Skip to main content
Rack← Back to home

Privacy Policy

Last updated: March 31, 2026View changes
TL;DR
What we collect
Email, workout data, Garmin biometrics. Minimum needed to run the app.
Where it's stored
On your device. Optional cloud backup with AES-256 encryption.
AI features?
Opt-in only. Workout data sent to AWS (Anthropic Claude) for analysis. Never stored, never used for AI training.
Do we sell it?
No. Never. No ads, no profiling, no third-party data sales.
Can you delete it?
Yes. One tap in settings. Removed from servers within 30 days.

Data We Collect

We collect only the minimum information necessary to provide the Rack service:

  • Account information: email address (for login only)
  • Workout data: exercise name, sets, reps, weight, timestamps - stored locally, optionally synced for backup
  • Garmin data: heart rate, HRV, and activity data from your connected watch - processed locally, never sent to third parties
  • Device information: iOS version, app version, and crash logs for debugging

How We Use Your Information

We use your information solely to:

  • Provide and improve the Rack app and services
  • Authenticate you and maintain your account
  • Generate Verified PR certificates
  • Send transactional emails (receipts, account notifications)

We do not use your information for advertising or sell it to any third party.

AI-Powered Features & Data Sharing

Rack offers optional AI-powered Training Intelligence features (plateau detection, program adjustment suggestions, and training audits). These features are opt-in and require your explicit consent before activation. You can disable them at any time in Settings.

What data is sent
  • Exercise names, sets, reps, and weights from recent workouts
  • Workout dates and session duration
  • Volume trends and progression data (up to 12 weeks)
  • Muscle group training load and frequency
  • Readiness scores (if available)

Your name, email, account ID, and other personal identifiers are never included in AI requests.

Who processes it

Workout data is sent through Rack's secure server to Amazon Web Services (AWS Bedrock), where it is processed by an AI language model (Anthropic Claude). This is a third-party AI service.

How it's protected
  • Data is encrypted in transit (TLS 1.3) between your device, our server, and AWS
  • AI requests are stateless — your data is not stored by the AI provider after processing
  • Your data is not used to train, fine-tune, or improve any AI models
  • AI requests are not linked to your identity on the AI provider's side
  • AWS Bedrock's data protection policies prohibit using customer inputs for model training

You must explicitly enable Training Intelligence and agree to this data sharing before any workout data is sent to the AI service. You can revoke consent at any time by disabling Training Intelligence in Settings.

What We Never Collect

Real name (optional, never required)
Precise GPS location
Phone contacts
Advertising identifiers (IDFA)
Third-party analytics or ad SDKs
Biometric data for anything other than your PRs

Storage & Security

Your workout data is stored primarily on your device. Optional cloud backup uses end-to-end encryption in transit (TLS 1.3) and at rest (AES-256). Server infrastructure is hosted in the United States.

Third Parties

Rack integrates with:

  • Amazon Web Services / AWS Bedrock (AI analysis of workout data — opt-in only, see AI Features section above)
  • Garmin Connect IQ (on-device only, no data shared beyond SDK requirements)
  • Apple App Store (for purchase verification)
  • RevenueCat (subscription management - anonymized)

We do not use Google Analytics, Facebook Pixel, or any advertising networks.

Retention & Deletion

You can delete your account at any time from app settings. Upon deletion, all data - workout history, PR records, and profile information - is permanently removed from our servers within 30 days.

Your Rights

You own your data

You can request a full export of your data at any time from Settings → Export.

You can delete your account and all associated data at any time from Settings → Delete Account.

EU/UK residents: you have additional rights under GDPR including data portability, rectification, and the right to object to processing.

Contact

Privacy questions: privacy@rackstrength.com
Change log
2026-03-31: Added AI Features & Data Sharing section detailing Training Intelligence data processing through AWS Bedrock (Anthropic Claude). Updated Third Parties list. Updated last modified date.
2026-03-15: Added Garmin data retention section, clarified third-party integrations.