Privacy Policy

Scope

• Platforms: iOS, Android (Expo/React Native), and the marketing website.
• Audience: People who install the app or visit the site.
• Controller: CrowLabs.

What We Collect

We collect information to provide the app’s core functionality (plan generation, workout execution, subscriptions) and to improve the product. The codebase collects the following categories:

Account and identifiers

• Email and basic profile (via Clerk authentication) when you sign in with email/password or Google SSO.
• Internal user ID created on our backend (Convex) to link your data to your account.
• App-scoped identifiers in third-party SDKs (e.g., Sentry error reports, PostHog analytics if enabled by consent).

Purchases

• Subscription/purchase status via RevenueCat. We do not collect or store your full payment card details; RevenueCat works with Apple/Google stores.

Fitness and user content

• Onboarding preferences you enter: training days per week, minutes per session, equipment profile, options (supersets/myo-reps), weight unit, and capability checks (sex and simple ability checks such as push-up/pull-up ability). These constitute health/fitness data because they describe your training preferences/capabilities.
• Generated plans and session templates associated with your account.
• Workout activity you log: sets, reps, load, RIR, timestamps, rounds completed, and session completion/partial completion.

Usage data and diagnostics

• Analytics events (only if you have granted consent and analytics are hydrated):
  • onboarding_preferences_submitted (contains a summary of onboarding choices)
  • plan_snapshot_loaded (plan summary hash and metadata)
  • plan_generated (plan summary, RNG seed)
  • workout_set_duration (timing deltas for a set)
  • workout_session_duration (actual vs expected session duration)
• Crash/error and performance data (in production builds) via Sentry.

Device-local storage

• AsyncStorage keys are namespaced by app slug and environment.
• Examples used by the codebase:
  • @mvp:onboarding — stores onboarding preferences.
  • @mvp:plan — plan metadata (legacy path; current plan and sessions load from the backend).
  • @<slug>:<env>:analyticsConsent — your analytics consent flag.
  • @mvp-minimum-viable-pump:<env>:<userId>:lastPlanSnapshot — per-user plan snapshot cache to avoid cross-account mixing.

How We Use Information

• Provide the Service: authenticate accounts (Clerk), generate workout plans and sessions (Convex), log sets and session progress, and deliver subscription features (RevenueCat).
• Improve the product: if you grant consent, we use PostHog analytics to understand feature usage and timing (session/set duration events). Session replay is disabled by default; see “Analytics and SDKs.”
• Troubleshoot and reliability: Sentry error reporting in production builds to diagnose crashes and performance problems.
• Security and abuse prevention.

Legal Bases (EEA/UK where applicable)

• Contract: to provide features you request (account, plans, workouts, subscriptions).
• Consent: analytics (PostHog), and any optional tracking features if enabled.
• Legitimate Interests: security, debugging, and service improvement balanced against your rights.
• Legal Obligations: compliance and lawful requests.

Sharing and Service Providers

We do not sell personal data. We share data with processors only to operate the Services:

• Authentication: Clerk (sign-in, sessions, Google SSO).
• Backend/database: Convex (hosting API functions and your workout/plan data).
• Subscriptions: RevenueCat (in-app purchases and entitlements).
• Analytics (opt-in only): PostHog (posthog-react-native). Session replay is off by default.
• Crash reporting: Sentry (production error and performance telemetry).

Where possible, SDKs are initialized with the minimum identifiers needed. For example, PostHog is only hydrated after the framework is ready and your consent is “granted.” Sentry is initialized only in production builds and uses its own device/application identifiers unless you add explicit user context (not set in this codebase).

Analytics and SDKs

PostHog analytics (opt-in)

• Hydration is gated by: framework ready, fonts loaded, consent resolved as “granted,” a configured API key, and analytics not disabled via environment.
• Events captured are limited to the ones listed in “Usage data and diagnostics.”
• Identity: once signed in, PostHog is identified with your internal user profile ID (Convex ID), not your email.
• Session replay: disabled by default. If explicitly enabled in QA builds, the configuration masks all text inputs, masks images, masks sandboxed system views, and disables network telemetry.

Sentry (production only)

• Initialized with DSN and production environment; collects crash/error data, stack traces, and performance metrics.
• Not initialized in development builds.

RevenueCat

• Uses the Clerk user ID to associate entitlements with your account. No full card data is stored by us.

Device Permissions

The app requests only essential permissions. Based on app.json:

• Android requested: INTERNET, ACCESS_NETWORK_STATE, SYSTEM_ALERT_WINDOW, VIBRATE.
• Android blocked: CAMERA, RECORD_AUDIO, CONTACTS, CALENDAR, EXTERNAL_STORAGE, and LOCATION permissions.
• iOS: no camera, microphone, contacts, calendar, photo library, or location usage strings are declared in the project. The app does not request these capabilities.

Cookies (Website)

Our mobile apps do not use cookies. The marketing website may use strictly necessary cookies and, if configured, analytics cookies. Provide a cookie banner and policy if you enable website analytics.

Data Storage and Retention

• Application data (plans, sessions, logs) is stored in our Convex backend under your internal user ID.
• Device-local caches (AsyncStorage) remain on your device until you sign out, clear data in app, or uninstall.
• Account reset: the app provides a “Reset Account Data” action that deletes workout data tied to your profile (e.g., set logs, sessions, doses) on the backend. It does not close your account or cancel subscriptions.
• We retain account and subscription records while your account remains active and as required by law. Analytics and crash data are retained by their respective providers per their configurations and legitimate interests.
  • If you want us to delete server-side personal data fully (account deletion), contact us at tristan@crowlabs.tech.

International Transfers

Our processors may process data in the United States and other countries. For EEA/UK users, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) with our providers when applicable.

Your Rights and Choices

• Access, correct, or delete information: contact us at tristan@crowlabs.tech.
• Analytics consent: production builds start with analytics disabled by default. We only collect analytics if you have explicitly granted consent and the app initializes analytics. You can withdraw consent at any time; if an in-app toggle is not yet available, contact us and we will honor the request.
• Reset Account Data: available in Settings to delete your workout logs and related analytics on our backend; you may need to re-onboard afterward.
• Marketing communications: we do not send marketing from the app. If you later receive marketing emails from the website, use the unsubscribe link or contact us.

Children’s Privacy

Our Services are not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children.

Security

We use industry-standard safeguards, including TLS in transit and provider-managed encryption at rest where available. Access to production data is restricted to authorized personnel. No system is 100% secure.

Changes to This Policy

We may update this Policy to reflect changes in the app or legal requirements. We will post the updated version with a new “Last Updated” date.

App Store Privacy Summary

Apple requires you to disclose data collection categories, whether data is linked to the user, and whether it is used for tracking. Based on the current codebase:

Data used to track you across apps and websites

None.

Data linked to you

• Contact Info: Email, and optionally name (purpose: Account, App functionality).
• Identifiers: Internal user ID (Convex), Clerk user ID, device/app identifiers captured by SDKs (purpose: Account, App functionality, Diagnostics, Analytics).
• Purchases: In-app purchase history and entitlements via RevenueCat (purpose: App functionality).
• User Content: Onboarding preferences; workout plans and logs (sets, reps, load, RIR; purpose: App functionality).
• Health and Fitness: Self-entered training preferences/capabilities and logged workout activity (purpose: App functionality).
• Usage Data: Product interaction and timing events (only if you granted analytics consent) (purpose: Analytics).
• Diagnostics: Crash and performance data (production builds) (purpose: Diagnostics).

Data not collected

Location, Contacts, Photos/Camera, Microphone, Calendar, Browsing History, Sensitive Financial Information.

Notes: PostHog analytics are opt-in and disabled by default in production builds; session replay is off by default and, if enabled for QA, masks inputs/images and does not capture network payloads. Sentry is not initialized in development builds.

Third-Party Providers (SDKs)

• Clerk (Authentication): https://clerk.com/security
• Convex (Backend/DB): https://www.convex.dev/security
• RevenueCat (Subscriptions): https://www.revenuecat.com/privacy/
• PostHog (Analytics): https://posthog.com/privacy
• Sentry (Crash Reporting): https://sentry.io/privacy/

Data Stored on Your Device (AsyncStorage)

• @mvp:onboarding — onboarding preferences
• @mvp:plan — plan metadata (legacy)
• @<slug>:<env>:analyticsConsent — analytics consent flag
• @mvp-minimum-viable-pump:<env>:<userId>:lastPlanSnapshot — plan snapshot cache

Clearing app data or uninstalling the app removes these local entries. Signing out also clears caches and analytics snapshot keys associated with your current account within the app.