GRŌ Privacy Policy

Effective date: April 23, 2026

Last updated: April 23, 2026

Our approach to your data

GRŌ is built on a principle: your training data belongs to you, and our handling of it should be transparent enough that you can decide whether to trust us with it.

To put that into practice:

• We collect only what GRŌ needs to work
• We give you control through iOS permission prompts
• We tell you what we collect, why, and who else (if anyone) sees it
• We update this policy when the app’s data practices change, and we notify you in the app before material changes take effect

This policy describes GRŌ as it exists today and how it will handle new data categories as the app grows. We’ve tried to write it in plain English. If something is unclear, contact us at privacy@trainwithgro.com.

1. Information GRŌ handles today

This section describes what the current version of GRŌ collects and handles.

1.1 Information you provide

When you use GRŌ, you enter or record:

• Profile information: your name, sex (male, female, or other with an anatomy preference), date of birth, height, and starting body weight. Collected during onboarding to inform workout recommendations, body metric calculations, and AI-driven progression suggestions.
• Workout information: the exercises, sets, reps, weights, rest periods, notes, and mood responses recorded during training sessions.
• Personal records: estimated one-rep-max values calculated from your lifts.
• Body measurements: optional measurements for neck, shoulders, chest, biceps, waist, hips, thighs, and calves, if you choose to log them.
• Training preferences: program selections, routine templates, rest defaults, and similar configuration.

1.2 Information accessed through Apple frameworks (with your permission)

With your explicit permission granted via iOS:

• HealthKit: heart rate variability, resting heart rate, sleep data, active energy, and body weight entries from other sources, used to compute readiness and recovery indicators. HealthKit data remains under Apple’s control and in your device/iCloud; GRŌ reads it but does not upload it elsewhere.
• Sign in with Apple: your unique Apple Sign In identifier and (at your discretion) your full name and email address. Apple provides these; GRŌ receives only what you choose to share.
• Notifications: if you grant permission, GRŌ may send local reminders generated on your device.

1.3 Information handled by Apple (not by GRŌ)

• Subscription and payment information: GRŌ’s paid tier (GRŌ PRO) is processed by Apple through the App Store. GRŌ does not see, collect, or store your payment details. Apple provides GRŌ with your subscription status (active, trial, expired); that is the only subscription information GRŌ has.

2. How GRŌ uses this information

GRŌ uses the information above to:

• Calculate metrics and suggestions (estimated one-rep-max, training load, readiness, progressive overload recommendations)
• Display your training history and track your progress over time
• Sync your data across your own Apple devices via your private iCloud account (if you have enabled iCloud for GRŌ)
• Provide subscription-gated features to GRŌ PRO users
• Generate intelligent workout suggestions through GRŌ PRO’s Overload Engine (see section 4)

3. Where your data is stored today

• Your device: GRŌ stores your workout history, routines, programs, measurements, and profile locally on your device.
• Your iCloud account: if you are signed into iCloud with iCloud Drive enabled for GRŌ, your data is synced to your private CloudKit container in your iCloud account. This lets you access your data across your own Apple devices. This data is encrypted in transit and at rest by Apple and is accessible only to you.
• GRŌ servers: GRŌ does not currently operate servers that store your training data.

As GRŌ adds new features (see section 7), some features may require GRŌ-controlled infrastructure. We’ll update this policy and notify you in the app before such changes take effect.

4. AI-powered features (GRŌ PRO Overload Engine)

GRŌ PRO includes an “Overload Engine” that generates workout progression suggestions using AI. When you use this feature:

• Relevant workout context (recent lifts, volume, session intent) is transmitted to Anthropic’s Claude API over HTTPS to generate suggestions
• Only the data needed for the specific suggestion is sent
• Anthropic processes the request and returns a suggestion; Anthropic’s handling of that data is governed by their privacy policy
• Suggestions are returned to your device
• If you are a free user, this feature is inactive; no data is sent to Anthropic via GRŌ

You can disable Overload Engine suggestions in GRŌ’s settings.

5. Third-party services

GRŌ currently integrates with:

• Apple frameworks: HealthKit, Sign in with Apple, StoreKit (subscriptions), CloudKit (iCloud sync), and standard iOS frameworks. Your data passing through these is subject to Apple’s Privacy Policy.
• Anthropic (GRŌ PRO Overload Engine only): as described in section 4.

No other third-party services currently receive data from GRŌ.

As GRŌ grows, we expect to integrate additional third-party services for purposes like crash reporting, performance monitoring, customer support, push notifications, analytics, and advertising attribution. Section 7 describes these categories. When any specific service is added, this policy will be updated to name the service and describe what data it receives.

6. Your rights

6.1 Access

You can view all your data within GRŌ at any time.

6.2 Correction

You can edit your profile information, workout records, routines, programs, measurements, and other data through the GRŌ interface.

6.3 Deletion

You can delete any individual record (workouts, routines, measurements, etc.) through the app. You can delete your entire GRŌ data set by deleting the app from your device and, if applicable, removing GRŌ data from your iCloud account through iOS Settings → [your name] → iCloud → Manage Account Storage.

6.4 Account deletion

GRŌ does not require account creation beyond Sign in with Apple. To fully disassociate from GRŌ:

1. Delete the app from all your devices
2. Remove GRŌ data from iCloud via iOS Settings (see 6.3)
3. Revoke Sign in with Apple access via iOS Settings → [your name] → Sign in with Apple → GRŌ → Stop using Apple ID

6.5 Opting out of AI features

You can disable the Overload Engine’s AI-powered suggestions in GRŌ’s settings. No data will be sent to Anthropic’s Claude API while these features are disabled.

6.6 Tracking permission

iOS provides an App Tracking Transparency (ATT) prompt when an app wants to track you across other companies’ apps and websites. GRŌ does not currently request this permission because GRŌ does not currently track across apps. If this changes in the future (for example, to improve the effectiveness of paid advertising campaigns), iOS will present you with the ATT prompt before any such tracking occurs, and you will have the option to decline.

7. Planned and potential future data categories

As GRŌ evolves, some features will require data categories not collected today. We’re naming them now so you know what to expect. When any of these become active, this policy will be updated and we will notify you in the app before material changes take effect. All such features will require your explicit permission through iOS system prompts.

7.1 Location (planned for future outdoor cardio features)

When GRŌ adds outdoor cardio tracking (e.g., running, cycling), iOS will request location permission. Location data would be used to track route, distance, and pace during such workouts. You would control this permission through iOS Settings at any time.

7.2 Camera, microphone, and photo library (planned for future progress photo, video, and recording features)

When GRŌ adds features that let you record or upload photos, videos, or audio (such as progress photos, form videos, or voice-logged workouts), iOS will request the corresponding permissions. You would control each permission through iOS Settings.

7.3 Contacts (planned for future Community features)

GRŌ’s Community tab may include friend-discovery features that can match your device contacts with other GRŌ users. If enabled, iOS will request contacts permission. You can opt out of contacts-based discovery and use manual invitation methods instead (share link, email invitation) that do not require contacts access. You would control this permission through iOS Settings.

7.4 User-generated content and server infrastructure (planned for future Community features)

Community features such as activity feeds, comments, direct messaging, or shared workouts will require GRŌ-controlled server infrastructure to function. User-generated content (posts, comments, shared workouts) will be stored on GRŌ-controlled servers in addition to the user’s device. These features will be opt-in; users who don’t engage with Community features will continue to have their training data stored only locally and in their own iCloud.

7.5 Crash reporting and performance monitoring (likely to be added)

GRŌ will likely add a crash-reporting service (e.g., Sentry, Crashlytics) to help diagnose and fix app crashes, and a performance-monitoring service to identify slow operations. These services typically receive anonymized diagnostic data (stack traces, device model, iOS version, app version, timing data) — not workout content, not personal profile data. When added, the specific service name and data shared will be named in this policy.

7.6 Customer support platform (likely to be added)

GRŌ may add an in-app support or feedback platform (e.g., Intercom, Zendesk). Messages you send through such a platform would be handled by that platform on behalf of GRŌ’s support. When added, the specific service will be named.

7.7 Push notifications via a backend service (likely to be added as Community grows)

GRŌ currently sends only local notifications. If GRŌ adds server-sent push notifications (for community activity, for example), your device’s push notification token will be stored on GRŌ-controlled servers to route those notifications. Notification content may include contextual information (who liked your post, etc.).

7.8 Advertising attribution (planned for paid user acquisition campaigns)

GRŌ plans to run paid advertising campaigns on platforms like Apple Search Ads, Instagram, and TikTok to grow the user base. To measure ad effectiveness, GRŌ will use attribution technologies. At minimum, this means:

• Apple Search Ads: uses Apple’s privacy-preserving attribution framework; no ATT prompt is required and no user-identifiable data is collected.
• SKAdNetwork (for Instagram, TikTok, and similar): Apple’s privacy-preserving attribution framework that shares aggregate, delayed, anonymized data with ad networks.

If GRŌ determines that additional attribution capabilities are needed (such as IDFA-based attribution), iOS will present an App Tracking Transparency prompt before any cross-app tracking occurs. Users can decline.

7.9 Analytics (possible in a later version)

GRŌ may add anonymous analytics (e.g., Mixpanel, Amplitude with anonymized configuration) to understand which features are used, where users get stuck, and how to improve the app. Any analytics added will be configured for anonymous events rather than detailed individual behavioral profiles; the policy will be updated when and if this is added.

8. Security

• Your data is stored locally on your device using Apple’s SwiftData framework, with all iOS security features (Secure Enclave, device encryption) protecting it
• Data synced to iCloud is encrypted in transit and at rest by Apple
• Data sent to Anthropic’s Claude API is transmitted over HTTPS
• Future GRŌ-controlled infrastructure will use industry-standard encryption in transit and at rest; specific practices will be detailed in the updated policy when such infrastructure is deployed
• No security measure is absolute. If you have concerns about a specific security issue, please contact us.

9. Children’s privacy

GRŌ is intended for users ages 13 and older. We do not knowingly collect information from children under 13. If you believe a child under 13 has used GRŌ and provided information to us, please contact us at the address below and we will delete that information.

10. International users

GRŌ is available globally through the App Store. Your data is stored on your device and, if enabled, in your own iCloud account. Apple’s infrastructure determines the physical location of iCloud data, not GRŌ.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with additional rights including access, rectification, erasure, restriction of processing, data portability, and objection to processing. For data stored by Apple (iCloud), your primary point of contact is Apple. For data GRŌ collects directly (profile, training data stored locally or transmitted to Anthropic’s Claude API), you can exercise these rights by contacting privacy@trainwithgro.com.

11. Changes to this policy

We may update this policy when GRŌ’s data practices change — for example, when a new feature adds a data category, a third-party service is introduced, or a new jurisdiction requires additional disclosure.

When we make material changes:

• We will update the “Last updated” date at the top
• We will notify you through the app before the change takes effect, not just by silently publishing a new version

Continued use of GRŌ after a material change and notification constitutes acceptance of the updated policy. If you do not accept a change, you can delete your data (see section 6) and stop using the app.

12. Contact

If you have questions about this policy or about GRŌ’s handling of your data:

Privacy inquiries: privacy@trainwithgro.com

General support: support@trainwithgro.com

We aim to respond to privacy inquiries within 7 business days.

Quick reference — what GRŌ does and doesn’t do

What GRŌ does:

• Stores your training data locally on your device
• Syncs to your own iCloud account (if you enable it)
• Sends specific workout context to Anthropic’s Claude API for GRŌ PRO Overload Engine suggestions (only for PRO users, only when the feature is active)
• Respects iOS permission prompts as the gatekeeper for any sensitive data

What GRŌ doesn’t do today:

• GRŌ does not sell your data
• GRŌ does not share your data with advertisers
• GRŌ does not track you across other apps or websites
• GRŌ does not use third-party analytics
• GRŌ does not run ads inside the app
• GRŌ does not collect what it doesn’t need

What may change over time:

• GRŌ plans to add features that will collect additional categories of data (location for outdoor cardio, camera/microphone for recording features, contacts for Community discovery) — always with iOS permission prompts that you control
• GRŌ plans to run paid advertising campaigns on external platforms to grow the user base; attribution will use privacy-preserving frameworks first, with user consent (via iOS ATT prompt) before any cross-app tracking
• GRŌ plans to add third-party services (crash reporting, support platform, eventually analytics) — all disclosed in this policy when integrated
• GRŌ plans to add GRŌ-controlled servers as Community features require them; user-generated content in those features will be stored server-side as the feature design requires

Governing principles that don’t change:

• GRŌ collects only what the app needs to work
• GRŌ uses iOS permission prompts as the gatekeeper for sensitive data
• GRŌ updates this policy and notifies users before material data-handling changes take effect
• GRŌ does not sell your data to anyone
• GRŌ does not build detailed behavioral profiles for advertising targeting

GRŌ is built by a small independent team. This policy describes actual GRŌ data handling as of the effective date and the roadmap for data categories not yet active. If you notice a discrepancy between the policy and the app’s behavior, please contact privacy@trainwithgro.com so we can correct it.