Privacy Policy
Summary: We collect only what we need to run your workouts. Your heart rate data stays on our server. We never sell your data. You can delete everything anytime.
1. Who we are
Aregix is a fitness analytics platform operated as a personal project. Contact: bassi.alberto88@gmail.com
2. What data we collect
When you use Aregix, we collect:
- Account data: email address, display name, password (hashed, never stored in plain text)
- Workout data: duration, distance, calories, workout type, timestamps
- Biometric data: heart rate (BPM) during workouts, collected from your connected sensors
- Device data: device names, types, connection protocols (ANT+/Bluetooth), hardware IDs for pairing
- Technical data: IP address for security (rate limiting, abuse prevention), browser language preference
3. How we use your data
- To run your workouts and display real-time metrics
- To save your workout history and show progress over time
- To pair your devices and remember them for future sessions
- To protect the platform from abuse (rate limiting, failed login detection)
We do not use your data for advertising, profiling, or selling to third parties. Ever.
4. Biometric data (heart rate)
Heart rate is classified as sensitive biometric data under GDPR and similar regulations. We collect it only during active workouts and only with your explicit consent (by starting a workout with a connected HR sensor). HR data is stored as part of your workout records and is never shared with third parties.
5. Where we store data
Your data is stored on a DigitalOcean server located in the United States (New York). Data is encrypted in transit (HTTPS/TLS). The database is backed up automatically every 6 hours.
6. Data retention
We keep your data as long as your account is active. When you delete your account, all your data (workouts, devices, profile) is permanently deleted within 24 hours.
7. Your rights
You have the right to:
- Access: View all data we have about you (visible in your profile and history)
- Export: Download your workout data (coming soon)
- Delete: Delete your account and all associated data from your profile page
- Withdraw consent: Stop using the platform at any time; disconnect your devices
8. Cookies and local storage
We use a session cookie to keep you logged in. We use localStorage to save your language preference. We do not use tracking cookies, analytics, or third-party scripts.
9. Third parties
We use Google Fonts for typography (loaded from Google's CDN). We use Unsplash images on the landing page. No other third-party services have access to your data.
10. Children
Aregix is not intended for users under 16 years of age. We do not knowingly collect data from children.
11. Changes
We may update this policy. Changes will be posted on this page with an updated date.
12. Contact
For questions about this privacy policy or your data, email: bassi.alberto88@gmail.com