ARC Privacy Policy
Version 1.0 · Last updated April 2026
We take your privacy seriously. This policy explains what we collect, why, how it's stored, and the choices you have. It is written to align with Apple's App Store guidelines, HealthKit terms, GDPR (EU/UK), and CCPA (California).
1. What we collect
Account data. Email address and a hashed password (via Firebase Authentication). Device identifier used solely to keep you signed in.
Profile data you give us. Name, age, gender, weight, dietary preference, fitness level, goal, and any mobility limitations you choose to share. Training plan selections, check-ins, subjective notes.
Activity data (only with your explicit permission).
- HealthKit: workouts, heart rate, distance, cadence, active energy, and related metrics — read-only, only the categories you authorise.
- Strava: workouts and basic profile data, only if you connect your account.
- Device location: used in-session for route discovery and live workout mapping. Not tracked in the background.
What we do NOT collect.
- We do not sell your data. Ever.
- We do not use HealthKit data for advertising, marketing, or data-mining, consistent with Apple's HealthKit terms.
- We do not use third-party analytics SDKs that track you across other apps.
- We do not access your contacts, photos, microphone, or camera unless a feature you use requires it, and we'll ask first.
2. How we use your data
Individual data (linked to you). Used only to provide the features of ARC: showing your workouts, generating your plan, computing your stats, syncing between your devices, and fulfilling paid features you subscribe to. Your name and email are never shown to other users.
Aggregate & anonymised data. We may compute aggregate, de-identified statistics — for example, "average weekly mileage across all Couch-to-5K users." Before aggregation, all direct identifiers (name, email, uid, precise location) are stripped, and we use minimum sample thresholds (typically ≥ 50 users per cohort) so no individual can be re-identified. We never publish or share aggregate data derived from HealthKit.
AI model features. We may use your prompts and a limited context window to generate responses. We do not use your content to train foundation models without your opt-in.
3. Where it lives
- Device: workouts cache, preferences, and a copy of your profile are stored locally on your iPhone using standard iOS storage.
- Cloud: encrypted at rest in Google Firebase (Firestore + Auth). Access is gated by Firebase security rules tied to your account.
- HealthKit data remains on your device unless you take an explicit action (such as a backup or export) that moves it.
4. Sharing
We share personal data only with:
- Service providers who operate ARC on our behalf (Firebase/Google Cloud, Apple push-notification service), under contractual confidentiality.
- Law enforcement, when legally compelled.
We do not share your data with advertisers, data brokers, or social platforms.
5. Your choices
- Connections: disconnect HealthKit and Strava from Settings at any time. Past imported workouts remain in your account history unless you delete them.
- Data export: email privacy@chariventures.com to request a copy of your data.
- Deletion: you can delete your account from Settings. We erase your profile, workouts, and check-ins from our systems within 30 days, except where retention is required by law.
- Aggregate opt-out: opt out of your anonymised data being included in aggregate analytics from Settings → Privacy.
- iOS controls: revoke HealthKit, Location, and Notification permissions from the iOS Settings app at any time.
6. Minors
ARC is intended for users aged 18 and older, or minors with verifiable guardian consent. We do not knowingly collect data from anyone under 18 without such consent. If you believe a minor has created an account without consent, contact privacy@chariventures.com and we will remove the account.
7. Security
We use TLS in transit and platform-managed encryption at rest. No online service can guarantee absolute security — please use a strong, unique password.
8. Changes
If we materially change this policy, we'll increment the version and ask you to re-consent before the new terms apply.