Privacy Policy

Last updated: 2026-05-03T00:00:00.000Z

This privacy policy describes how Tideloop (“the App”) handles your personal data. The App is operated as a personal, single-tenant service by Mattijs Bliek (“we”, “us”). If you have any questions about this policy, contact us at [email protected].

Data we collect

We collect only the data you provide directly through the App:

• Workout data: cycles, templates, exercises, sets, target reps, completed reps, and timestamps.
• Body weight (if entered): used to compute load-related statistics.
• Account data: email address, hashed session tokens, and authentication credentials (passkeys or one-time passwords).
• Optional Apple Health reads: if you grant permission, the App reads workout samples from Apple HealthKit to avoid duplicates when syncing newly completed workouts back to Health. A future version will additionally read your body mass from HealthKit so the App can display “weight moved” totals for bodyweight exercises; that body mass value stays on your device.

We do not collect location, contacts, photos, advertising identifiers, browsing data, or in-app purchase data.

How we store and protect your data

• All workout and account data is stored in a SQLite database on a self-hosted server we operate.
• Data is encrypted in transit using TLS.
• Apple HealthKit data never leaves your device through the App; reads (workouts and, when shipped, body mass) are used on-device only.
• Session cookies are required for authentication and are functional only — we do not use cookies for analytics or advertising.

Who we share your data with

We do not share, sell, rent, or trade your personal data with third parties. The App is single-tenant and does not connect to advertising networks, marketing platforms, or analytics vendors. The only external services involved are:

• Resend: used to deliver one-time-password email codes during sign-in. Email content is the OTP only.
• Sentry: used for crash reporting. Stack traces are anonymized and we explicitly scrub personally identifiable information at the SDK level (sendDefaultPii: false plus an outbound scrubber that drops the user field). Sentry sees a randomly generated session ID per install and the technical details of any crash, but nothing else.
• Apple Sign in with Apple / Google Sign-In: only if you choose to use them. These providers handle authentication on Apple’s / Google’s side and return an authentication token; we never receive your provider password.

HealthKit data handling (Apple required disclosure)

If you grant the App permission to read or write Apple Health data:

• The App reads HealthKit workout samples solely to detect duplicates before saving a new workout. Reads stay on your device.
• The App writes completed workout sessions (start time, end time, activity type, optional metadata) to HealthKit so they appear in your Health summary.
• We never transmit HealthKit data off-device, and we never use HealthKit data for advertising, marketing, or sale to third parties.
• You can revoke HealthKit access at any time from iOS Settings → Health → Data Access & Devices.

Data retention and deletion

• Your data is retained for as long as your account is active.
• To delete your account and all associated data, email [email protected].

Children’s privacy

The App is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected such data, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the “Last updated” date at the top of this document. The current version of this policy is always available at https://tideloop.fit/privacy.

Contact

For privacy questions, data access requests, or deletion requests, email [email protected].