RockSteady RockSteady

Privacy

Your privacy matters

Here's exactly how RockSteady handles your data — in plain language first, then in full detail.

Stored on your device

Workouts, cardio, recovery and full GPS routes live locally on your phone — not on our servers.

Private iCloud sync

Apple Watch sessions sync through your own private iCloud — we can't see them.

No selling, no profiles

No advertising trackers, no cross-app tracking, no selling your information. Ever.

You're in control

Delete individual records, your whole account, or the app itself whenever you choose.

Last updated: June 2026

Introduction

RockSteady (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the “Service”).

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

Information You Provide Directly

We collect information you provide when you:

  • Create an account: Your email address, a display name, and a username. You can sign up with an email and password or with Sign in with Apple. You may optionally add a profile photo and bio. Accounts are managed through our authentication provider, Google Firebase.
  • Use the app: Workout data, cardio sessions, recovery activities, sports activities, and any custom exercises or workouts you create.
  • Set preferences: Your fitness goals, measurement unit preferences, and notification settings.
  • Contact us: Your name, email address, and any information you include in your message.
  • Use social features: Posts you share, comments, reactions, and friend connections.

Information Collected Automatically

When you actively use certain features, the app collects:

  • Location data: GPS coordinates during outdoor activities, only when you actively start a tracking session and have granted location permission. Your route is stored on your device (see “Location Data” below).
  • Push notification token: If you enable notifications, a device token is stored so we can deliver alerts (for example, friend requests or comments).

RockSteady does not currently use third-party analytics or advertising trackers, and does not request permission to track you across other apps or websites.

Information from Third Parties

We may receive information from:

  • Sign in with Apple: If you choose this sign-in method, Apple provides your name and an email address (which may be a private relay address) to create your account.
  • Apple HealthKit (Apple Watch): Only if you explicitly grant permission on your Apple Watch, the app reads and writes workout data (such as heart rate, distance, and energy burned) to HealthKit. This data stays on your device and in your private iCloud.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Sync your Apple Watch workout sessions to your iPhone through your private iCloud account
  • Generate personalized workout recommendations based on your goals
  • Display your progress, statistics, and achievements
  • Enable social features like sharing activities with friends
  • Respond to your comments, questions, and support requests
  • Send you technical notices and updates (if you opt in)
  • Detect, investigate, and prevent fraudulent or unauthorized activity

Data Storage and Security

Different types of data are stored in different places, depending on how the feature works:

  • On your device: Your activity history — including workouts, cardio and recovery sessions, and full GPS routes — is stored locally on your device. This data is not uploaded to our servers.
  • Your private iCloud (Apple CloudKit): If you use the Apple Watch app, your watch workout sessions sync to your iPhone through your own private iCloud account. This data lives in your personal iCloud — we cannot access it, and it is not visible to other users.
  • Our cloud backend (Google Firebase): If you create an account and use social features, your account details and the content you choose to share are stored on Google Firebase (a Google Cloud service) on our behalf. This includes your email, username, display name, profile photo and bio, and any posts, comments, reactions, and friend connections you create.

Data is encrypted in transit and at rest by Apple and Google in their respective data centers. Social posts and profile information you share are visible to other RockSteady users according to your sharing and visibility settings; everything else remains private to you.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your consent: When you explicitly share activities to the social feed or connect with friends.
  • Service providers: With infrastructure providers that operate parts of the Service on our behalf — Google Firebase (account, social data, and notifications) and MapBox (rendering route maps). They process this data only to provide their service to us.
  • Legal requirements: If required by law, regulation, legal process, or governmental request.
  • Protection of rights: To protect the rights, property, or safety of RockSteady, our users, or others.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.

Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information.
  • Portability: Request your data in a portable format.
  • Opt-out: Opt out of certain data processing activities.

To exercise these rights, please contact us at our contact page, or use the in-app account deletion option to remove your account and associated social data. Activity history stored on your device can be removed by deleting the app, and Apple Watch sync data can be managed through your iCloud settings.

Location Data

RockSteady requests location permission to enable GPS tracking for outdoor cardio activities (running, cycling, hiking, etc.). This data is:

  • Only collected when you actively start a tracking session
  • Stored locally on your device; your full route is not uploaded to our servers
  • Never shared with third parties for advertising purposes
  • If you choose to share an activity to the social feed, only a static map thumbnail image of your route is uploaded — not your underlying GPS coordinates. While that map is generated, route coordinates are sent to MapBox to render it.

You can revoke location permission at any time in your device settings. The app will continue to function, but outdoor cardio tracking will be limited.

Children's Privacy

RockSteady is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

Third-Party Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

Services we integrate with include:

  • Google Firebase: Account authentication, storage of social data, and push notifications
  • Apple iCloud/CloudKit: Syncing your Apple Watch sessions through your private iCloud account
  • Apple HealthKit: Optional health data integration on Apple Watch
  • MapBox: Displaying and rendering route maps for outdoor activities

Data Retention

We retain your account information and social data for as long as your account is active or as needed to provide the Service. You can delete your data at any time by:

  • Deleting individual records within the app
  • Using the in-app account deletion option, which removes your account and associated social data from our backend
  • Deleting the app, which removes the activity history stored locally on your device, and managing watch-sync data through your iCloud settings
  • Contacting us to request full account deletion

International Data Transfers

Your information may be transferred to and processed in countries other than your own. Apple's iCloud infrastructure spans multiple regions. By using the Service, you consent to the transfer of your information to these locations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we may also notify you through the app or via email.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: