Privacy Policy

Effective Date: February 20, 2026

The short version: Rekov is built with a local-first architecture. Your health data is stored on your device. We do not sell, rent, or share your personal data with advertisers. We do not run ads. We do not track you.

1. Who We Are

Rekov ("we", "our", "us") is a recovery tracking application for iOS developed by Rekov. This Privacy Policy describes how we collect, use, and protect your information when you use the Rekov app and the rekov.app website.

Contact: support@rekov.app

2. Data We Collect

2.1 Health & Fitness Data (via Apple HealthKit)

With your explicit permission, Rekov reads the following data types from Apple HealthKit:

Heart rate variability (HRV) and resting heart rate
Sleep stages, duration, and quality metrics
Workout sessions (type, duration, heart rate, calories, distance)
Respiratory rate, blood oxygen (SpO2), and VO2 Max
Active energy, steps, and exercise minutes
Wrist temperature and running metrics
Menstrual cycle data (if enabled)

This data is processed entirely on your device to calculate recovery scores, training load, and personalized insights. HealthKit data is never sent to our servers or any third party. This is enforced by Apple's HealthKit guidelines.

2.2 Third-Party Wearable Integrations

You may optionally connect external platforms to enrich your recovery data:

Strava — Workout data (bi-directional sync)
WHOOP — Recovery, HRV, sleep, strain, workouts
Fitbit — HRV, sleep, SpO2, breathing rate, workouts
Garmin — HRV, sleep, activities, stress data
Polar — HRV (Nightly Recharge), sleep, exercises
Wahoo — Workout data (heart rate, power, cadence)
Oura — Sleep and readiness data

When you connect a platform, we use OAuth 2.0 to authenticate. Your login credentials are never seen or stored by Rekov. Access tokens are stored securely in your device's Keychain (Apple's encrypted credential storage). Token exchange is handled by a secure server-side proxy so that client secrets are never present in the app binary.

Data fetched from these platforms is stored locally on your device in the same database as your HealthKit data. You can disconnect any platform at any time from Settings, which deletes the stored tokens.

2.3 Account Data

If you create an account (optional), we store:

Email address
Hashed password (we never store plaintext passwords)
Display name (if provided)

Account data is managed through Supabase (our cloud infrastructure provider) and is used solely for authentication and optional cloud sync.

2.4 Morning Check-In Data

Subjective readiness data you enter (mood, energy, soreness, motivation) is stored locally on your device and optionally synced to the cloud if you have an account.

2.5 Anonymous Benchmarking (Opt-In)

If you enable Anonymous Benchmarking in Settings, we send anonymized, aggregated recovery metrics (age group, recovery score ranges) to compare against peers. No personally identifiable information is included. You can disable this at any time.

3. Data We Do NOT Collect

We do not collect device identifiers or fingerprints
We do not use analytics SDKs or third-party tracking
We do not collect location data
We do not serve advertisements
We do not sell or share your data with data brokers

4. How We Use Your Data

Recovery scoring — Processing your biometric data through our algorithms to generate personalized recovery scores, training recommendations, and sleep insights
Trend analysis — Showing you how your metrics change over time
Notifications — Sending local notifications about recovery status, check-in reminders, and weekly digests (configurable in Settings)
Cloud sync — If you create an account, syncing your data across devices

5. Data Storage & Security

5.1 Local-First Architecture

Rekov uses SwiftData (Apple's on-device database) as the primary data store. The app is fully functional without an internet connection or user account. Your data lives on your device first.

5.2 Cloud Sync (Optional)

If you create an account, your recovery data may be synced to Supabase (hosted on AWS infrastructure). Data in transit is encrypted via TLS. Data at rest is encrypted using AES-256.

5.3 Token Security

OAuth tokens for third-party integrations (Strava, WHOOP, Fitbit, Garmin, Polar, Wahoo) are stored in Apple's Keychain, which provides hardware-backed encryption. Tokens are never stored in plaintext, in UserDefaults, or in the app's file system.

6. Data Retention & Deletion

Local data: Retained on your device until you delete the app or clear data from Settings
Cloud data: Retained while your account is active. You can request deletion by contacting support@rekov.app
Third-party tokens: Deleted immediately when you disconnect a platform from Settings

7. Your Rights

You have the right to:

Export your data — Use the Data Export feature in Settings to download your data as CSV or PDF at any time, free of charge
Delete your data — Delete your local data by removing the app, or request cloud data deletion via email
Disconnect integrations — Revoke access to any connected platform at any time from Settings
Opt out of benchmarking — Toggle Anonymous Benchmarking off in Settings
Opt out of notifications — Configure or disable all notification types in Settings

8. Children's Privacy

Rekov is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Third-Party Services

Rekov integrates with the following third-party services:

Apple HealthKit — Health data access (governed by Apple's HealthKit guidelines)
Supabase — Authentication and optional cloud sync (supabase.com/privacy)
Apple StoreKit — Subscription management (governed by Apple's terms)
Strava, WHOOP, Fitbit, Garmin, Polar, Wahoo, Oura — Optional wearable data integrations (each governed by their own privacy policies)

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email if you have an account. The "Effective Date" at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

support@rekov.app