Privacy Policy for Polly

Last updated: April 26, 2026

This policy explains what Polly collects, why, and how it's stored. Polly is a fitness tracking app. We only collect what the app actually uses — we do not run analytics, show ads, or track you across other apps or websites.

1. Information we collect

Account information. When you sign in with Apple or Google, we receive a user ID, your email address, and (if provided) your name and profile photo. An account is required to use Polly.

Profile information you enter. During onboarding you provide your date of birth, weight, height, and display name. This information is stored only on your device and is not sent to our servers.

Health and fitness data (HealthKit). With your permission, Polly reads the following from Apple Health: walking, running, and cycling distance; heart rate; and step count. Polly also writes completed workouts and their GPS routes back to Apple Health so your exercise history stays in one place. You can grant or revoke HealthKit access at any time in iOS Settings → Health → Data Access & Devices → Polly. The app continues to work without HealthKit access.

Location. During an active workout, Polly uses your location — including in the background — to map your route and measure distance. Location is only used while a workout is running.

Motion data. Polly uses iPhone motion data (CoreMotion) to estimate your cadence (steps per minute) during iPhone-only activities.

Workout activity. Each completed workout is saved with: start and end time, sport (run, walk, cycle), distance, duration, moving time, GPS route points, heart rate samples, cadence samples, elevation gain, and the source device.

Subscription status. Subscriptions (Elevation+ monthly and annual) are processed by Apple. Polly receives confirmation of an active subscription from Apple's StoreKit but does not see your payment details.

2. What stays on your device

Your date of birth, weight, height, display name, units preference, reminder settings, consent flags, and other app preferences are stored locally on your iPhone and Apple Watch. They are not sent to our servers.

3. What is sent to our servers

The following is sent to and stored on Supabase, our backend hosting provider, so your activities sync across your devices and remain available if you reinstall the app:

• Account identifiers (user ID, email, profile photo URL)
• Workout activity data (sport, start/end time, duration, distance, GPS route points, heart rate samples, cadence samples, elevation gain, source device)
• Goal progress and evaluation data

4. How we use your information

• To record, display, and sync your workouts across iPhone and Apple Watch
• To calculate progress toward your fitness goals
• To provide and manage your subscription
• To keep your account secure

We do not sell your data, share it for advertising, or use it to track you across other apps or websites.

5. HealthKit data — specific commitments

In line with Apple's HealthKit terms:

• HealthKit data is never used for advertising, marketing, or data-mining purposes other than improving health and fitness.
• HealthKit data is never sold or shared with third parties.
• HealthKit data is never disclosed to third parties without your explicit permission.
• HealthKit data is never used to determine eligibility for insurance, employment, or credit.

6. Third parties

• Apple Health (HealthKit): read/write of workout and health data, with your permission.
• Apple Sign in / Google Sign in: used for authentication.
• Supabase: our backend hosting provider, which stores the workout and account data described in Section 3. Supabase hosts our data on Amazon Web Services in the United States (AWS US East — Northern Virginia).
• Apple App Store / StoreKit: processes subscription purchases.

We do not use any analytics, advertising, attribution, push-notification, or crash-reporting SDKs.

7. Apple Watch

The Polly Watch app collects heart rate, cadence, distance, and route data during a workout and sends it to your iPhone via Apple's WatchConnectivity framework. The iPhone then syncs the completed workout to your account.

8. Notifications

Polly schedules local reminders on your device (for example, goal reminders) using iOS's local notification system. Polly does not use remote push notifications and does not collect a device push token.

9. Children

Polly is not directed to children under 13. We collect your date of birth during onboarding to confirm eligibility and to personalize fitness targets. Date of birth is stored only on your device.

10. Your choices and rights

• Health, Location, and Motion permissions: you can grant or revoke each of these at any time in iOS Settings.
• Access and deletion: you can request a copy of your data or delete your account by emailing us at help@polly.fitness. Deleting your account removes your activities and account record from our servers.
• Sign out: you can sign out at any time from inside the app.

11. Data retention

Workout and account data is kept while your account is active. When you delete your account, it is removed from our servers.

12. Security

Data in transit is protected with TLS. Authentication uses Apple's and Google's standard OAuth flows. Account sessions are stored securely on your device.

13. International users

Our backend data is stored in the United States (AWS US East — Northern Virginia). If you are outside the United States, your account and workout data will be transferred to and processed there.

14. Changes to this policy

If we change this policy, we will update the "Last updated" date at the top and, where appropriate, notify you in the app.

15. Contact

For privacy questions or data requests, contact us at help@polly.fitness.