Privacy Policy

Effective Date: February 1, 2026 Last Updated: February 28, 2026

Slate Fitness ("Slate," "we," "us," or "our") operates the Slate mobile application (the "App"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the App. By accessing or using the App, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

We encourage you to read this Privacy Policy carefully and contact us at support@slatefitness.app if you have any questions.

1. Information We Collect

We collect information in several ways depending on how you interact with the App. We categorize the data we collect as follows:

1.1 Account Information

When you create an account, we collect:

  • Email address — provided during registration or obtained through Apple Sign-In or Google Sign-In.
  • Display name — optionally provided by you.
  • Authentication credentials — managed securely through our authentication provider (Supabase) or through third-party sign-in services (Apple, Google). We do not store your password in plaintext.

1.2 Workout and Fitness Data

When you use the App to track workouts, we collect:

  • Exercise names, sets, repetitions, weight, duration, distance, and other performance metrics.
  • Workout notes and tags.
  • Training program selections and progress.
  • Exercise preferences, including favorites and usage frequency.
  • Rest timer settings and workout duration.

1.3 Body and Biometric Data

If you choose to enter body statistics, we collect:

  • Body weight and body weight history.
  • Body measurements (e.g., chest, waist, arms).
  • Body fat percentage (user-entered).

This data is entered voluntarily by you and is used solely to provide you with analytics and progress tracking within the App.

1.4 Health Data (Apple HealthKit)

With your explicit permission, the App may read from and write to Apple HealthKit. Specifically:

  • Data we write to HealthKit: Workout samples (activity type, start time, end time, duration), active energy burned (estimated calories), and body weight.
  • Data we read from HealthKit: Body weight (most recent entry, used to keep your in-app weight log in sync with other apps and smart scales).

HealthKit integration is optional. You are prompted to grant access on first launch and can enable or disable it at any time in the App's settings. Body weight imported from HealthKit is added to your in-app weight log and synced to our cloud servers as part of your normal account data, subject to the same protections described in this Privacy Policy. Workout data written to HealthKit stays in your personal Apple Health database on your device.

Important: Data obtained from HealthKit is used solely to provide health and fitness features within the App. We do not use HealthKit data for advertising, marketing, or sale to third parties. We do not use HealthKit data to build user profiles, serve advertisements, or for any purpose other than providing health and fitness features directly to you. This policy applies regardless of whether you continue to use the App.

1.5 Voice Data

The App offers voice-to-text exercise entry powered by Apple Speech Recognition. Voice processing occurs entirely on your device. Raw audio recordings are not transmitted to our servers.

The transcribed text output from on-device speech recognition may be sent to our servers solely for the purpose of matching your spoken input to exercises in our database. This transcribed text is processed in real time and is not stored persistently on our servers after the matching operation completes.

1.6 AI-Generated Content Data

When you use AI workout generation features, the App sends workout parameters to our servers, including muscle groups, workout duration, intensity preferences, and custom instructions you provide. These parameters are forwarded to a third-party AI service (xAI / Grok) to generate workout suggestions.

We do not send personal identifying information (such as your name, email address, or account identifiers) to the AI service. The AI service receives only the workout parameters necessary to generate a response. These parameters are processed transiently and are not stored on our servers after the response is returned. Data sent to the AI service is processed according to their privacy policy (see Section 3.1).

1.7 User-Generated Content

The App may allow you to create and share content, including:

  • Workout share cards (image summaries of workouts shared to social media).
  • Progress photos attached to workouts (stored in your account).
  • Social posts, comments, likes, and profile information (when social features are available).

1.8 Subscription and Transaction Data

We use RevenueCat to manage subscriptions. We collect:

  • Subscription status (free or Pro tier).
  • Subscription type (monthly, annual, or lifetime).
  • Transaction identifiers provided by the App Store or Google Play.

We do not directly collect or store your payment card information. All payment processing is handled by Apple (App Store), Google (Google Play), and RevenueCat.

1.9 Device and Technical Data

We may collect:

  • Device type, operating system version, and app version.
  • Crash reports and diagnostic data (via Sentry or similar services).
  • General usage analytics (via Firebase Analytics or similar services).

We do not collect precise geolocation data. We do not access your contacts or phone call logs.

1.10 Push Notification Tokens

If you opt in to push notifications, we collect your device push notification token to send you workout reminders, social activity notifications, and other service-related communications.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service. To operate, maintain, and improve the App, including workout tracking, analytics, training programs, cloud sync, and AI-powered features.
  • Account Management. To create and manage your account, authenticate your identity, and maintain your preferences.
  • Personalization. To customize your experience, including exercise suggestions, workout analytics, and AI-generated recommendations.
  • Sync and Backup. To synchronize your data across devices and provide offline-first functionality with cloud backup.
  • Communication. To send you service-related communications, including push notifications (with your consent), account security alerts, and responses to your support inquiries.
  • Analytics and Improvement. To understand how users interact with the App, diagnose technical issues, and improve our features and user experience.
  • Safety and Compliance. To detect and prevent fraud, enforce our Terms of Service, and comply with legal obligations.

We do not use your data for third-party advertising. We do not sell your personal information to any third party.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

3.1 Third-Party Service Providers

We use the following third-party services to operate the App:

Service Purpose Data Shared Privacy Policy
Supabase Database, authentication, file storage Account data, workout data, body stats supabase.com/privacy
RevenueCat Subscription management Subscription status, transaction IDs revenuecat.com/privacy
Cloudflare Workers / R2 API hosting, exercise video delivery Workout parameters (for AI generation), exercise video requests cloudflare.com/privacypolicy
xAI (Grok) AI workout generation Workout parameters only (muscle groups, duration, intensity); no PII x.ai/legal/privacy-policy
Apple Sign-In with Apple, Speech Recognition, HealthKit, App Store Authentication tokens, on-device voice processing, health data (with permission) apple.com/privacy
Google Google Sign-In, Google Play (when available) Authentication tokens policies.google.com/privacy
Sentry Crash reporting (when implemented) Device info, crash logs, app state at time of crash sentry.io/privacy
Firebase Analytics Usage analytics (when implemented) Anonymized usage events, device type, OS version firebase.google.com/support/privacy

Each third-party provider is bound by its own privacy policy and data processing terms (linked above). We select providers that maintain industry-standard security practices. Data shared with third-party AI services (xAI) is processed according to their privacy policy, including any retention or model improvement practices described therein.

3.2 Social Features

When social features are available, certain information you choose to make public — such as your display name, profile information, workout posts, and comments — will be visible to other users. You control what you share through your privacy settings.

3.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

4. Data Storage and Security

4.1 Storage Location

Your data is stored on servers located in the United States, operated by our infrastructure provider, Supabase. Exercise demonstration videos are hosted on Cloudflare R2 (globally distributed).

4.2 Offline-First Architecture

The App is designed with an offline-first architecture. Your workout data is stored locally on your device and synchronized with our cloud servers when a network connection is available. You can use core features of the App without an internet connection.

4.3 Security Measures

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL).
  • Encryption of data at rest on our servers.
  • Secure authentication protocols (including OAuth 2.0 for third-party sign-in).
  • Row-level security policies on our database to ensure users can only access their own data.
  • Regular security reviews of our infrastructure and codebase.

While we strive to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

4.4 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the App's services. Specifically:

  • Account and workout data is retained for the duration of your account.
  • Voice transcription text is processed in real time and not stored after the matching operation completes.
  • AI generation parameters are processed in real time and not stored persistently after the response is generated.
  • Crash reports and analytics data may be retained for up to 24 months for diagnostic purposes.
  • Deleted account data is purged from our systems within 30 days of account deletion, except where retention is required by law.

4.5 Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

  • Investigate the incident promptly and take steps to mitigate any harm.
  • Notify affected users without undue delay and, where required under GDPR, within 72 hours of becoming aware of the breach.
  • Notify relevant supervisory authorities as required by applicable law (including GDPR and state breach notification laws such as the CCPA).
  • Provide information about the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach.

5. Your Rights and Choices

5.1 Access and Portability

You may access your workout data at any time within the App. The App provides a data export feature that allows you to download your data in JSON format, enabling data portability.

5.2 Correction

You may update or correct your personal information (display name, body stats, workout data) at any time through the App.

5.3 Deletion

You may delete your account and all associated data through the App's settings. Upon account deletion:

  • Your account information, workout data, body stats, and all associated content will be permanently deleted from our servers within 30 days.
  • Data that has been anonymized and aggregated for analytics purposes may be retained, as it can no longer be associated with you.
  • Locally stored data on your device is not automatically deleted when you delete your account; you may uninstall the App to remove local data.

5.4 Push Notifications

You may opt out of push notifications at any time through your device's settings.

5.5 HealthKit Permissions

You may revoke the App's access to Apple HealthKit at any time through your device's Health app settings. Revoking access will prevent the App from reading or writing HealthKit data but will not delete data previously synced.

5.6 Data Import and Export

You may import and export your workout data in JSON format through the App's settings. This supports your right to data portability.

6. Rights for Users in the European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access. You may request a copy of the personal data we hold about you.
  • Right to Rectification. You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure. You may request deletion of your personal data, subject to certain legal exceptions.
  • Right to Restrict Processing. You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability. You may request your personal data in a structured, commonly used, machine-readable format (JSON export is available in the App).
  • Right to Object. You may object to the processing of your personal data for certain purposes.
  • Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, contact us at support@slatefitness.app. We will respond to your request within 30 days.

Legal Bases for Processing. We process your personal data on the following legal bases:

  • Performance of a Contract. Processing necessary to provide you with the App's services under our Terms of Service.
  • Consent. Processing based on your explicit consent (e.g., HealthKit access, push notifications).
  • Legitimate Interests. Processing necessary for our legitimate interests, such as improving the App, ensuring security, and preventing fraud, provided these interests are not overridden by your rights.

7. Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know. You may request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom it is shared.
  • Right to Delete. You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at support@slatefitness.app. We will verify your identity before processing your request and respond within 45 days.

Categories of Personal Information Collected: Identifiers (email, display name), fitness and health data (workout data, body stats), commercial information (subscription status), and internet or electronic network activity (device info, crash reports).

We do not sell personal information. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA.

8. Children's Privacy

The App is not directed to children under the age of 13 (or under the age of 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable minimum age, we will take steps to delete that information promptly. If you believe a child under the applicable minimum age has provided us with personal information, please contact us at support@slatefitness.app.

9. International Data Transfers

Your information may be transferred to, and processed in, the United States and other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction. By using the App, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

For users in the EEA, we rely on appropriate safeguards for international data transfers, including standard contractual clauses approved by the European Commission, where applicable.

10. Third-Party Links and Services

The App may contain links to third-party websites, services, or content that are not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through the App.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, features, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy.
  • Notify you through the App or via email (if you have provided an email address).

Your continued use of the App after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Slate Fitness Email: support@slatefitness.app

For GDPR-related inquiries, you may also contact your local data protection authority.

13. Additional Disclosures for Specific Features

13.1 AI-Powered Features

Our AI workout generation feature uses third-party artificial intelligence services to create workout suggestions based on parameters you provide (such as target muscle groups, workout duration, and intensity level). The AI service does not receive your name, email address, account information, workout history, or any other personally identifying information. AI-generated workout suggestions are provided for informational purposes only and do not constitute professional fitness or medical advice.

13.2 Voice Input

Voice input is processed using Apple's on-device Speech Recognition framework. Audio is processed locally on your device and is not transmitted to Slate's servers. The resulting transcribed text may be sent to our servers to match your spoken input to exercises in our database. This text is processed transiently and is not stored after the operation completes.

13.3 Share Cards and Social Sharing

When you create a workout share card, the image is generated locally on your device. If you choose to share it to social media or other platforms, the sharing is handled by your device's native sharing functionality. We do not receive or store information about where you share your content.

13.4 Photo Attachments

When photo attachment features are available, progress photos you attach to workouts are stored in your account and are private by default. Photos are stored on our infrastructure provider's servers (Supabase / Cloudflare) and are accessible only by you unless you explicitly choose to share them through social features.

13.5 Apple Watch

When the Apple Watch companion app is available, it will access workout data and health metrics in accordance with the permissions you grant. Data collected by the Apple Watch app is subject to this same Privacy Policy.