Privacy Policy

Effective date: March 5, 2026

Ryval ("the App") is a personal fitness tracking application. This policy explains what data the App collects, how it is stored, and your choices regarding that data.

Data We Collect

Data You Provide

• Profile information: name, body weight, height, birth year, and sex (used for calorie calculations, fitness score personalization, and workout recommendations).
• Workout data: exercises, sets, reps, weights, duration, and session notes.
• Weekly goals: calorie targets, active minutes targets, and workout frequency targets.
• Profile photo: if you add a profile photo, it is stored locally on your device and, if you sign in, uploaded to Firebase Cloud Storage for display to accepted friends.

Data Collected Automatically

• Heart rate data: if you connect a Bluetooth heart rate monitor (e.g., Polar, Wahoo, Garmin, Coospo), the App records real-time heart rate and energy expenditure during workouts. This data is stored locally on your device.
• Body composition data: if you connect to Android Health Connect, the App reads weight, body fat percentage, height, lean body mass, and bone mass from Health Connect. This data is stored locally on your device.
• GPS and location data: if you enable GPS tracking for outdoor workouts (e.g., running, cycling), the App records location coordinates, distance, and pace during the workout session. GPS data is stored locally on your device and is not transmitted to any external server. Location access is only used during active workout sessions with GPS enabled.

Data From Third-Party Services

• Firebase Authentication: the App uses Firebase for anonymous sign-in and email magic link authentication. Firebase processes your email address (if you sign in with email) and assigns an anonymous user identifier.
• Firebase Cloud Storage: if you sign in and add a profile photo, the image is uploaded to Firebase Cloud Storage. Access is restricted to you and your accepted friends via security rules.
• Firebase Cloud Firestore: if you use social features (friend codes, friend requests, workout sharing, challenges), social relationship data and shared workout metadata are stored in Firestore. Only accepted friends can view your shared data.
• Firebase Remote Config: the App uses Firebase Remote Config to manage feature availability. No personal data is sent to Remote Config; the App receives configuration flags only.
• OneSignal Push Notifications: if you opt in to push notifications, OneSignal receives a device identifier to deliver notifications. No personal data is shared with OneSignal beyond what is necessary to deliver push messages.

How Data Is Stored

Local Storage

The majority of your data — workouts, heart rate logs, GPS tracks, body composition records, fitness scores, goals, and preferences — is stored locally on your device in an SQLite database. This data does not leave your device unless you explicitly export it or share workouts with friends.

Cloud Services

• Firebase: stores your anonymous user ID, friend codes, friend list, and shared workout metadata for social features. If you sign in with email, Firebase stores your email address. If you add a profile photo, it is stored in Firebase Cloud Storage.
• OneSignal: stores a push notification device token if you opt in to notifications.

The App does not upload your full workout data, heart rate data, GPS tracks, or body composition data to any cloud server. Social features share only workout summary metadata (workout name, date, duration, calories) with accepted friends — not raw heart rate or GPS data.

Bluetooth and Sensor Data

When you connect a Bluetooth heart rate monitor:

• The App uses Bluetooth Low Energy (BLE) to communicate with the device.
• Heart rate, battery level, and energy expenditure are read from the sensor.
• During workouts, an Android foreground service may maintain the BLE connection in the background to ensure continuous heart rate capture. This service runs only during active workouts and stops when the workout ends.
• All sensor data is stored locally on your device and is not transmitted to any external server.
• You can disconnect the sensor at any time from Settings.

GPS and Location Data

When you enable GPS tracking for an outdoor workout:

• The App requests location permission to record your route during the workout.
• GPS coordinates, distance, and pace are captured and stored locally on your device.
• Location data is used only for workout distance and pace calculations — it is not transmitted to any external server or shared with third parties.
• GPS tracking is optional and only active during workouts where you explicitly enable it.

Health Connect Integration

When you connect to Android Health Connect:

• The App requests read-only access to weight, body fat, height, lean body mass, and bone mass records.
• Data is read from Health Connect and stored locally in the App's database for display on the Progress screen.
• The App does not write data to Health Connect.
• You can revoke Health Connect permissions at any time from Android Settings or from the App's Settings screen.

Fitness Score and Personalization

The App calculates a Fitness Score (0-1000) based on your workout activity. The score uses your profile information (birth year, sex, weekly training frequency) to personalize targets and thresholds. This calculation happens entirely on your device — no personal data is sent to any server for scoring purposes.

Data Export and Deletion

• Export your data: use Settings > Data > Download My Data to export a full backup of your local database as a JSON file.
• Automatic backups: you can configure automatic backups (daily, weekly, or after each workout) that save to a folder you choose on your device.
• Delete your data: uninstalling the App removes all locally stored data.
• Delete your account: to delete your cloud data (Firebase account, friend list, profile photo, and shared workout data), go to Settings > Account > Delete Account. You can also request account deletion by contacting [email protected].

Data Sharing

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. The App does not display advertisements.

Data is shared with third-party services only as described above (Firebase for authentication and social features, OneSignal for push notifications) and only to the extent necessary to provide those features.

If you use social features, workout summary information (workout name, date, duration, calories) may be visible to your accepted friends within the App.

Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

Contact

If you have questions about this Privacy Policy or your data, please contact us at:

Email: [email protected]

© 2026 Ryval. All rights reserved.