Privacy Policy
Effective date: June 30, 2026
This Privacy Policy describes how RAAV handles your personal information. We've written it in plain language. Where legal terms are unavoidable, we explain what they mean.
Quick summary
If you only read one section, read this one:
- We collect what we need to run a workout and nutrition tracking app: your account info, your logged workouts, your logged foods, your body weight history, and your relationships with coaches or athletes.
- All your data is stored and processed in the European Union.
- We use a small set of third-party services that you can review in Section 4. We do not sell your data to anyone, ever.
- You can delete your account at any time from inside the App. When you do, we delete everything we reasonably can, and we're transparent about what stays (see Section 7).
- For any privacy question: raavsupport@gmail.com
The rest of this policy goes into the details.
1. Who this policy applies to
This policy applies to everyone who uses the RAAV mobile application ("the App"), whether you signed up as an individual user, as an athlete connected to a coach, or as a coach managing athletes.
This policy does NOT cover:
- Third-party services we integrate with. Each has its own privacy policy, listed and linked in Section 4.
- Other apps you use alongside RAAV (such as Apple Health, which is governed by Apple's privacy policy).
- Information you share publicly outside the App.
Who we are
"RAAV", "we", "our", and "us" in this document refer to the developers and operators of the RAAV mobile application. You can reach us at:
We respond to privacy questions and data requests within 30 days, and usually much sooner. There's a real person on the other end.
2. Information we collect
When you create an account
- Email address — used for account access and important account notifications
- Display name — visible to coaches and athletes you are connected with
- Password — handled and encrypted by Firebase Authentication; we never see or store your password in plain text
- Sign-in method — whether you used email/password, Google Sign-In, or Sign in with Apple
- Account creation date
When you use the Nutrition Goals quiz
The Nutrition Goals quiz is optional. It estimates your daily calorie and macro targets from the information you enter, which we use only to calculate those targets:
- Sex
- Height
- Weight (used for the calculation only — not saved; logging your body weight is a separate action)
- Goal (lose, maintain, or gain weight)
- Activity level
- Body-type selection
- Units preference (kilograms or pounds, centimeters or inches)
We save your calculated calorie and macro goals, and we save your sex, height, goal, and activity level so the quiz can pre-fill if you take it again. We do not collect your birthdate. Your quiz inputs are not shown to coaches.
When you use the App
- Workouts you log — exercises performed, sets, reps, weight, duration, notes
- Body weight history — weights you log over time
- Nutrition logs — foods consumed, portions, macros, timestamps
- Custom foods you save to your personal library
- Saved meals you create
- Programs you create as a coach, or receive as an athlete
- Coach-athlete connections you establish
- Progress through onboarding (which steps you've completed)
Automatic data
- Device info — iOS version, app version, device model — sent in crash reports only
- Anonymous usage data — which screens you visit, common errors encountered — used to understand how the App is being used in aggregate
- Crash reports — what the App was doing when it crashed, scrubbed of personal data where possible
- App session data — when you opened the App, how long you used it
Subscription data
We do NOT see your payment information. Apple handles all payments through the App Store. We receive:
- Confirmation that you have an active subscription
- Which tier you are on (free or Pro)
- When your subscription renews or expires
We never receive your credit card number, Apple ID, billing address, or purchase history outside of RAAV. This information is handled entirely by Apple and RevenueCat (our subscription manager — see Section 4).
HealthKit data
When the HealthKit integration is enabled, the App reads your daily step count from Apple HealthKit on your device.
- We read only — we never write data to HealthKit
- Step counts are used for in-App display only (your step ring, your step history chart)
- Step counts are not stored on our servers and not shared with any third party
- You can revoke HealthKit access at any time via iOS Settings → Privacy & Security → Health
What we do NOT collect
- Your phone's contacts, photos (outside of profile/exercise media you explicitly upload), calendar, microphone, or location data
- Your activity outside the RAAV App
- Sensitive identifiers like government IDs, social security numbers, or financial account numbers
- Information about other people from your contacts or social networks
3. How we use your information
To provide the App and its features
- Your account information lets you sign in and identifies you across sessions
- Your profile data is used to display your information to you, to your coach (if you have one), and to calculate personalized recommendations
- Your workout, nutrition, and body composition data is used to display your history, charts, statistics, and to help your coach (if you have one) support you
- Coach-athlete connection data enables the coaching features
Legal basis (for EU users): performance of the contract you enter into by using the App.
To improve the App
- Crash reports help us find and fix bugs
- Aggregate usage data tells us which features are being used and where the App is breaking
Legal basis: our legitimate interest in providing a working app.
To manage your subscription
- Subscription state lets the App know whether you have access to Pro features
Legal basis: performance of the contract.
To communicate with you
- We send transactional emails (account confirmation, important changes, responses to your support questions)
- We do NOT currently send marketing emails. If we ever start, you would have to opt in first, and you could opt out at any time
Legal basis: performance of the contract for transactional emails; consent for any future marketing.
What we do NOT do with your data
- We do NOT sell your data to anyone, ever
- We do NOT share your data with advertisers
- We do NOT use your workouts, foods, or body data to train AI or machine learning models
- We do NOT profile you for advertising purposes
- We do NOT share data with data brokers
- We do NOT monetize your information in any way other than the subscription you may purchase
4. Third-party services we use
We use the following third-party services to operate the App. Each is a "data processor" — they handle some of your data on our behalf, under a contract that requires them to protect it.
Firebase (Google LLC)
What it does: hosts our database, authentication, file storage, and serverless functions.
What data they receive: essentially all your account and App data.
Where: data is stored in the European Union (europe-west1, Belgium).
Privacy policy: policies.google.com/privacy
Sentry (Functional Software, Inc.)
What it does: collects crash reports and errors from the App so we can fix them.
What data they receive: technical info about crashes (device model, iOS version, app version, the code path that crashed). We attempt to scrub personal data from these reports.
Where: United States.
Privacy policy: sentry.io/privacy
RevenueCat (RevenueCat, Inc.)
What it does: manages our subscription business (knowing who has a Pro subscription, when subscriptions renew, etc.).
What data they receive: an anonymized identifier for your account, your subscription status, and subscription events. They do NOT receive your name, email, or any health/fitness data.
Where: United States.
Privacy policy: revenuecat.com/privacy
Apple StoreKit (Apple Inc.)
What it does: processes all in-app purchases. We never see your payment details.
What data they receive: everything Apple normally handles for App Store purchases, governed by Apple's own privacy policy.
Where: Global (Apple's infrastructure).
Privacy policy: apple.com/legal/privacy
FatSecret (Spoonacular GmbH)
What it does: provides food nutritional data for the food search feature.
What data they receive: your search queries. They do NOT receive your account identifier — queries are anonymous from their perspective.
Where: Global.
Privacy policy: platform.fatsecret.com/api/Default.aspx?screen=pricpo
Powered by fatsecret Platform API (www.fatsecret.com)
USDA FoodData Central (U.S. Department of Agriculture)
What it does: provides nutritional data for the food search feature.
What data they receive: your search queries, sent anonymously. They do NOT receive your account identifier.
Where: United States (U.S. federal government service).
Privacy policy: www.usda.gov/privacy-policy
Open Food Facts
What it does: provides the public food database we use when you search for foods to log.
What data they receive: your search queries (e.g., "chicken breast"). They do NOT receive your account identifier — the queries are anonymous from their perspective.
Food data: available under the Open Database License (ODbL).
Where: Global (open-source nonprofit).
Privacy policy: world.openfoodfacts.org/legal
Tzameret (Israeli Ministry of Health)
What it does: provides the Israeli food composition database for Israeli food items in the food search feature.
What data they receive: nothing at search time. The Tzameret data is imported and stored on our servers; no queries are sent to external servers when you search.
Where: Israel (Israeli government public dataset).
Data source: health.gov.il
Google Sign-In and Sign in with Apple
What they do: provide an alternative to creating a password — you can sign in using your existing Google or Apple account.
What data they receive: notification that a sign-in event has occurred for your Google or Apple account, governed by Google's and Apple's respective privacy policies. They do NOT receive your RAAV data.
Where: Global.
Privacy policies:
- Google: policies.google.com/privacy
- Apple: apple.com/legal/privacy
5. Where your data lives
All of your account and App data is stored in the European Union, in Google Cloud data centers (europe-west1, Belgium).
Backend processing (database operations, account deletion, video upload preparation) also happens in the European Union.
Some of the third-party services we use are based outside the EU. The details are in the table above. In each case:
- These services receive only the minimum data they need to perform their function
- They are bound by data protection agreements (where required by law)
- They do not store your full account information
Users outside the EU
If you use RAAV from a country outside the European Union, your data is transferred to and stored in the EU. By using the App, you consent to this transfer.
6. Your rights
You have the following rights regarding your personal data. These rights are guaranteed under EU law (GDPR), California law (CCPA/CPRA), and similar laws in many other jurisdictions.
Access
You can see all the data we have about you, because it is visible in the App itself: your profile, your workout history, your food logs, your body weight history, your coach connections.
If you need a machine-readable export of your data, email us at raavsupport@gmail.com and we will provide one within 30 days.
Correction
You can edit most of your data directly in the App — your profile, your logged workouts, your logged foods, etc. If you need help correcting something you cannot reach, email us.
Deletion
You can delete your account from within the App: Settings → Account → Delete Account.
Section 7 explains exactly what is deleted and what (a small amount) remains.
Portability
You can request a copy of your data in a structured, commonly-used format. Email raavsupport@gmail.com and we will provide it within 30 days.
Objection and restriction
You can object to or restrict our use of your data for purposes based on legitimate interest (primarily crash reporting and anonymous usage analytics). Email us and we will limit processing accordingly.
Withdraw consent
Where we rely on your consent (for example, HealthKit access if you enabled it), you can withdraw consent at any time. For HealthKit, revoke access via iOS Settings → Privacy & Security → Health. For other consents, email us.
Complain
If you are not satisfied with how we handle a privacy request, you have the right to file a complaint with your local data protection authority.
For EU residents, you can find your country's supervisory authority here: edpb.europa.eu
For California residents, you can file with the California Privacy Protection Agency: cppa.ca.gov
How to exercise these rights
- For most things, use the App's built-in features
- For anything else, email raavsupport@gmail.com
- We respond within 30 days
- We do not charge for these requests and we do not discriminate against you for exercising your rights
For California residents specifically
We do not "sell" your personal information as defined under California law, and we do not "share" it for cross-context behavioral advertising. We do not knowingly process the personal information of consumers under 16 years of age.
7. How long we keep your data, and what happens when you delete your account
While your account is active
We keep your data for as long as your account exists. We do not have an automatic inactivity-based deletion policy. If you stop using RAAV, your account stays unless you delete it.
When you delete your account
When you delete your account, we automatically delete:
- Your user account document and profile
- Your workout history and exercise statistics
- Your body weight logs
- Your nutrition logs (food entries)
- Your custom food library
- Your saved meals
- Your notifications
- Workouts and exercises you created
- Programs you created
- Profile photo and any media you uploaded
- Your public profile snapshot
The deletion process usually completes within minutes of you initiating it.
What may remain after deletion
A small amount of data is intentionally retained, in an anonymized form, because deleting it would break the experience for other users. We are transparent about this:
- Community food database contributions. If you contributed a food to the public community food database (so other users could log it), the food entry stays. Your identity as the contributor is removed.
- Programs you sent to other users. If you were a coach and sent a workout program to an athlete, that program stays in the athlete's account — they may still need it to train. Your identity as the sender is anonymized.
- Notifications you sent to other users. These stay in the recipient's account, with sender identity removed.
- Aggregated anonymous analytics and crash data. Sentry and Firebase Analytics may retain aggregated, anonymized data for up to 13 months. This data cannot be linked back to you.
If you want even the anonymized data removed
If you want your community food contributions or sent programs removed entirely (not just anonymized), email raavsupport@gmail.com and we will remove the underlying entries.
8. Security
We take security seriously, though we cannot guarantee 100% security for any online service. Here is what we do:
- Data in transit: all communication between the App and our servers is encrypted via HTTPS (TLS 1.2 or higher)
- Data at rest: all data stored in Firebase is encrypted using industry-standard methods
- Authentication: handled by Firebase Authentication, which uses secure password hashing. We never see or store your password in plain text
- Access controls: Firestore security rules enforce that users can only access their own data, and coaches can only access their athletes' data through verified relationships
- Storage permissions: files uploaded to RAAV (such as profile photos) are protected by authentication requirements
- Payment information: never touches our servers — handled entirely by Apple
If you believe you've found a security issue, please email raavsupport@gmail.com. We treat security reports with priority.
9. Children
RAAV is intended for users aged 16 and older.
We do not collect your birthdate, and we do not have technical means to verify your age. Eligibility relies on your confirmation when you create an account that you are at least 16 years old.
By using RAAV, you confirm that you are at least 16 years old. Any user who creates an account by providing false information about their age is in violation of these Terms, and is responsible for their own use of the App.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do:
- We update the "Effective date" at the top
- For significant changes, we will notify you within the App before the changes take effect
- We will never retroactively reduce your rights without telling you
Your continued use of the App after a change takes effect indicates your acceptance of the updated policy. If you do not agree with a change, you can delete your account at any time.
11. Contact
For all privacy-related questions, data requests, or concerns:
We respond within 30 days, usually much sooner.
If you are filing a formal data request (access, deletion, correction, portability, etc.), please include:
- The email address associated with your account
- The specific request
- Any relevant context
We will respond with what we need from you to complete the request.