RACKD
00Legal · Privacy

Privacy
Policy.

How Rackd handles your data. Plain language, no dark patterns.

Privacy Policy

Last Updated: April 15, 2026

This Privacy Policy explains how HADI Technology ("we", "us", "our") collects, uses, and protects information when you use the Rackd mobile app and the rackd.fitness website (together, the "Service").

We built Rackd around a simple idea: your workout data is yours. We store as little as possible, keep what we store on your device wherever we can, and never sell what we learn about you.

This policy is written in plain English. If anything's unclear, email us at support@rackd.fitness and we'll explain it.

Who We Are

HADI Technology is a business based in Ontario, Canada. We are the data controller for the information described in this policy.

Contact: support@rackd.fitness

What We Collect

Information stored on your device (not sent to us)

Your workout logs, program data, training maxes, PR history, custom exercises, and app preferences live on your device in the Rackd app. This is the "local-first" part of Rackd. If you never connect to any of our online features, none of this leaves your device.

If you later opt into Cloud Sync (a paid feature disabled during beta), your workout data is encrypted and copied to our servers so you can sync across devices. Cloud Sync is off by default.

Device identifier (for trial and fraud prevention)

When you first open the Rackd mobile app, we generate a one-way hashed identifier from your device's platform-provided ID:

  • On Android: a SHA-256 hash of Settings.Secure.ANDROID_ID
  • On iOS: a SHA-256 hash of identifierForVendor

The raw device identifier never leaves your device. Only the hash is sent to our servers (Supabase).

We use the hashed identifier to manage the free trial (once it's enabled post-beta), apply referral rewards, and prevent fraud (e.g., someone repeatedly reinstalling the app to get a fresh trial). We do not use it to track you across other apps or for advertising.

Email address (only if you give it to us)

We collect your email address if you:

  • Sign up for the beta on rackd.fitness
  • Submit a contact form on rackd.fitness
  • Create an account for Cloud Sync (post-beta feature)

We use email to confirm beta access, reply to support requests, and send occasional product updates (you can opt out of the latter).

Analytics (usage patterns)

We use PostHog (EU-hosted at eu.posthog.com) to understand how people use our website and app. PostHog records anonymized pageviews and product events (for example, "user viewed a program page" or "user submitted the beta signup form").

Analytics is anonymous by default — it's not tied to your email unless you explicitly sign in. If you're in the UK or EU, you'll see a cookie banner asking for consent before analytics loads. You can decline and the website will still work.

Workout data synced via Cloud Sync (post-beta, opt-in only)

If you purchase Cloud Sync (not currently available — launches after beta), your workout logs, programs, templates, and custom exercises are copied to our Supabase database so they can sync between your devices. You can disable sync at any time, and you can delete synced data from our servers by deleting your account.

What we do not collect

  • Your precise location
  • Your contacts, photos, or other device data
  • Your biometric data
  • Data about apps other than Rackd
  • Ads-related tracking identifiers (IDFA on iOS, Advertising ID on Android). We do not use them.

How We Use Information

We use the information we collect to:

  • Run the Service (including trial management, account access post-beta)
  • Respond to support requests and emails
  • Prevent fraud and abuse
  • Improve the product (analytics help us see which features people use)
  • Send you product updates if you've opted in
  • Comply with legal obligations

We do not:

  • Sell your data to anyone
  • Share your data with advertisers
  • Use your data to train AI models
  • Combine your data with third-party datasets for profiling

Third Parties We Use

We use third-party services to run Rackd. Each processes your data on our behalf:

ServiceWhat It DoesWhere They Store Data
SupabaseDatabase + storage for trial hashes, email signups, Cloud Sync (post-beta)EU region
PostHogAnalyticsEU (eu.posthog.com)
CloudflareWebsite hosting, CDN, DDoS protectionGlobal, edge servers near users
AppleApp Store distribution, In-App Purchases (post-beta)Apple's policies apply
GooglePlay Store distribution, Play Billing (post-beta)Google's policies apply

Each of these companies has its own privacy policy. We use them because they meet our security and compliance standards, including GDPR data processor agreements where applicable.

Where Your Data Is Stored

Most of your data stays on your device. Data we store on our servers (email signups, trial hashes, optional Cloud Sync data) is stored in the European Union region of our infrastructure providers.

If you're accessing Rackd from outside the EU, your data may be transferred to and processed in the EU. We protect international transfers using standard contractual clauses and other safeguards required by applicable law.

How Long We Keep Your Data

  • Workout data on your device: as long as you have the app installed. Uninstalling the app deletes it.
  • Cloud Sync data (post-beta, opt-in): retained while your account is active. Deleting your account deletes this data within 30 days.
  • Email signups: retained until you unsubscribe or request deletion.
  • Contact form messages: retained for 24 months for support reference, then deleted.
  • Trial/device hashes: retained for up to 3 years for fraud prevention, then deleted.
  • Analytics data: retained for 12 months (PostHog default) unless we configure a shorter period.

Your Rights

Depending on where you live, you have rights over the data we hold about you:

If you're in the EU, UK, or a similar jurisdiction (GDPR / UK GDPR)

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten"), subject to legitimate retention grounds
  • Restriction — ask us to pause processing while a dispute is resolved
  • Portability — receive your data in a portable format
  • Objection — object to processing based on our legitimate interests
  • Withdraw consent — where we rely on consent (e.g., analytics), you can withdraw it at any time

If you're in California (CCPA)

You have the right to:

  • Know what personal information we collect and how we use it
  • Access your personal information
  • Delete your personal information
  • Opt out of the "sale" of personal information (we do not sell)
  • Not be discriminated against for exercising your rights

How to exercise your rights

Email support@rackd.fitness with your request. We'll respond within 30 days (or the timeframe required by applicable law, whichever is shorter). We may ask you to verify your identity before acting on the request.

If you're in the EU/EEA and you believe we've handled your data improperly, you have the right to lodge a complaint with your local data protection authority.

Cookies

The rackd.fitness website uses two kinds of cookies:

  • Strictly necessary cookies — needed for the site to function (e.g., remembering your cookie consent choice). These load automatically.
  • Analytics cookies (PostHog) — load only after you consent via the cookie banner (if you're in the UK or EU) or automatically otherwise.

You can clear cookies at any time in your browser settings. You can revisit your consent choice from the footer of the website.

The Rackd mobile app does not use traditional browser cookies but may store app-level identifiers and preferences locally on your device (which don't leave your device unless you enable Cloud Sync).

Children's Privacy

Rackd is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, email support@rackd.fitness and we'll delete it.

Security

We take reasonable technical and organizational measures to protect your data:

  • Device identifiers are hashed before leaving your device
  • Data in transit is encrypted via HTTPS/TLS
  • Data at rest in Supabase is encrypted
  • Access to our production systems is restricted to authorized personnel
  • We use industry-standard practices for password storage (bcrypt hashes) for accounts created post-beta

No system is 100% secure. If we become aware of a breach that affects your personal data, we will notify you in accordance with applicable law.

Changes to This Policy

If we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top
  • Notify users with active accounts by email
  • Post a notice in the mobile app and on the website at least 30 days before the change takes effect (for material changes)

Your continued use of the Service after the change takes effect means you accept the updated policy.

Contact Us

Questions, data requests, concerns:

HADI Technology Ontario, Canada Email: support@rackd.fitness

For GDPR-specific requests, you may also contact your local data protection authority.