Privacy first
Rhythm is built to keep health and performance data useful, limited, and respectful. We do not sell personal or health data, and cycle information for real users stays on-device.
Rhythm collects account data, subscription state, workout logs, goals, routines, body measurements, the wearable daily snapshots created when you connect Oura or Whoop, and the settings needed to personalize your training experience. Health and wearable data is only accessed when you grant permission.
Apple Health, Oura, and Whoop data is permission-based and feature-limited. Oura and Whoop OAuth tokens are exchanged server-side and stored in secure backend tables, not in the client bundle, encrypted in transit and at rest. When you connect Whoop, Rhythm requests these scopes: read:recovery, read:sleep, read:profile, read:cycles, read:workout, read:body_measurement, and offline (for refresh tokens). Rhythm reads heart-rate variability (HRV, in milliseconds), resting heart rate, skin temperature, sleep duration, respiratory rate, workout calories, and Whoop's daily and per-session activity-intensity values. The activity-intensity values are used only as internal training-load inputs to Rhythm's own readiness framing and are never shown to you as a number, percentage, score, or label. The read:profile scope is used only to show your first name on the connection screen, and offline is used to refresh access tokens so you do not have to reconnect every hour. Rhythm does not display Whoop's proprietary Recovery, Day Strain, or Sleep Performance scores anywhere in the app. Rhythm relies on Apple Health for body composition and does not store Whoop body-measurement values. Whoop OAuth tokens are stored server-side only; Whoop data is retained as per-day snapshots while your account is active, is never sold, licensed, or shared with third parties, and is deleted when you disconnect Whoop or delete your account.
Cycle start date, cycle length, and calculated phase are stored locally on-device (AsyncStorage) for real users. Rhythm does not sync personal cycle data to Supabase and never co-mingles cycle data with Whoop, Oura, or Apple Health data on our servers. Apple Health, Oura, and Whoop physiological signals (such as HRV, resting heart rate, and temperature patterns) are read only when smart tracking is enabled and are processed alongside cycle phase only on-device.
Account and training data is retained while your account is active. When you request deletion, we remove user-owned records from active systems and process cleanup in backup windows. Wearable tokens and snapshots are removed when you disconnect integrations or delete your account.
Rhythm uses infrastructure and service providers including Supabase (backend, auth, and storage), RevenueCat (subscription management), Expo (app delivery and over-the-air updates), PostHog (product analytics; events never include cycle data, raw biometrics, or direct identifiers), Sentry (crash and error reporting; events are scrubbed of cycle data, raw biometrics, and direct identifiers before leaving the device), and wearable APIs such as Apple Health, Oura, and Whoop when connected. We do not sell health data or use it for advertising.
We use authenticated access controls, row-level authorization patterns, and secure transport to protect account data. Wearable OAuth tokens (Oura, Whoop) are stored encrypted at rest with row-level security restricted to service-role access; client roles have no SELECT permission on the token table. No system is perfectly secure, but Rhythm applies reasonable safeguards and limits data access to product operations and support.
You can export data, disconnect wearables, adjust permissions, and request account deletion from within the app. Full legal text and future policy updates will live at the public policy link below.
Health permissions
Apple Health permissions can be reviewed in Settings > Privacy & Security > Health > Rhythm.