Privacy policy

RACK is a training log for lifters. This policy explains what we collect, why we collect it, who we share it with, and the rights you have over your information.

Who we are

RACK is operated by Skye Digital Ltd, registered in England and Wales (company number 17207998), with its registered office at Flat 68 Hudson House, Station Approach, Epsom, KT19 8DL. In this policy, "we", "us" and "our" refer to that entity. We are the data controller for personal data processed through the RACK app and this website.

You can contact us at privacy@rack.app about anything in this policy.

What we collect

Beta

The beta link on this site sends you to Apple's beta install flow, which Apple handles under its own terms and privacy notices. If you contact us directly about the beta, you can ask us to delete that correspondence by emailing support@joinrack.app.

Account information

When you create an account we collect the email address (and, where you provide one, name) you sign up with. If you use Sign in with Apple, we receive the identifier and email relay address that Apple supplies — we do not see your underlying Apple ID.

Training data

Sessions you log — exercises, sets, reps, weights, RPE, notes, body-weight entries, programme progress — are stored against your account so you can retrieve them on any device you sign in on.

Purchase information

Subscriptions and one-off purchases are processed by Apple through the App Store. We receive a transaction identifier and entitlement state so we can unlock features — we do not see your card details, billing address, or full Apple ID.

Usage information

We collect information about how the app and this website are used — pages and screens viewed, taps, approximate region inferred from IP, device type, app version. In the app this may include masked session replays: anything you type and any images are obscured before a recording leaves your device. App usage is linked to a random account identifier rather than your name or email, and is analysed in aggregate to understand where people get stuck.

Support correspondence

If you email us, we keep your message and our reply so we can follow up and improve the product.

Apple Health recording (opt-in)

If you enable Apple Health recording, RACK writes completed workout summaries to Apple Health. This is optional and disabled unless you opt in.

• Write-only workout export. RACK does not read your historical Apple Health data.
• No heart-rate/calorie copy in RACK. Apple Watch heart-rate and active calorie samples are not stored in RACK or Supabase.
• No separate Apple Workout session needed. When RACK recording is enabled, you do not need to start a separate strength workout in Apple's Workout app.

Why we use it

• To provide the service — your account, your training history, your subscription entitlements.
• To support you — answering questions, investigating bugs, recovering data on request.
• To improve the product — understanding which features get used, where people get stuck, what to build next.
• To prevent abuse — detecting fraud, automated sign-ups, and breaches of our terms.
• To meet our legal obligations — tax, accounting, and responding to lawful requests.

Legal bases

Under UK GDPR we rely on the following legal bases:

• Contract — to deliver the service you signed up for.
• Legitimate interests — to keep the service secure, prevent abuse, and improve it. We balance these against your interests and rights.
• Consent — for non-essential analytics cookies on this website. You can withdraw consent at any time by clearing site data or declining the banner.
• Legal obligation — where the law requires us to retain or disclose information.

Who we share it with

We do not sell your personal information. We share it only with the processors and counterparties we need to run the service:

• Supabase Inc. — hosted Postgres database and authentication for the app.
• Apple Inc. — App Store distribution, Sign in with Apple, in-app purchase processing.
• Google LLC — anonymised website analytics (only loaded after you accept the consent banner).
• PostHog, Inc. — in-app usage analytics and masked session replay, hosted in the EU.
• Professional advisers — accountants, auditors, and lawyers, where reasonably required.
• Authorities — where compelled by law or to protect our rights or those of others.

International transfers

Some of our processors are based outside the UK. Where personal data is transferred outside the UK or EEA, we rely on the UK Government's adequacy regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses with the UK Addendum, as appropriate.

How long we keep it

We keep account and training data for as long as you have an active account. If you delete your account we delete or anonymise associated personal data within 30 days, except where we are required to retain it for legal, accounting, or fraud-prevention reasons. Anonymous, aggregated statistics may be retained indefinitely.

Your rights

Under UK GDPR you have the right to:

• access the personal data we hold about you;
• correct inaccurate personal data;
• request that we delete your personal data;
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent where we rely on it; and
• complain to the UK Information Commissioner's Office at ico.org.uk.

To exercise any of these rights, email support@joinrack.app. We aim to respond within one month.

Cookies and similar technologies

This website uses a small number of cookies and similar storage:

• Essential — to remember your consent preference. These do not require consent.
• Analytics — set only after you accept the consent banner. Used to understand aggregate site usage.

You can decline analytics cookies at any time by clearing site data in your browser, which will surface the consent banner again.

Children

RACK is not directed at children under 13, and we do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, please contact us and we will delete it.

Security

We use industry-standard measures — encryption in transit, hashed credentials, access controls, and audit logging — to protect your information. No system is perfectly secure; if we ever become aware of a breach affecting your data we will notify you and the relevant authorities as required by law.

Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "last updated" date at the top of this page and, where appropriate, notify you in the app or by email.

Contact

Questions, requests, or complaints? Email privacy@rack.app or write to us at Flat 68 Hudson House, Station Approach, Epsom, KT19 8DL.