Privacy first
Rhythm is built to keep health and performance data useful, limited, and respectful. We do not sell personal or health data, and cycle information for real users is intended to stay on-device.
Rhythm collects account data, subscription state, workout logs, goals, routines, body measurements, the wearable daily snapshots created when you connect Oura or Whoop, and the settings needed to personalize your training experience. Health and wearable data is only accessed when you grant permission.
Apple Health, Oura, and Whoop data is permission-based and feature-limited. Oura and Whoop OAuth tokens are exchanged server-side and stored in secure backend tables, not in the client bundle, encrypted in transit and at rest. Whoop integration is limited to the read:recovery and read:sleep scopes, and we ingest only raw user-health signals: heart rate variability (HRV in milliseconds), resting heart rate (bpm), skin temperature, sleep duration, and respiratory rate. Rhythm does not ingest, store, or display Whoop's proprietary scores — specifically Recovery, Day Strain, or Sleep Performance — anywhere in the system. Rhythm does not request read:cycles, read:workout, or read:body_measurement scopes. Whoop data is retained as per-day snapshots only while your account is active and only to power Rhythm-derived recovery and cycle-inference features; it is not sold, licensed, or shared with third parties. You can revoke access in Rhythm settings or from your Whoop dashboard at any time, which deletes the snapshot history.
Cycle start date, cycle length, and calculated phase are stored locally on-device (AsyncStorage) for real users. Rhythm does not sync personal cycle data to Supabase and never co-mingles cycle data with Whoop, Oura, or Apple Health data on our servers. Apple Health, Oura, and Whoop physiological signals (such as HRV, resting heart rate, and temperature patterns) are read only when smart tracking is enabled and are processed alongside cycle phase only on-device.
Account and training data is retained while your account is active. When you request deletion, we remove user-owned records from active systems and process cleanup in backup windows. Wearable tokens and snapshots are removed when you disconnect integrations or delete your account.
Rhythm uses infrastructure and service providers including Supabase (backend, auth, and storage), RevenueCat (subscription management), Expo (app delivery and over-the-air updates), PostHog (product analytics; events never include cycle data, raw biometrics, or direct identifiers), Sentry (crash and error reporting; events are scrubbed of cycle data, raw biometrics, and direct identifiers before leaving the device), and wearable APIs such as Apple Health, Oura, and Whoop when connected. We do not sell health data or use it for advertising.
We use authenticated access controls, row-level authorization patterns, and secure transport to protect account data. Wearable OAuth tokens (Oura, Whoop) are stored encrypted at rest with row-level security restricted to service-role access; client roles have no SELECT permission on the token table. No system is perfectly secure, but Rhythm applies reasonable safeguards and limits data access to product operations and support.
You can export data, disconnect wearables, adjust permissions, and request account deletion from within the app. Full legal text and future policy updates will live at the public policy link below.
Health permissions
Apple Health permissions can be reviewed in Settings > Privacy & Security > Health > Rhythm.