Skip to content

Legal

Privacy Policy

Last updated: 17 May 2026

This Privacy Policy explains how Gritup ("Gritup", "we", "us") collects, uses, and shares information about you when you use the Gritup mobile application (iOS), the website at gritup.fit, and any related services (together, the "Service"). Gritup is operated by SolusMakers.

We deliberately keep our data footprint small: no advertising trackers and no selling your data to anyone. We only collect what we need to build, deliver, and improve your training plan.

1. Information we collect

Account information

When you create an account with Sign in with Apple, Apple shares an opaque identifier with us and, when you allow it, your email address and your name. We use these to create and secure your account through Supabase, our authentication provider.

Training information you give us

To generate your plan, we ask for: the sports you want to train (run, bike, swim, or any combination), your fitness level, target race distance and time, available training days, optional long-run days, coaching style, whether you have a bike power meter, your plan start date, and your race date. We store this in your account so we can generate and adapt your plan.

Plan and workout data

Once your plan is generated, we store the plan structure, weeks, daily workouts, scheduled session details, and your completion data (duration, distance, perceived effort, notes, and any source label). This is the data that makes Gritup useful to you.

Connected services (Strava, Garmin, Apple Watch)

When you choose to connect a third-party service such as Strava, Garmin, or Apple Health/Apple Watch, we receive activity data for the workouts you authorize: type of activity, start time, duration, distance, heart rate, pace or power, route or GPS track when the source includes it, and a stable activity identifier. We use this only to match completed workouts to your plan, adapt future sessions, and show your progress. You can disconnect any integration at any time from inside the app; we then stop pulling new data and delete the access tokens.

Subscription and payment data

Subscriptions are processed by Apple via in-app purchases and managed through RevenueCat. We do not receive or store your card number. We store entitlement state, product identifier, transaction identifier, and webhook events from RevenueCat so we can grant or revoke access correctly.

Device and technical data

Our servers and the Expo OTA update channel log standard technical information when the app talks to them (timestamp, app version, OS platform, and an IP address used only at the moment of the request). We use these for security, abuse prevention, and to debug crashes.

2. What we do not collect

  • We do not embed advertising trackers in the app.
  • We do not sell your personal information.
  • We do not access your contacts, photos, or microphone.
  • We do not pull data from third-party services (Strava, Garmin, Apple Health, etc.) until you explicitly connect them.

3. How we use your information

  • To create and secure your account.
  • To generate, adapt, and display your training plan.
  • To grant the right level of access based on your subscription.
  • To respond when you email us for support.
  • To detect, prevent, and investigate fraud and abuse.
  • To comply with our legal obligations.

4. Who we share with

We share the minimum data required to operate the Service with the following processors:

  • Supabase: authentication, database, and serverless functions hosting your account, plan, and execution data.
  • Amazon Web Services (AWS): the planning service that generates your training plan from the inputs you provide.
  • Apple: Sign in with Apple identity tokens and App Store in-app subscription processing.
  • RevenueCat: subscription entitlement state and billing webhooks (mapped to your Supabase user identifier).
  • Expo: over-the-air update delivery for the mobile app.
  • Strava, Garmin, Apple (HealthKit), and other activity sources: only when you explicitly connect them. We exchange the minimum tokens and metadata required to read the workouts you authorize.

We never sell your personal information. We do not share your data with advertisers.

5. International transfers

Our processors operate globally. Your information may be processed in countries other than your own, including the United States and the European Union. We rely on the contractual safeguards offered by each processor to protect your information.

6. Data retention

We keep your account information and training data for as long as your account is active. If you delete your account through gritup.fit/account/delete or by emailing support@gritup.fit, we delete your personal information within seven days, except where we are legally required to keep it longer (for example, billing records).

7. Your rights

Depending on where you live, you may have rights to access, correct, export, restrict, or delete your personal information, and to object to certain processing. You can exercise these rights at any time by emailing support@gritup.fit from the address tied to your account.

8. Children

Gritup is intended for users 16 and older. We do not knowingly collect personal information from anyone under 16. If you believe we have, please contact us and we will investigate and, once confirmed, promptly delete the account and associated data.

9. Security

We use industry-standard safeguards, including encrypted transport (TLS), authenticated access to backend services, and row-level security rules so that your training data is only accessible to your account. No system is perfectly secure. If you spot something, please tell us.

10. Changes to this policy

We will post any changes to this policy at gritup.fit/legal/privacy and update the "Last updated" date above. If we make material changes, we will notify you in-app or by email.

11. Contact

Questions about this policy or your data: support@gritup.fit.