Privacy Policy

RiseRally, Inc.  ·  Effective Date: April 17, 2026  ·  Last Updated: April 17, 2026

RiseRally, Inc. ("RiseRally," "we," "our," or "us") operates the RiseRally mobile application and website at www.riserally.com. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights you have over your data. It applies to all users of our iOS app, Android app, and web application.

By creating an account or using RiseRally, you agree to the practices described in this policy. If you do not agree, please do not use the service.

1. Information We Collect

Account Information

When you register, we collect your email address, display name, date of birth (to verify minimum age and provide age-appropriate recommendations), and password (stored as a one-way hash).

Fitness Profile and Preferences

To personalize recommendations we collect fitness goals (e.g., strength, weight loss, endurance), experience level, workout frequency preferences, equipment availability, preferred activities, and training schedule preferences. This information is provided voluntarily during onboarding and can be updated at any time.

Workout and Activity Data

We collect records of workouts you complete or log within the app, including exercise selection, sets, reps, weights, duration, and self-reported energy and performance scores. This data powers our ML recommendation engine and acute-to-chronic workload ratio (ACWR) injury-prevention calculations.

Location Data

With your explicit permission, we access your device's location when you use features that require it — specifically, finding nearby group workouts and training partners. Location access is requested at the moment you use these features and can be revoked at any time in your device settings. We do not collect background or continuous location data.

Health Data (Optional Integration)

With your explicit consent, RiseRally can read data from Apple Health (HealthKit) or Google Health Connect, including steps, heart rate, distance, and calories burned. With your consent, we can also write completed workouts back to these platforms. Health data is used solely to enhance your fitness recommendations and recovery tracking. You may revoke this permission at any time in your device settings.

AI Coach Conversations

When you interact with the RiseRally AI companion coach, the content of your messages and the coach's responses are stored to maintain conversation context, improve the relevance of subsequent replies, and, in aggregated and anonymized form, to evaluate and improve the coaching experience.

Trainer Platform Data

If you are a trainer or a client connected to a trainer, we collect session booking details, workout assignments, progress notes, and messages exchanged within the in-app trainer-client messaging system. Payment information for trainer subscriptions is processed by Stripe; we store only transaction metadata (amount, date, status) and never raw card numbers.

Usage and Technical Data

We automatically collect device identifiers, operating system version, app version, crash reports, and general usage analytics (e.g., features accessed, session duration). This data is used to improve app stability and performance.

2. How We Use Your Information

  • Personalized Recommendations: Our ML engine uses your fitness profile, workout history, and activity patterns to recommend workouts and programs tailored to your goals and current fitness state.
  • Buddy Matching: We use your fitness goals, activity preferences, experience level, schedule, and equipment to suggest compatible training partners. Matching scores are computed from anonymized profile vectors; other users never see your raw profile data.
  • Safety (ACWR): We compute your acute-to-chronic workload ratio from your recent training history to flag potentially injurious training spikes and adjust recommended workout intensity accordingly.
  • Age-Appropriate Content: We use your date of birth to apply age-appropriate intensity and volume guidelines and to comply with legal obligations regarding minors.
  • Account Management: We use your email address to authenticate you, send account-related notifications (password resets, security alerts), and respond to support inquiries.
  • Analytics and Improvement: Aggregated, de-identified usage data helps us understand how features are used and where we can improve the product.
  • Safety and Enforcement: We use data to detect, investigate, and prevent abuse, fraud, and violations of our Terms of Service.
  • Legal Compliance: We may process data to comply with applicable law, respond to lawful requests from authorities, or enforce our agreements.

We do not use your data to serve third-party advertisements. We do not build advertising profiles or sell your personal information.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing or advertising purposes.

We share data only in the following limited circumstances:

Service Providers

  • Together.ai: When you request AI-generated workouts or interact with the AI companion coach, relevant context (workout history, fitness profile in anonymized form, and conversation messages) is transmitted to Together.ai's API for language model inference. Together.ai processes this data solely to generate responses and is contractually prohibited from using it for any other purpose.
  • Stripe, Inc.: Payment processing for trainer platform subscriptions is handled by Stripe. Stripe collects and stores your payment card information directly; we receive only a token reference and transaction metadata. Stripe's privacy practices are governed by the Stripe Privacy Policy.
  • Google Cloud: Our backend infrastructure runs on Google Cloud Run and Cloud SQL. Data at rest is encrypted and stored in the region you are served from. Google acts as a data processor under our service agreement.

Other Users

Certain information is visible to other RiseRally users as part of the social features: your display name, profile photo (if set), public challenge participation, and group workout schedules. You control what is shared through your privacy settings.

Trainer-Client Relationships

If you connect with a trainer on the platform, your trainer can view your workout history, progress data, and assigned program completions. This access is granted only when you accept a trainer-client relationship and can be revoked by ending the relationship.

Legal Requirements

We may disclose your information if required by law, regulation, or valid legal process, or to protect the rights, property, or safety of RiseRally, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the successor entity, subject to the same privacy protections described here.

4. Data Retention

We retain your personal data for as long as your account is active. You may delete your account at any time from the app settings or by contacting us at privacy@riserally.com.

Upon receiving a valid deletion request, we will permanently delete your account and associated personal data within 30 days, except where we are required to retain certain records for legal, tax, or compliance purposes (e.g., payment transaction records required by financial regulations). Retained records are isolated and not used for any other purpose.

Aggregated, de-identified analytics data that cannot be linked back to you may be retained indefinitely.

5. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal data:

Access and Portability

You have the right to request a copy of the personal data we hold about you. You can export your data programmatically via our API endpoint (GET /api/v1/users/{id}/export) or by contacting privacy@riserally.com. We will provide your data in a structured, machine-readable format (JSON).

Correction

You can update most of your profile information directly in the app. For other corrections, contact us at privacy@riserally.com.

Deletion (Right to Be Forgotten)

You may request deletion of your account and personal data. Deletion can be initiated in the app under Account Settings, or by contacting privacy@riserally.com. We will complete deletion within 30 days, subject to legal hold obligations.

Restriction and Objection

You may request that we restrict processing of your data in certain circumstances, or object to processing where we rely on legitimate interests as a legal basis.

Withdrawal of Consent

Where we process data based on your consent (e.g., HealthKit integration, location access), you may withdraw consent at any time by revoking the relevant device permission or contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

Complaints

If you are in the European Economic Area or United Kingdom, you have the right to lodge a complaint with your local data protection authority. If you are in California, you may contact the California Privacy Protection Agency.

To exercise any of these rights, contact us at privacy@riserally.com. We will respond within 30 days (or the timeframe required by applicable law).

6. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request details about the categories of personal information we collect, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required.
  • Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (health data, precise location) only for the purposes described in this policy and do not use it for inferring characteristics unrelated to your use of the service.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a California privacy rights request, contact privacy@riserally.com or write to us at the address below. We may need to verify your identity before processing your request.

7. Children's Privacy

RiseRally requires users to be at least 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created an account, please contact us at privacy@riserally.com and we will promptly delete the account and associated data.

For users between 13 and 17, our AgeSafetyService automatically applies age-appropriate exercise intensity and volume limits. We recommend that minors use the app with parental guidance.

8. Cookies and Tracking

The RiseRally mobile app does not use cookies. The RiseRally website (www.riserally.com) uses only essential cookies required for basic site functionality (e.g., session management). We do not use third-party advertising cookies or cross-site tracking technologies.

If we introduce optional analytics or performance tracking in the future, we will update this policy and, where required by law, obtain your consent.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Passwords are hashed using bcrypt; we never store plaintext passwords.
  • Authentication tokens are stored in your device's secure storage (iOS Keychain / Android Keystore via flutter_secure_storage).
  • Database access is restricted by role-based access controls; application secrets are managed via Google Secret Manager.
  • We conduct regular security reviews and promptly address identified vulnerabilities.

No system is completely secure. In the event of a data breach that may affect your rights or freedoms, we will notify you and relevant authorities as required by applicable law.

10. International Data Transfers

RiseRally is operated by RiseRally, Inc., a Delaware corporation. Your data is processed and stored on servers located in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms (such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses) to lawfully transfer personal data to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) or via an in-app notice at least 30 days before the changes take effect. The updated policy will be posted at www.riserally.com/privacy.html with a revised "Last Updated" date. Your continued use of RiseRally after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving privacy inquiries promptly and transparently.