Back to ROXI

Privacy Policy

Last updated: April 2, 2026

Who We Are

ROXI is operated by ROXI Fitness, based in Santa Barbara, CA. We build training tools for runners and HYROX athletes. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

When you create an account or use ROXI, we may collect:

  • Account information: email address and display name
  • Workout data: training plans, completed workouts, workout preferences, and daily WOD history
  • Race data: race types (5K, 10K, half marathon, marathon, HYROX), goal times, split times, and race-day pacing information
  • Running performance: pace data, distance logs, heart rate zones, and progress metrics
  • Wearable integrations: if you connect WHOOP, Apple Watch, or other devices, we receive recovery scores, sleep data, heart rate variability, and activity metrics through their APIs
  • Usage analytics: pages visited, features used, and app performance data to improve the experience

How We Store Your Data

Your data is stored securely using Supabase, a managed database platform with row-level security, encryption at rest, and encrypted connections. Your account data is protected by Supabase Auth. We do not store passwords directly -- authentication is handled through secure, industry-standard protocols.

How We Use Your Data

  • Generate personalized training plans using AI based on your race goals and fitness level
  • Provide daily workout recommendations adapted to your recovery status
  • Calculate race-day pacing strategies
  • Track your progress and achievements over time
  • Improve the app through aggregated, anonymized usage analytics

What We Do Not Do

  • We do not sell your personal data to third parties. Period.
  • We do not share your workout data with advertisers.
  • We do not use your data to build advertising profiles.
  • We do not share identifiable data with other users unless you explicitly choose to (e.g., sharing a result card).

Wearable Integrations

ROXI integrates with WHOOP, Apple Watch, and other fitness wearables through their official APIs. When you connect a device, we only access the data categories you authorize. You can disconnect a wearable at any time from your settings, and we will stop receiving new data from that service. Previously synced data can be deleted upon request.

Third-Party Services

We use the following services to operate ROXI:

  • Supabase: database and authentication
  • Vercel: hosting and deployment
  • Stripe: payment processing (we do not store your card details)
  • Anthropic (Claude): AI-powered plan generation (workout prompts are processed but not retained by the AI provider)

Your Rights

You can:

  • Request a copy of all data we hold about you
  • Request deletion of your account and associated data
  • Disconnect wearable integrations at any time
  • Opt out of analytics tracking

To exercise any of these rights, email us at the address below.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Aggregated, anonymized data may be retained for product improvement.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you through the app or by email. Continued use of ROXI after changes constitutes acceptance of the updated policy.

Contact

Questions or concerns? Reach us at privacy@roxi.app

ROXI Fitness, Santa Barbara, CA