may be located in different countries. These transfers are protected by appropriate safeguards. ## Changes to This Privacy Policy We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify users of any material changes by: - Updating the "Last Updated" date at the top of this policy ## Contact Information If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: **GitHub**: https://github.com/iliuta/ftms ## Consent By using our App, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our App. --- **Note**: This privacy policy is specifically designed for the RowerTrain fitness app and covers its Bluetooth connectivity, local data storage, and optional Strava integration features.