This Privacy Policy explains what data Ringflect collects, how it is used, who it is shared with, and how you can control or delete it. It is written to be readable. If anything is unclear, contact us at the address at the bottom of this page.
1. Who runs Ringflect
Ringflect is operated by Alton Chase, an individual sole proprietor doing business as Ringflect ("Ringflect," "we," or "us"). Ringflect is a self-calibration tool for serious individual athletes. We are not a healthcare provider, not a medical device, and not a substitute for medical advice. See our Terms of Service for the full disclaimer.
A formal legal entity (likely an LLC) is planned before the V1.2 paid tier launches. When it is formed, this Privacy Policy will be updated to name the entity and identify it as the data controller in place of the sole proprietor.
2. The short version
- We collect what you log into Ringflect (daily logs, nightly reviews, experiments) and what your wearable reports to Apple Health or Android Health Connect.
- If you connect Google Calendar (optional), we read events from your primary calendar only, read-only, to auto-fill activity context on your daily log.
- We do not sell your data.
- We do not share your data with advertisers, data brokers, or third-party analytics platforms.
- We do not write data back to Apple Health, Android Health Connect, or Google Calendar, we only read.
- We do not use your data to train AI or machine-learning models.
- You can delete your account at any time. Deletion is immediate and erases all of your data from Ringflect's systems.
- We retain anonymized usage analytics (not your content) for 30 days, then delete them.
The rest of this document is the detailed version.
3. What data Ringflect collects
3.1 Account data
When you sign up, Ringflect's authentication provider (Clerk, Inc.) collects your email address and, optionally, your name and profile photo if you sign in with a connected account (e.g., Google, Apple). Clerk's privacy policy governs that data: https://clerk.com/legal/privacy.
Ringflect stores your Clerk user ID in our database to associate your logs with your account. Ringflect does not store your password, passwords are handled entirely by Clerk.
3.2 Self-reported athlete data
When you use Ringflect, you create:
- Daily logs, your subjective state, expectations, planned changes, and notes for a given day.
- Nightly reviews, your post-day reflection on how the day actually went.
- Experiments, intentional changes you are testing (sleep schedule, nutrition, training load).
- Sensitive notes, any note you mark as sensitive. Ringflect treats these specially (see Section 6).
This data is the core of what Ringflect does. It stays in Ringflect's database (Neon Postgres, hosted in the United States) and is not shared with third parties.
3.3 Wearable data (Apple HealthKit / Android Health Connect)
If you grant permission, Ringflect reads the following data types from Apple HealthKit (iOS) or Android Health Connect (Android):
- Sleep duration and sleep stages
- Resting heart rate
- Heart rate variability (when your wearable reports it)
- Body temperature
- Active energy / calories burned
- Steps
Ringflect does not read: blood glucose, blood pressure, menstrual cycle data, body fat percentage, height/weight, medications, clinical health records, or any other HealthKit/Health Connect data type.
Ringflect does not write to Apple Health or Android Health Connect. The iOS HealthKit framework requires the app to declare write permission even if the app never uses it. We declare it, do not invoke it, and disclose this explicitly in our HealthKit permission strings.
This is enforced both contractually (Apple's HealthKit terms forbid writing data the user did not generate inside our app) and operationally (we do not call HKHealthStore.save() anywhere in our source code).
Wearable data flows: your device → the Ringflect app on your phone → Ringflect's backend database → Ringflect's insight engine → the Ringflect UI. No third party receives wearable-sourced data. This is required both by Apple's HealthKit terms of use and by our own policy.
Permission is granular. You can grant some data types and deny others. You can revoke any permission at any time:
- iOS: Settings → Health → Sources → Ringflect → toggle individual types.
- Android: Settings → Health Connect → App permissions → Ringflect.
Revoking permission stops new data syncing immediately. Previously-synced data remains in Ringflect until you delete your account (see Section 8).
3.4 Wearable data does not sync in the background
Ringflect syncs wearable data only when you open the app. We do not run background sync in V1. This is disclosed in the onboarding flow and is intentional.
3.5 Google Calendar data
If you choose to connect Google Calendar, Ringflect reads events from your primary Google Calendar only so it can pre-fill an activity-context field on your daily log (for example, "Training: 2h ride," "Rest day," or "Travel"). Connecting Google Calendar is optional. Ringflect's core insight engine works without it.
OAuth scope requested: https://www.googleapis.com/auth/calendar.events.readonly
This is Google's read-only sensitive scope for events on a user's primary calendar. Ringflect's OAuth client is verified by Google under Google's API Services User Data Policy before this integration is offered to public users. You will see this scope on Google's consent screen when you connect your account.
What Ringflect reads from Google Calendar:
- Event titles
- Event start and end times
- Event descriptions (so notes like "fasted ride" or "tempo intervals" can inform activity context)
- Event locations (used to flag travel days for the insight engine)
- Number of attendees (used to distinguish solo sessions from group events; attendee names and email addresses are not stored)
- Recurrence rules (so weekly training patterns are visible to the insight engine)
What Ringflect does not read:
- Events on any calendar other than your primary calendar. Secondary calendars (work, family, shared calendars) are out of scope.
- Calendar list metadata (names, colors, ownership of other calendars).
- Calendar settings, timezone preferences, or access control lists.
- Free/busy data across other calendars.
- Any data from Google services other than Google Calendar.
What Ringflect does with this data:
- Pre-fills the activity-context field on your daily log so you do not have to retype the context manually.
- Includes the derived activity-context string in the same insight engine that processes your daily logs and wearable data.
- Stores the derived activity-context string in your account against the day it applies to.
What Ringflect does not do with this data:
- Write, create, modify, or delete events on your Google Calendar. The OAuth scope Ringflect requests is read-only and does not permit write access.
- Transfer raw calendar event data to any third party.
- Use Google Calendar data to train AI or machine-learning models. Google's API Services User Data Policy prohibits this and Ringflect's policy is the same.
- Share Google Calendar data with advertisers, data brokers, or third-party analytics vendors.
- Share Google Calendar data with insurance companies, employers, or coaches.
Where the data lives:
- Your Google OAuth access token and refresh token are stored encrypted at rest in Ringflect's database (Neon Postgres, US-hosted).
- A short cache of raw event payloads is kept for up to 7 days so the insight engine can re-process them if you edit a daily log. After 7 days, the raw payload is deleted and only the derived activity-context string remains, tied to the day it applies to.
- Derived activity-context strings are retained for the same lifetime as your daily logs (until you delete your account or disconnect Google Calendar).
How to disconnect Google Calendar:
- Inside Ringflect: Settings → Integrations → Disconnect Google Calendar. This revokes the OAuth token, deletes the stored tokens, and deletes the 7-day raw event cache. Derived activity-context strings already saved to past daily logs remain visible to you in your history. To remove those, delete the affected daily-log entries or delete your account (see Section 8).
- At Google: visit https://myaccount.google.com/permissions and remove Ringflect's access. Ringflect's next sync attempt will fail gracefully and the integration will appear as disconnected inside the app.
- Account deletion (Section 8) deletes all calendar-derived data, OAuth tokens, the raw payload cache, and the derived activity-context strings.
Limited Use compliance: Ringflect's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
3.6 Usage analytics
Ringflect collects first-party analytics events when you use the app, for example, "user signed in," "user logged a day," "user viewed an insight card." These events contain:
- A user identifier (your Clerk user ID).
- The event name.
- A timestamp.
- A small set of pre-defined properties (e.g., which screen, which action).
Analytics events do not contain free-text content from your notes, reviews, or experiment descriptions. The set of permitted properties is validated by a continuous integration check (see tools/check_analytics_drift.ts in our source code if you want to verify this).
Analytics events are retained for 30 days, then automatically deleted by a nightly job. Account deletion erases analytics events immediately, regardless of age.
We do not use any third-party analytics SDK (no Google Analytics, no Mixpanel, no Amplitude, no Segment). Analytics events live in our own database alongside the rest of your data.
3.7 Device and technical data
When you use the Ringflect app, basic technical data is collected by infrastructure: IP address (used to route requests, not stored long-term), browser or app version, and operating system version. This data is necessary to deliver the service and is not used for cross-app tracking.
4. How Ringflect uses your data
Your data is used to:
- Generate insights for you, the core function of the app.
- Show you your history and trends.
- Improve the app's quality (in aggregate; see Section 3.6 on analytics).
- Send you transactional emails (account confirmation, password reset, deletion confirmation). We do not send marketing emails in V1.
- Comply with legal obligations if we receive a lawful request.
Your data is not used to:
- Train third-party machine learning or AI models.
- Build advertising profiles.
- Sell or rent to data brokers.
- Share with insurance companies, employers, or coaches without your explicit consent.
5. Who Ringflect shares data with
We use the following service providers ("sub-processors") to operate Ringflect. Each receives only the data needed to perform their function, under a data processing agreement that prohibits further use:
| Provider | What they do | What they receive |
|---|---|---|
| Clerk, Inc. | Authentication | Your email, name (if provided), session metadata |
| Neon, Inc. | Database hosting (Postgres) | All Ringflect data stored in the database |
| Vercel, Inc. | App hosting and edge delivery | App traffic; no persistent storage of user content |
| Apple Inc. | iOS App Store distribution and HealthKit framework | Whatever Apple's platform receives (governed by Apple's privacy policy) |
| Google LLC | Android Play Store distribution, Health Connect framework, and Google Calendar API (if you connect Calendar) | Whatever Google's platform receives (governed by Google's privacy policy). For Calendar, see Section 3.5 for the exact data Ringflect requests. |
We do not use third-party advertising networks, third-party analytics SDKs, or data brokers.
6. Sensitive notes
You can mark any note in Ringflect as "sensitive." A sensitive note is one that contains information you do not want incorporated into Ringflect's pattern analysis, for example, notes about a medical diagnosis, a relationship event, a financial setback, or any other subject you consider private.
When you mark a note as sensitive:
- That day's data is excluded from Ringflect's insight engine entirely.
- Any insight card whose evidence would draw on that day is hidden from your view.
- The note text remains in your account so you can read it back, Ringflect does not delete it without your action.
Ringflect also runs a secondary keyword check on unmarked notes as a safety net. If a note contains specific medical, mental-health, relational, or financial vocabulary (the canonical list is in our source code at docs/PERMISSIONS_AND_PRIVACY.md), Ringflect treats the day as sensitive even if you forgot to mark the flag. You override this either direction by toggling the explicit flag on the note.
This design trades some insight visibility for stricter consent. We accept that trade-off and may revisit it in a future version based on user research.
7. How long Ringflect keeps your data
| Data type | Retention |
|---|---|
| Account profile (email, Clerk ID) | Until you delete your account |
| Daily logs, nightly reviews, experiments | Until you delete your account |
| Wearable snapshots (sleep, HR, HRV, etc.) | Until you delete your account |
| Insight cards | Until you delete your account |
| Google Calendar OAuth tokens (access + refresh) | Until you disconnect Google Calendar or delete your account |
| Google Calendar raw event payload cache | 7 days, then auto-deleted (see Section 3.5) |
| Google Calendar derived activity-context strings | Until you delete your account, or until the daily-log entry they are attached to is deleted |
| Analytics events | 30 days, then auto-deleted |
| Backup snapshots (database-level) | Per Neon's standard backup retention policy; documented separately in our operations runbooks |
There is no scheduled deletion of athlete content other than account deletion. Ringflect does not silently expire your data.
8. How you delete your account and data
You can delete your Ringflect account from inside the app: Settings → Account → Delete account. Deletion is permanent and cannot be undone.
Behind the scenes, deletion does the following:
- Removes your authentication record at Clerk.
- Triggers Ringflect's webhook handler, which deletes the
athletesrow in our database. - Cascade-deletes every dependent row across daily logs, nightly reviews, wearable snapshots, experiments, insight cards, analytics events, Google Calendar OAuth tokens, the Google Calendar raw event cache, and derived activity-context strings.
- Revokes any active Google Calendar OAuth tokens at Google's authorization server so the grant is invalidated server-side.
- Deletion is immediate.
If you have technical difficulty deleting your account, email the contact address in Section 13 and we will delete it manually within 7 days.
HealthKit and Health Connect data on your own device is not Ringflect's to delete, that data is controlled by Apple or Google. Use the OS-native controls (iOS: Health app → Browse → category; Android: Health Connect → App data) to manage it on your device.
9. Your rights
Depending on where you live, you may have legal rights regarding your personal data, including the right to access, correct, port, or delete your data; the right to object to or restrict processing; and the right to lodge a complaint with a supervisory authority.
You can exercise most of these rights from inside the app:
- Access: Your data is visible in the app, daily logs in History, account info in Settings.
- Correction: You can edit any log entry directly.
- Deletion: See Section 8.
- Portability (data export): Email the contact address in Section 13 to request a JSON export of your account.
We do not charge for these requests. We may ask you to verify your identity (typically by sending a confirmation email to your account address).
9.1 If you are in the European Economic Area, the UK, or Switzerland
The legal basis for processing your data is your consent (when you create an account and grant permissions) and contractual necessity (to provide the service you signed up for). You may withdraw consent at any time by deleting your account.
9.2 If you are in California
Ringflect does not sell your personal information. We do not "share" it as defined under the California Consumer Privacy Act. You have the right to know what we collect, delete it, and not be discriminated against for exercising these rights.
10. Children
Ringflect is not directed at children under 16 and we do not knowingly collect data from anyone under 16. If you believe a child has signed up for Ringflect, contact us and we will delete the account.
11. Security
We protect your data with industry-standard measures: TLS in transit, encryption at rest in the database (per Neon's infrastructure), authentication and authorization on every API request, and row-level access controls so that one athlete's data cannot be accessed by another.
No system is perfectly secure. If you detect a vulnerability or believe your account has been compromised, contact us immediately.
12. Changes to this policy
We may update this Privacy Policy when the app changes (for example, when a new integration is added or an existing one is changed). Material changes will be notified in-app and by email to the address on your account at least 14 days before the new version takes effect. The "Effective date" at the top of this document reflects the current version.
Version 1.1 (May 23, 2026) added Section 3.5 disclosing the Google Calendar integration. Because Ringflect is in pre-launch preparation and has no live public users at the time of this version, the 14-day notice requirement applies to changes made after public launch.
Previous versions will be archived at [TBD: link to archive once we maintain one, for V1 this is a placeholder; recommend Git history at ringflect-v1/public/privacy.md].
13. How to contact us
Email: altonchase@ringflect.com
For Apple App Store compliance questions: same address. For Google Play / Health Connect compliance questions: same address. For Google API Services (Calendar) compliance questions: same address. For GDPR / data subject requests: same address.
We aim to respond within 7 business days.
14. App Store specific disclosures
For Apple App Review and Google Play Review reference, Ringflect declares:
- Data collected for App Functionality only. Not used for tracking across apps or websites. Not used for advertising.
- Data linked to user identity: within Ringflect only; not shared externally.
- HealthKit data (iOS): read-only. The data types we access are listed in Section 3.3. We do not write to HealthKit. We do not share HealthKit-sourced data with third parties.
- Health Connect data (Android): equivalent disclosures.
- Google Calendar data (optional): read-only via the
calendar.events.readonlyOAuth scope, primary calendar only. The data types Ringflect reads and the limits on its use are listed in Section 3.5. Ringflect's use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements. - No third-party advertising SDKs. No data brokers. No cross-app tracking.
Document version 1.1, last updated 2026-05-23 for Ringflect V1 pre-launch. Version 1.1 added Section 3.5 (Google Calendar disclosure) and related updates to Sections 2, 5, 7, 8, 12, 13, and 14.