Verve — Privacy Policy

Effective date: March 6, 2026 · Last updated: March 6, 2026

Overview

Verve ("the App") is a cardiorespiratory fitness tracker designed with privacy as a core principle. Your health and fitness data is stored locally on your device by default. Cloud features (sync, AI Coach) are optional and require your explicit consent.

Data We Collect

Data You Provide

When you use Verve, you may provide:

Account information — Email address (for sign-up) or Apple ID (for Apple Sign-In)
Profile data — Name (optional), age, sex, weight, resting heart rate
Health history — Smoking status and pack-years (optional), beta-blocker status
Activity logs — Workout type, duration, intensity, heart rate, and notes
Fitness assessments — CRF test results, MET capacity, VO2Max estimates
Preferences — Weekly MET-hours goal, preferred units, display settings

Apple HealthKit Data (With Your Permission)

When you grant HealthKit access, Verve reads:

Workouts (type, duration, energy burned)
Heart rate and resting heart rate
VO2Max estimates
Height, weight, and biological sex

    Verve does not write any data to Apple HealthKit. All HealthKit data is processed locally on your device.
  

Automatically Collected Data

If HealthKit is enabled, Verve may estimate background physical activity from heart rate data using published physiological models. These estimates are processed entirely on your device.

How We Use Your Data

On-Device Processing (Default)

By default, all data is stored and processed locally on your device. No data leaves your device unless you opt in to cloud features.

Authentication

If you create an account (via email or Apple Sign-In), we use Supabase for secure authentication. Supabase stores your email address and encrypted credentials.

Cloud Sync (Optional)

If you enable Cloud Sync in Settings, your profile, activities, and fitness data are synced to secure servers to enable cross-device access. You can disable Cloud Sync at any time.

AI Coach (Optional, Subscription Required)

If you use the AI Coach feature, anonymised fitness context is sent to our secure server to generate personalised activity suggestions. The data sent includes age, sex, weight, resting heart rate, weekly MET-hours, activity breakdown, and CRF level.

    Your name is never sent. No fitness data is retained by the AI provider beyond the immediate request.
  

Subscription Management

We use RevenueCat to manage subscriptions. RevenueCat receives an anonymous user identifier and subscription status. No health or fitness data is shared with RevenueCat.

Data Storage

Data	Location	Protection
Profile, activities, CRF entries	On-device	iOS file-level encryption
Auth tokens	iOS Keychain	Hardware-backed encryption
HealthKit data	Apple HealthKit	iOS HealthKit encryption
Cloud Sync data (if enabled)	Supabase (cloud)	TLS in transit, encrypted at rest

Third-Party Services

Service	Purpose	Data Shared
Supabase	Authentication & cloud sync	Email, profile, activities (if sync enabled)
RevenueCat	Subscription management	Anonymous user ID, subscription status
Anthropic	AI activity suggestions	Anonymised fitness context (if AI Coach used)
Apple	HealthKit, Sign-In, App Store	Per Apple's privacy policies

We do not use analytics, advertising, or tracking SDKs.

Data Retention

On-device data remains until you delete it or uninstall the app
Cloud Sync data is retained while your account is active; deleted items are permanently removed after 30 days
AI requests are not retained by the AI provider beyond the immediate API call
Account data is deleted when you delete your account

Your Rights and Controls

You have full control over your data:

Export — Export all data as JSON from Settings
Delete data — Clear all local data from Settings
Delete account — Permanently delete your account and all cloud data
Disable Cloud Sync — Stop syncing to the cloud at any time
Disable AI Coach — Stop sending data to the AI service at any time
Revoke HealthKit — Remove permissions in iOS Settings → Health → Verve
Sign out — Disconnect from cloud services

Security

Authentication tokens stored in iOS Secure Keychain (hardware-encrypted)
All network communication uses HTTPS/TLS encryption
Cloud data protected by row-level security (users access only their own data)
No device identifiers, IP addresses, or location data collected

Children's Privacy

Verve is not intended for use by children under 17. We do not knowingly collect personal information from children.

Apple HealthKit Compliance

We do not use HealthKit data for advertising or marketing
We do not sell HealthKit data to third parties
We do not share HealthKit data with third parties for purposes unrelated to health or fitness
HealthKit data is not stored in iCloud or any external cloud service
HealthKit data sent to AI Coach is anonymised and limited to aggregate fitness metrics

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above. For material changes, we will notify you through the App.

Contact

For questions about this Privacy Policy or to exercise your data rights:

Email: roplekarsudeep@gmail.com
Developer: Sudeep Roplekar