Your data, your rules.

What we collect

Account info. When you sign in with Google or Apple, we receive your email address, name, profile picture (if any), and a unique account identifier. We also store the timezone your device reports so coach reminders fire at sensible times.

Your content. Anything you log in Rovik — workouts, training plans, food entries, journal notes, habits, challenges — is associated with your account. We store this so you can see your history across devices and so the Coach can reason about it.

Coach conversations. Messages you send to the Coach, plus the relevant pieces of your logged content the Coach needs to answer, are sent to Anthropic for processing (more on that below).

Operational metadata. Standard things every server sees: IP address (used for security and rate-limiting, not stored long-term), the platform you're on (iOS, Android, web) and the app version (used to require updates when we make a breaking change).

What we don't collect

We do not collect precise location, contacts, photos, microphone audio, or HealthKit/Google Fit data. We do not use third-party ad SDKs or behavioural analytics. We do not track you across other apps or websites.

Third parties we share with

Rovik runs on infrastructure from a small set of providers:

• Google / Apple. Sign-in. Receives the basics needed to verify your account.
• Anthropic. Powers the Coach. We send your message and relevant context; Anthropic does not use this data to train models per their commercial API terms.
• Render. Hosts our backend. Sees your data only in transit while serving requests.
• Neon. Hosts our Postgres database. Stores your account row and (in future phases) your logged content.
• Vercel. Hosts the website at rovik.ai. Sees standard web request logs.
• Resend. Sends our email (waitlist confirmations, transactional notes). Receives your email address.

We don't sell your data and we don't share it with anyone outside this list except where legally compelled.

How long we keep it

While your account is active, we keep your data so the app works. When you delete your account (Settings → Danger Zone → Delete account, or by emailing us), we mark it for deletion and hold it for a 14-day grace period. If you sign back in during those 14 days, the deletion is cancelled. After 14 days, your account row and all associated content are permanently removed from our database. Backup snapshots are rotated within 30 days.

Your rights

Access and export. You can export your data from Settings → Export Data at any time. Email us if you need it in a different format.

Deletion. Settings → Danger Zone → Delete account. Or email hello@rovik.ai.

Correction. Edit anything you've logged directly in the app. Email us if you can't for some reason.

If you're in the EU, UK, or California: you have additional rights under GDPR and CCPA — to access, correct, port, restrict, or delete your data, and to object to processing. Email hello@rovik.ai and we'll respond within 30 days.

Children

Rovik is not intended for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has created an account, email us and we'll delete it.

Security

Data is encrypted in transit (TLS) and at rest. Auth tokens are stored in your device's secure keystore. We're a small team and we keep our access to user data to a minimum, but no system is perfectly secure — if we ever discover a breach affecting you, we'll tell you within 72 hours of confirming it.

Changes

When we make material changes to this policy we'll bump the effective date and, if the change affects what we collect or who we share with, email everyone with an active account before it takes effect.

Contact

Questions, requests, or anything else: email hello@rovik.ai.